Patient-centric authorization framework for electronic healthcare services

Computers and Security

Volumn 30, Issue 2-3, 2011, Pages 116-127

  Jin, Jing ^a   Ahn, Gail Joon ^b   Hu, Hongxin ^b   Covington, Michael J ^c   Zhang, Xinwen ^d  

^a DEUTSCHE BANK AG   (Germany)

^b ARIZONA STATE UNIVERSITY   (United States)

^c INTEL CORPORATION   (United States)

^d SAMSUNG INFORMATION SYSTEMS AMERICA   (United States)

Author keywords

Electronic Health Records(EHRs); Patient centric authorization; Policy anomaly analysis; Policy composition; Selective sharing

Indexed keywords

ELECTRONIC HEALTH RECORD; PATIENT-CENTRIC AUTHORIZATION; POLICY ANOMALY ANALYSIS; POLICY COMPOSITION; SELECTIVE SHARING;

ACCESS CONTROL; DATA PRIVACY; HEALTH; RECORDS MANAGEMENT; SECURITY SYSTEMS;

ELECTRONIC DOCUMENT EXCHANGE;

EID: 79951680016     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2010.09.001     Document Type: Article

References (27)

1. Al-Shaer E, Hamed H. Firewall policy advisor for anomaly discovery and rule editing. In: Integrated network management, 2003. In: IFIP/IEEE eighth international symposium; 2003. p. 17-30.
2. Becker MY, Sewell P. Cassandra: flexible trust management, applied to electronic health records. In: Proc. of IEEE 17th computer security foundations workshop; 2004. p. 139-54.
3. Bhatti R, Moidu K, Ghafoor A. Policy-based security management for federated healthcare databases (or RHIOs). In: Proc. of the international workshop on healthcare information and knowledge management; 2006. p. 41-8. (Pubitemid 47213930)
4. Byun JW, Bertino E, Li N. Purpose based access control of complex data for privacy protection. In: Proc. of 10th ACM symposium on access control models and technologies (SACMAT); 2005. p. 102-10. (Pubitemid 43087467)
5. Ciena. The national health information network creating a new vision. In: White Paper, healthcare information and management systems society (HIMSS) conference 2008; 2008.
6. E. Coiera, and R. Clarke e-Consent: the design and implementation of consumer consent mechanisms in an electronic environment Journal of the American Medical Informatics Association 11 2 2004 129 140 (Pubitemid 38327502)
7. dbMotion. White paper: the critical role of integrated patient information in the delivery of high quality healthcare; January 2008.
8. L.L. Dimitropoulos Privacy and security solutions for interoperable health information exchange: interim assessment of variation executive summary http://www.rti.org/pubs/avas-execsumm.pdf July 2007
9. R.H. Dolin, L. Alschuler, S. Boyer, C. Beebe, F.M. Behlen, and P.V. Biron Hl7 clinical document architecture, release 2.0 ANSI Standard 2004
10. Eyers DM, Bacon J, Moody K. OASIS role-based access control for electronic health records. In IEEE proceedings - software; 2006. p. 16-23.
11. Fisler K, Krishnamurthi S, Meyerovich LA, Tschantz MC. Verification and change-impact analysis of access-control policies. In ICSE 05: Proceedings of the 27th international conference on software engineering; 2005. p. 196-05.
12. Fundulaki I, Marx M. Specifying access control policies for XML documents with XPath. In: Proceedings of the ninth ACM symposium on access control models and technologies; 2004. p. 61-9.
13. Gates C, Slonim J. Owner-controlled information. In: Proc. of the 2003 workshop on new security paradigms; 2003. p. 103-11. (Pubitemid 40557286)
14. HL7 Hl7 reference information model http://www.hl7.org/Library/data- model/RIM/modelpage-mem.htm
15. R. Housley, W. Polk, W. Ford, and D. Solo Internet x.509 public key infrastructure certificate and certificate revocation list (crl) profile. RFC3280 http://rfc.net/rfc3280.html 2002
16. IEEE-USAs Medical Technology Policy Committee Interoperability Working Group Interoperability for the national health information network (NHIN) 2006 IEEE-USA EBOOKS
17. Iowa Foundation for Medical Care HISPC state implementation project summary and impact analysis report for the state of Iowa http://www.ifmc.org/ news/StateImpactReport-11-27-07.doc 2007
18. Jajodia S, Samarati P, Subrahmanian VS. A logical language for expressing authorizations. In IEEE symposium on security and privacy, Oakland, CA; May 1997. p. 31-42.
19. JavaBDD http://javabdd.sourceforge.net/ 2007
20. Jaxe XML editor http://jaxe.sourceforge.net/
21. T. Moses eXtensible access control Markup Language (XACML), version 2.0, Oasis Standard. Internet http://docs.oasis-open.org/xacml/2.0/accesscontrol- xacml-2.0-core-spec-os.pdf 2005
22. C.M. OKeefe, P. Greenfield, and A. Goodchild A decentralised approach to electronic consent and health information access control Journal of Research and Practice in Information Technology 37 2 2005 161 178 (Pubitemid 40635532)
23. openEHR Community openEHR http://www.openehr.org
24. J. Pritts, and K. Connor The implementation of e-Consent mechanisms in three countries: Canada, England, and The Netherlands. SAMHSA report http://ihcrp.georgetown.edu/pdfs/prittse-consent.pdf 2007
25. C. Ruan, and V. Varadharajan An authorization model for e-Consent requirement in a health care application Applied cryptography and network security, LNCS vol. 2846 2003 p. 191-205
26. Yang N, Barringer H, Zhang N. A purpose-based access control model. In: Proc. of 3rd international symposium on information assurance and security (IAS); 2007. p. 143-8.
27. Yuan L, Chen H, Mai J, Chuah C, Su Z, Mohapatra P, Davis C. Fireman: a toolkit for firewall modeling and analysis. In: 2006 IEEE symposium on security and privacy; 2006. p. 15.