One way to patient empowerment: The proposal of an authorization model

HEALTHINF 2012 - Proceedings of the International Conference on Health Informatics

Volumn , Issue , 2012, Pages 249-255

  Santos Pereira, Cátia ^a,c   Antunes, Luis ^a   Cruz Correia, Ricardo ^a,c   Ferreira, Ana ^a,b,c  

^a UNIVERSITY OF PORTO   (Portugal)

^b Center for Informatics CI   (Portugal)

^c University of Porto   (Portugal)

Author keywords

Computer security; Confidentiality; Electronic health records; Patient empowerment; Role Based Access Control

Indexed keywords

AUTHORIZATION MODEL; CONFIDENTIALITY; ELECTRONIC HEALTH RECORD; EUROPEAN LEGISLATION; LITERATURE REVIEWS; MEDICAL DATA; MEDICAL RECORD; PATIENT EMPOWERMENT; ROLE-BASED ACCESS CONTROL; ROLE-BASED ACCESS CONTROL MODEL; TEMPORAL CONSTRAINTS;

ACCESS CONTROL; SECURITY OF DATA; STANDARDS;

HEALTH CARE;

EID: 84861981236     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (25)

1. American Health Information Management Association Foundation. 2011. myPHR [Online]. American Health Information Management Association. Available: http://www.myphr.com/ [Accessed October 2011].
2. Beimel, D. Peleg, M. 2009. The Context and the SitBAC Models for Privacy Preservation - An Experimental Comparison of Model Comprehension and Synthesis. IEEE Transactions on Knowledge and Data Engineering
3. Council of Europe 1997. Protection of Medical Data-Recommendation no R (97) 5. In: committee of ministers to member states (ed.). Europe.
4. Ferreira, A., Chadwick, D., Zao, G., Farinha, P., Correia, R., Chilro, R., Antunes, L. 2009. How securely break into RBAC: the BTG-RBAC model. Proceedings from 25th Annual Computer Security Applications Conference - ACSAC 2009.
5. Ferreira, A., Correia, A., Silva, A., Corte, A., Pinto, A., Saavedra, A., Pereira, A. L., Pereira, A. F., Cruz-Correia, R., Antunes, L. F. 2007a. Why Facilitate Patient Access to Medical Records. Medical and Care Compunetics 4, 127, 77-90.
6. Ferreira, A., Cruz-Correia, R., Antunes, L., Chadwick, D. 2007b. Access Control: how can it improve patients' healthcare?. Stud Health Technol Inform, 127, 65-76.
7. Giuri, L. 1996. Role-based access control: a natural approach. Proceedings of the first ACM Workshop on Role-based access control. Gaithersburg, Maryland, United States: ACM.
8. Honeyman, A., Cox, B., Fisher, B. 2005. Potential impacts of patient access to their electronic care records. Informatics in primary care, 13, 55-60.
9. ISO/TS 13606-4 2009. Health informatics - Electronic health record communication In: ISO/TS (ed.) Part 4: Security. Switzerland: ISO/TC.
10. ISO/TS 22600-2 2006. Health Informatics - Privilege management and access control In: ISO/TS (ed.) Part 2: Formal Models. Switzerland.
11. Joshi, J., Aref, W. G., Ghafoor, A., Spafford, E. H. 2001. Security models for web-based applications. Commun. ACM, 44, 38-44.
12. Joshi, J., Bertino, E., Ghafoor, A. 2002. Temporal hierarchies and inheritance semantics for GTRBAC. Proceedings of the seventh ACM symposium on Access control models and technologies. Monterey, California, USA: ACM.
13. Microsoft. 2011. Microsoft Health Vault [Online]. Available: http://www.microsoft.com/en-us/healthvault/ [Accessed October 2011].
14. Motta, G. H. M. B., Furuie, S. S. 2003. A contextual role-based access control authorization model for electronic patient record. Ieee Transactions on Information Technology in Biomedicine, 7, 202-207.
15. Osborn, S., Sandhu, R., Munawer, Q. 2000. Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Trans. Inf. Syst. Secur., 3, 85-106.
16. Patrick, C. K., Hung and Yi Zheng 2007 Privacy Access Control Model for Aggregated e-Health Services. Eleventh International IEEE EDOC Conference Workshop (EDOCW'07).
17. Pereira, C., Oliveira, C., Vilaça, C., Ferreira, A. 2011. Protection of clinical data - Comparison of European with American Legislation and respective technological applicability. HealthInf 2011 -International Conference on Health Informatics. Rome.
18. Ravi, S., Venkata, B., Qamar, M. 1999. The ARBAC97 model for role-based administration of roles. ACM Trans. Inf. Syst. Secur. 1094-9224, 2, 105-135.
19. Reeder, R. W. 2011. Usable access control for all. Proceedings of the 16th ACM symposium on Access control models and technologies. Innsbruck, Austria: ACM.
20. Ross, S. E., Lin, C. T. 2003. The effects of promoting patient access to medical records: A review. Journal of the American Medical Informatics Association, 10, 129-138.
21. Sandhu, R., Ferraiolo, D., Kuhn, R. 2000. The NIST model for role-based access control: towards a unified standard. Proceedings of the fifth ACM workshop on Role-based access control. Berlin, Germany: ACM.
22. Sejong, O., Ravi, S. 2002. A model for role administration using organization structure. Proceedings of the seventh ACM symposium on Access control models and technologies 1-58113-496-7. Monterey, California, USA: ACM.
23. Shortliffe, E., Cimino, J. 2006. Biomedical Informatics -Computer applications in Health Care and Biomedicine, New York, Springer.
24. Siteman, E., Businger, A., Gandhi, T., Grant, R., Poon, E., Schnipper, J., Volk, L. A., Wald, J. S., Middleton, B. 2006. Clinicians recognize value of patient review of their electronic health record data. AMIA ⋯ Annual Symposium proceedings/AMIA Symposium. AMIA Symposium, 1101.
25. U.S. Department of Health & Human Services 1996. Health Insurance Portability and Accountability Act In: Services, U. S. D. O. H. H. (ed.).