Empowering citizens with access control mechanisms to their personal health resources

International Journal of Medical Informatics

Volumn 82, Issue 1, 2013, Pages 58-72

  Calvillo, J ^a,b   Roman I ^a,b   Roa, L M ^a,b  

^a UNIVERSITY OF SEVILLE   (Spain)

^b BIOMATERIALES Y NANOMEDICINA CIBER BBN   (Spain)

Author keywords

Distributed systems; Medical informatics; Patient empowerment; Semantics; Systems integration

Indexed keywords

ACCESS CONTROL MECHANISM; ACCESS CONTROL POLICIES; BUILDING BLOCKES; CURRENT TECHNOLOGY; DECISION MAKING PROCESS; DECISION-MAKING MECHANISMS; DEMOGRAPHIC DATA; DISTRIBUTED DATA; DISTRIBUTED PROCESSING; DISTRIBUTED RESOURCES; DISTRIBUTED SYSTEM ARCHITECTURE; DISTRIBUTED SYSTEMS; HEALTH INFORMATIONS; HEALTHCARE DELIVERY; HEALTHCARE RESOURCES; HETEROGENEOUS SYSTEMS; INFORMATION AND COMMUNICATION TECHNOLOGIES; INFORMATION SOURCES; MEDICAL INFORMATICS; METAMODELING; MODEL DRIVEN ARCHITECTURES; MONITORING DEVICE; PATIENT EMPOWERMENT; PERSONAL HEALTH; REFERENCE ARCHITECTURE; SEMANTIC TECHNOLOGIES; SOCIAL CONDITIONS; SOFTWARE SIMULATION; SYSTEMS INTEGRATION; THIRD PARTIES; VIRTUAL ORGANIZATION;

ACCESS CONTROL; DECISION MAKING; DIGITAL STORAGE; GRID COMPUTING; HEALTH; HEALTH CARE; INFERENCE ENGINES; INFORMATION SERVICES; INFORMATION TECHNOLOGY; INTEROPERABILITY; NETWORK SECURITY; SEMANTIC WEB; SEMANTICS; SERVICE ORIENTED ARCHITECTURE (SOA); SOFTWARE ARCHITECTURE; SPECIFICATIONS; UNIFIED MODELING LANGUAGE;

INFORMATION MANAGEMENT;

ARTICLE; CLINICAL DECISION MAKING; COMPUTER LANGUAGE; COMPUTER PROGRAM; DATA BASE; EMPOWERMENT; HEALTH CARE ACCESS; HEALTH CARE DELIVERY; HEALTH CARE MANAGEMENT; HEALTH CARE PLANNING; HEALTH CARE POLICY; HEALTH PRACTITIONER; HEALTH SERVICE; HUMAN; MEDICAL INFORMATICS; MEDICAL INFORMATION; MEDICAL TECHNOLOGY; PATIENT INFORMATION; PERSON ORIENTED VIRTUAL ORGANIZATION; PRIORITY JOURNAL; SEMANTICS; SIMULATION; STANDARD;

ACCESS TO INFORMATION; COMMUNICATION; COMPUTER SYSTEMS; DELIVERY OF HEALTH CARE; HEALTH RESOURCES; HUMANS; MEDICAL INFORMATICS APPLICATIONS; PERSONAL AUTONOMY; POWER (PSYCHOLOGY);

EID: 84870514817     PISSN: 13865056     EISSN: 18728243     Source Type: Journal    
DOI: 10.1016/j.ijmedinf.2012.02.006     Document Type: Article

References (57)

1. Ekdahl A.W., Andersson L., Friedrichsen M. They do what they think is the best for me. Frail elderly patients' preferences for participation in their care during hospitalization. Patient Educ. Couns. 2010, 80(2):233-240.
2. Haux R. Individualization, globalization and health-about sustainable information technologies and the aim of medical informatics. Int. J. Med. Inform. 2006, 75(12):795-808.
3. U.S. Government Health Insurance Portability and Accountability Act (HIPAA) 1996.
4. International Medical Informatics Association Code of Ethics for Health Information Professionals 2002.
5. Council of Europe Convention for the Protection of Human Rights and Dignity of the Human Being with Regard to the Application of Biology and Medicine 1997, Council of Europe, Strasbourg.
6. World Health Organization A Declaration on the Promotion of Patients' Rights in Europe. European Consultation on the Rights of Patients 1994, World Health Organization, Amsterdam, pp. 9-14.
7. European and Commission Directive 95/46/EC of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data 1995.
8. Maloney F.L., Wright A. USB-based personal health records: an analysis of features and functionality. Int. J. Med. Inform. 2010, 79(2):97-111.
9. Reti S., Feldman H., Safran C. Governance for personal health records. J. Am. Med. Inform. Assoc. 2009, 16(1):14-17.
10. Bourgeois F., Taylor P., Emans J., Nigrin D., Mandl K. Whose personal control? Creating private, personally controlled health records for pediatric and adolescent patients. J. Am. Med. Inform. Assoc. 2008, 15(6):737-743.
11. Markle Foundation. Connecting for Health: The Personal Health Working Group Final Report. Technical Report, 2003.
12. Aubert B.A., Hamel G. Adoption of smart cards in the medical sector: the Canadian experience. Soc. Sci. Med. 2001, 53(7):879-894.
13. Erl T. SOA Principles of Service Design 2008, Prentice Hall.
14. Foster I., Kesselman C., Tuecke S. The anatomy of the grid: enabling scalable virtual organizations. Int. J. High Perform. Comput. Appl. 2001, 15(3):200-222.
15. ITU-T Rec. X.1142 | OASIS XACML v2. 0 Core: eXtensible Access Control Markup Language Version 2.0, 2005. Available from: http://www.oasis-open.org/committees/xacml.
16. Cantor S., Kemp J., Philpott R., Maler E. Assertions and Protocols for the Oasis Security Assertion Markup Language (SAML) v2.0 2005, Available from:. http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf.
17. ISO/TS 22600-1, 2:2006 Health Informatics-Privilege Management and Access Control 2006.
18. OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of Security Assertion Markup Language (SAML) for Healthcare Version 1.0 2009, Available from:. http://docs.oasis-open.org/security/xspa/v%201.0/saml-xspa-1.0-os.pdf.
19. OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of XACML v2.0 for Healthcare Version 1.0 2009, Available from:. http://docs.oasis-open.org/xacml/xspa/v1.0/xacml-xspa-1.0-os.pdf.
20. IHE IHE IT-Infrastructure White Paper-Access Control 2009.
21. HITSP. HITSP/SC108-Access Control Service Collaboration, Version 1.1, 2010.
22. ITU-T. Rec. X.901 Information technology-Open Distributed Processing-Reference Model: Overview, 1997.
23. ISO12967-1, 2, 3: Health Informatics-Service Architecture, 2008.
24. ITU-T Rec. X.906 | ISO 19793: Information Technology-Open Distributed Processing-Use of UML for ODP System Specifications, 2008.
25. Sinnott R.O., Chadwick D.W., Doherty T., Martin D., Stell A., Stewart G., et al. Advanced security for virtual organizations: the pros and cons of centralized vs decentralized security models. Proceedings of the 8th IEEE International Symposium on Cluster Computing and the Grid 2008, 106-113.
26. Kerschbaum F., Robinson P. Security architecture for virtual organizations of business web services. J. Syst. Arch. 2009, 55(4):224-232.
27. Karp A.H., Haury H., Davis H.M. From ABAC to ZBAC: The Evolution of Access Control Models. HP Labs Technical Report 2009.
28. Calvillo J., Roman I., Rivas S., Roa L. Privilege management infrastructure for virtual organizations in healthcare grids. IEEE Trans. Inform. Technol. Biomed. 2011, 15(2):316-323.
29. OMG. Model-Driven Architecture. Available from: http://www.omg.org/mda/.
30. Ferraiolo D., Kuhn D. Role-based access control. Proceedings of the NIST-NSA National (USA) Computer Security Conference 1992, 554-563.
31. Patel-Schneider P., Hayes P., Horrocks I. OWL Web Ontology Language Semantics and Abstract Syntax 2004, Available from:. http://www.w3.org/TR/owl-semantics/.
32. Horrocks I., Patel-Schneider P., Boley H., Tabet S., Grosof B., Dean M. SWRL: A Semantic Web Rule Language Combining OWL and RuleML 2004, Available from:. http://www.w3.org/Submission/SWRL/.
33. Finin T., Joshi A., Kagal L., Niu J., Sandhu R., Winsborough W., et al. ROWLBAC: representing role based access control in OWL. Proceedings of the 13th Symposium on Access Control Models and Technologies 2008, 73-82.
34. Knechtel M., Hladik J., Dau F. Using OWL DL reasoning to decide about authorization in RBAC. Proceedings of the OWLED 2008 Workshop on OWL: Experiences and Directions 2008.
35. Trivellato D., Spiessens F., Zannone N., Etalle S. POLIPO: Policies & OntoLogies for Interoperability, Portability, and autonomy. Proceedings of POLICY'09 2009.
36. Elahi N., Chowdhury M., Noll J. Semantic access control in web based communities. Proceedings of the 3rd International Multi-conference on Computing in the Global Information Technology 2008, 131-136.
37. Shen H. A semantic-aware attribute-based access control model for web services. Lect. Notes Comput. Sci. 2009, 5574:693-703.
38. Priebe T., Dobmeier W., Kamprath N. Supporting attribute-based access control with ontologies. Proceedings of the First International Conference on Availability, Reliability and Security (ARES) 2006, 465-472.
39. Muppavarapu V., Chung S.M. Semantic-based access control for grid data resources in Open Grid Services Architecture-Data Access and Integration (OGSA-DAI). Proceedings of the International Conference on Tools with Artificial Intelligence (ICTAI) 2008, 315-322.
40. Amini M., Jalili R. Multi-level authorisation model and framework for distributed semantic-aware environments. IET Inform. Secur. 2010, 4(4):301-321.
41. Blobel B. Ontology driven health information systems architectures enable pHealth for empowered patients. Int. J. Med. Inform. 2011, 80(2):e17-e25.
42. Eclipse: Eclipse Modeling Framework (EMF). Available from: http://www.eclipse.org/emf/.
43. Amyot D., Farah H., Roy J.F. Evaluation of development tools for domain-specific modeling languages. Lect. Notes Comput. Sci. 2006, 4320 LNCS:183-197.
44. Eclipse: Graphical Modeling Framework (GMF). Available from: http://www.eclipse.org/gmf/.
45. Kolovos D.S., Rose L.M., Paige R.F., Polack F.A.C. Raising the level of abstraction in the development of GMF-based graphical model editors. Proceedings of the International Conference on Software Engineering 2009, 13-19.
46. MOFScript. Available from: http://www.eclipse.org/gmt/mofscript/.
47. Model-to-Text (M2T) project. Available from: http://www.eclipse.org/modeling/m2t/.
48. Kou S., Babar M.A., Sangroya A. Modeling security for service oriented applications. ACM International Conference Proceeding Series 2010, 294-301.
49. Mouelhi T., Fleurey F., Baudry B. A generic metamodel for security policies mutation. Proceedings of the IEEE International Conference on Software Testing Verification and Validation Workshop (ICSTW'08) 2008, 278-286.
50. Karat J., Karat C.M., Brodie C., Feng J. Privacy in information technology: designing to enable privacy policy management in organizations. Int. J. Hum. Comput. Stud. 2005, 63(1-2):153-174.
51. Jess rule engine. Available from: http://www.jessrules.com/jess/index.shtml.
52. Knublauch H., Fergerson R., Noy N., Musen M. The Protégé OWL Plugin: an open development environment for semantic web applications. Proceedings of the Third International Semantic Web Conference 2004.
53. CEN/TC 251 EN 13940-1: Health Informatics-System of Concepts to Support Continuity of Care. Part 1. Basic Concepts 2006, European Committee for Standardization.
54. The Systematized Nomenclature of Medicine (SNOMED). Available from: http://www.ihtsdo.org/snomed-ct/.
55. OBO Foundry. The Open Biological and Biomedical Ontologies. Available from: http://www.obofoundry.org/.
56. Emfatic Language Reference. Available from: http://www.eclipse.org/gmt/epsilon/doc/articles/emfatic/.
57. Epsilon Validation Language (EVL). Available from: http://www.eclipse.org/gmt/epsilon/doc/evl/.