Towards a privacy access control model for e-healthcare services

PST 2005 - 3rd Annual Conference on Privacy, Security and Trust, Conference Proceedings

Volumn , Issue , 2005, Pages

  Hung, Patrick C K ^a  

^a UNIVERSITY OF ONTARIO INSTITUTE OF TECHNOLOGY   (Canada)

Author keywords

E healthcare services; Privacy; Role based access control (RBAC); Web services

Indexed keywords

ACCESS CONTROL MODELS; E-HEALTHCARE SERVICES; ELECTRONIC MEDICAL RECORD; INFORMATION ACCESS CONTROL; PRIVACY-ENHANCING TECHNOLOGIES; PROTECTED HEALTH INFORMATIONS; ROLE-BASED ACCESS CONTROL; ROLE-BASED ACCESS CONTROL MODEL;

ACCESS CONTROL; DATA PRIVACY; MEDICAL COMPUTING; NATURAL LANGUAGE PROCESSING SYSTEMS; WEB SERVICES;

HEALTH CARE;

EID: 84883272311     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (19)

1. J. K. H. Tan and P. C. K. Hung, "E-Security: Framework For Privacy And Security In E-Health Data Integration And Aggregation E-Health Care Information Systems: An Introduction for Students and Professionals, Jossey-Bass - An Imprint of Wiley, pages 450-478, 2005.
2. F. France, "Control and use of health information: A doctor's perspective, " International Journal of Biomedical Computing, vol. 43, no. 1-2, pages 19-25, 1996.
3. CSIS, "Security Glossary, " Information Systems Security Organization, 2003. Online: http://ise.gmu.edu/~csis/glossary/merged-glossary. html.
4. D. F. Ferraiolo, D. R. Kuhn and R. Chandramouli, "Role-based access control, " Computer Security Series, Artech House Publishers, 2003.
5. S. Osborn, R. Sandhu and Q. Munawer, "Configuring role-based access control to enforce mandatory and discretionary access control policies, " ACM Transactions on Information and Systems Security (TISSEC), vol. 3, no. 2, 2000.
6. E. D. Schoeman, "Philosophical Dimensions of Privacy: An Anthology, " New York, NY, Cambridge Univ. Press, 1984.
7. H. Leino-Kilpi, M. Valimaki, T. Dassen, M. Gasull, C. Lemonidou, A. Scott and M. Arndt, "Privacy: A review of the literature, " International Journal of Nursing Studies, vol. 38, pages 663-671, 2001.
8. S. Fischer-Hubner, "IT-Security and Privacy, " LNCS 1958, 2001.
9. C. S. Powers, P. Ashley and M. Schunter, "Privacy promises, access control, and privacy management - Enforcing privacy throughout an enterprise by extending access control, " Proceedings of the Third International Symposium on Electronic Commerce, pages 13- 21, 2002.
10. J. C. Davis, "Protecting privacy in the cyber era, " IEEE Technology and Society Magazine, pages 10- 22, Summer 2000.
11. HL7, "HIPAA Claims and Attachments Preparing for Regulation, " May 2004. Online: www.hl7.org/memonly/downloads/Attachment-Specifications/HIPAA- and-Claims-Attachments-White-Paper-20040518.pdf.
12. V. Senicar, B. Jerman-Blazic and T. Klobucar, "Privacy-enhancing technologies - Approaches and development, " Computer Standards & Interfaces, Volume: 25, Pages: 147-158, 2003.
13. R. S. Sandhu, E. J. Coyne, H. L. Feinstein and C. E. Youman, "Role-based access control models, " IEEE Computer, Volume: 29, Number: 2, Pages: 38-47, 1996.
14. R. S. Sandhu, V. Bhamidipati and Q. Munawer, "The ARBAC97 model for role-based administration of roles, " ACM Transactions on Information and Systems Security (TISSEC), Volume: 1, Number: 2, Pages: 105-135, 1999.
15. D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn and R. Chandramouli. "Proposed NIST Standard for Role-Based Access Control, " ACM Transactions on Information and Systems Security (TISSEC), Volume 4, Number 3, 2001.
16. J. Reid, I. Cheong, M. Henricksen and J. Smith. "A Novel Use of RBAC to Protect Privacy in Distributed Health Care Information Systems, " Proceedings of the Eighth Australasian Conference on Information Security and Privacy (ACISP 2003), LNCS 2727, pages 403-415, 2003.
17. K. Louwerse, "The electronic patient record; the management of access-case study: Leiden University Hospital, " International Journal of Medical Informatics, vol. 49, no. 1, pages 39-44, 1998.
18. J. Anderson, "Security of the distributed electronic patient record: A case-based approach to identifying policy issues, " International Journal of Medical Informatics, vol. 60, no. 2, pages 111-118, 2000.
19. G. H. M. B. Motta and S. S. Furuie, "A contextual role-based access control authorization model for electronic patient record, " IEEE Transactions on Information Technology in Biomedicine, vol. 7, no. 3, pages: 202- 207, Sept. 2003.