A Trusted System for Sharing Patient Electronic Medical Records in Autonomous Distributed Health Care Systems

International Journal of Healthcare Information Systems and Informatics (IJHISI)

Volumn 2, Issue 1, 2007, Pages 14-35

  Nepal, Surya ^a   Zic, John ^a   Jaccard, Frederic ^a   Kraehenbuehl, Gregoire ^a  

^a CSIRO   (Australia)

Author keywords

data model; electronic medical records; mutual attestation; transfer protocols; trusted computing; trusted systems

Indexed keywords

EID: 85001816326     PISSN: 15553396     EISSN: 1555340X     Source Type: Journal    
DOI: 10.4018/jhisi.2007010102     Document Type: Article

References (33)

1. Australian Government Department of Health and Aging (DoHA) Project. (2002). Consumer consent in electronic health data exchange—e-consent. Retrieved March, 2006, from www.ahic.org.au/downloads/Foundations%20for%20the%20future.pdf
2. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., & Warfeld, A. (2003). Xen and the art of virtualization. 19th ACM Symposium on Operating Systems Principles, (pp. 164–177). New York:.
3. Brickell, E., Camenisch, J., & Chen, L. (2004). Direct anonymous attestation (Tech. Rep. HPL-2004–93).
4. Centre for Networking Technologies for the Information Economy (CeNTIE) Project. (2006). Retrieved from http://www.ict.csiro.au/page.php?cid=22
5. Chadwick, D., & Mundy, D. (2004). The secure electronic transfer of prescriptions. Healthcare Computing, 11–25.
6. Choudhri, A., Kagal, L., Joshi, A., Finin, T., & Yesha, Y. (2003). PatientService: Electronic patient record redaction and delivery in pervasive environment. Fifth International Workshop on Enterprise Networking and Computing in Healthcare Industry (Healthcom 2003),.
7. Crook, R., Ince, D., & Nuseibeh, B. (2003). Modelling access policies using roles in requirements engineering. Information and Software Technology, 45, 979–991.
8. Evered, M., & Bogeholz, S. (2004). A case study in access control requirements for a health information system. Australasian Information Security Workshop, 53–61.
9. Garfnkel, T., Pfaff, B., Chow, J., Rosenblum, M., & Boneh, D. (2003). Terra: A virtual machine-based platform for trusted computing. 19th ACM Symposium on Operating Systems Principles (pp. 193–206). Bolton Landing, NY.
10. Haldar V., & Franz, M. (2004). Symmetric behavior-based trust: A new paradigm for Internet computing. New Security Paradigms Workshop, 79–84.
11. Huston, T. (2001). Security issues for implementation of e-medical records. Communication of the ACM, 44(9) 89–94.
12. IBM. Trousers. (2005). A TSS implementation for Linux. Retrieved from http://trousers.sourceforge.net/
13. Khayat, E. J., & Abdallah, A. E. (2003). A formal model for fat role-based access control. IEEE International Conference on Computer Systems and Applications, Tunisia.
14. Messerges, T. S., & Dabbish, E. A. (2003). Digital rights management in a 3G mobile phone and beyond. In Proceedings of the 2003 ACM Workshop on Digital Rights Management (pp. 27–38). Washington, DC.
15. Motta, G. H. M. B., & Furuie, S. S. (2003). A contextual role-based access control authorization model for electronic patient record. IEEE Transactions on Information Technology in Biomedicine,7 3), 202–207.
16. Nepal, S., Zic, J., Jaccard, F., & Krahenbuehl, G. (2006a). A tag-based data model for privacy-preserving medical applications. Proceedings of EDBT IIHA Workshop (pp. 77–88). Munich, Germany.
17. Nepal, S., Zic, J., Krahenbuehl, G., & Jaccard, F. (2006b). Secure sharing of electronic patient records. Proceedings of 1st European Conference on eHealth. Fribourg, Switzerland.
18. Open Mobile Alliance (OMA), DRM Architecture, Version 2.0.6. (2004). OMA-DRM-ARCH-V2_0_6–20040820-C.zip. Retrieved from http://www.openmo-bilealliance.org
19. OASIS. (2005). eXtensible access control markup language (XACML) version 2.0 3. Retrieved from http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
20. O'Keefe, C. M., Greenfeld, P., & Goodchild, A. (2005). A decentralised approach to electronic consent and health information access control. Journal of Research and Practice in Information Technology,37 2), 161–178.
21. Paul, A., Satoshi, H., Karjoth, G., Powers, C., & Schunter, M. (2003). Enterprise privacy authorization language (EPAL 1.1) (IBM Tech. Rep.).
22. Reid, J., Cheong, I., Henricksen, M., & Smith, J. (2003a). A novel use of RBAC to protect privacy in distributed health care information systems. In R. Safavi-Naini & J. Seberry (Eds.), Proceedings 8th Australasian Conference on Information Security and Privacy (ACISP 2003) (pp. 403–415). Wollongong.
23. Reid, J., Juan, M., Nieto, G., Dawson, E., & Okamoto, E. (2003b). Privacy and trusted computing. 14th International Workshop on Database and Expert Systems Applications (DEXA'03) (pp. 383).
24. Sadeghi, A., & Stüble, C. (2004). Property-based attestation for computing platforms: Caring about properties, not mechanisms. Proceedings of the 2004 Workshop on New Security Paradigms. (pp. 67–77).
25. Nova Scotia, Canada: Sailer, R., Jaeger, T., Zhang, X., & Doorn, L. (2004a). Attestation-based policy enforcement for remote access. In Proceedings of the 11th ACM Conference on Computer and Communication Security (pp. 308–317). Washington, DC.
26. Sailer R., Jaeger T., Zhang X. & Doorn L. (2004a) Design and implementations of a TCG-based intergrity measurement architecture. 13th usenix Security Symposium, pp. 223–238, San Diego, CA.
27. Sailer, R., Jaeger, T., Zhang, X., & Doorn, L. (2004b). Design and implementation of a TCG-based integrity measurement architecture. 13th Usenix Security Symposium (pp. 223–238). San Diego, CA.
28. Sandhu, R., & Zhang, X. (2005). Peer-to-peer access control architecture using trusted computing technologies.In Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies (pp. 147–158). Stockholm, Sweden.
29. Shi, E., Perrig, A., & Van, D. L. (2005). BIND: A fine-grained attestation service for secure distributed systems. IEEE Symposium on Security and Privacy (pp. 154- 168).
30. Stein, L. D. (1997). The electronic medical record: Promises and threats. Web Journal, 2(3).
31. Task Force on Medical Informatics (TFMI). (1996). Safeguard needed in transfer of patient data. PEDIATRICS,98 5), 984–986.
32. Trusted Computing Group (TCG). (2003). Trusted Computing Platform Alliance (TCPA) Main Specification Version 1.1b. Retrieved from https://www.trustedcom-putinggroup.org/groups/tpm/
33. Yung, M. (2005). Privacy implications of remote attestation in trusted computing (CSIRO ICT Centre Tech. Rep. 05/146).