Skip to main content
SpringerLink
Log in

Access Control Model for Sharing Composite Electronic Health Records

  • Conference paper
Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2008)

Abstract

The adoption of electronically formatted medical records, so called Electronic Health Records (EHRs), has become extremely important in healthcare systems to enable the exchange of medical information among stakeholders. An EHR generally consists of data with different types and sensitivity degrees which must be selectively shared based on the need-to-know principle. Security mechanisms are required to guarantee that only authorized users have access to specific portions of such critical record for legitimate purposes. In this paper, we propose a novel approach for modelling access control scheme for composite EHRs. Our model formulates the semantics and structural composition of an EHR document, from which we introduce a notion of authorized zones of the composite EHR at different granularity levels, taking into consideration of several important criteria such as data types, intended purposes and information sensitivities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. IEEE-USA’s Medical Technology Policy Committee Interoperability Working Group (ed.): Interoperability for the National Health Information Network (NHIN). IEEE-USA EBOOKS (2006)

    Google Scholar 

  2. Bartschat, W., Burrington-Brown, J., Carey, S., Chen, J., Deming, S., Durkin, S.: Surveying the RHIO landscape, a description of current rhio models, with a focus on patient identification. J. AHIMA 77(1), 64A–64D (2007)

    Google Scholar 

  3. Dolin, R.H., Alschuler, L., Boyer, S., Beebe, C., Behlen, F.M., Biron, P.V.: Hl7 clinical document architecture, release 2.0. ANSI Standard (2004)

    Google Scholar 

  4. openEHR Community: openEHR, http://www.openehr.org

  5. HL7: Health level 7 (HL7), http://www.hl7.org

  6. Chadwick, D.W., Mundy, D.: Policy based electronic transmission of prescriptions. In: Proceedings of the 4th International Workshop on Policyies for Distributed Systems and Networks (POLICY 2003), pp. 197–206 (2003)

    Google Scholar 

  7. Eyers, D.M., Bacon, J., Moody, K.: OASIS role-based access control for electronic health records. In: IEE Proceedings – Software, pp. 16–23 (2006)

    Google Scholar 

  8. Becker, M.Y., Sewell, P.: Cassandra: flexible trust management, applied to electronic health records. In: Proceedings of IEEE 17th Computer Security Foundations Workshop, pp. 139–154 (2004)

    Google Scholar 

  9. Bhatti, R., Moidu, K., Ghafoor, A.: Policy-based security management for federated healthcare databases (or RHIOs). In: Proceedings of the international workshop on Healthcare Information and Knowledge Management, pp. 41–48 (2006)

    Google Scholar 

  10. Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, R.: Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC) 4, 224–274 (2001)

    Article  Google Scholar 

  11. Fernández, E.B., Gudes, E., Song, H.: A model for evaluation and administration of security in object-oriented databases. IEEE Trans. Knowl. Data Eng. 6(2) (1994)

    Google Scholar 

  12. Rabitti, F., Bertino, E., Kim, W., Woelk, D.: A model of authorization for next-generation database systems. ACM Transactions on Database Systems (TODS) 16(1), 88–131 (1991)

    Article  Google Scholar 

  13. Bertino, E., Castano, S., Ferrari, E., Mesiti, M.: Specifying and enforcing access control policies for xml document sources. World Wide Web Journal 3(3), 139–151 (2000)

    Article  MATH  Google Scholar 

  14. Damiani, E., di Vimercati, S.D.C., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. ACM Transactions on Information and System Security (TISSEC) 5(5), 169–202 (2002)

    Article  Google Scholar 

  15. Gabillon, A., Bruno, E.: Regulating access to XML documents. In: Proceedings of the 15th Annual Working Conference on Database and Application Security (2001)

    Google Scholar 

  16. Iowa Foundation for Medical Care: HISPC state implementation project summary and impact analysis report for the state of Iowa (2007), http://www.ifmc.org/news/State%20Impact%20Report_11-27-07.doc

  17. Dimitropoulos, L.L.: Privacy and security solutions for interoperable health information exchange: Interim assessment of variation executive summary (2007), http://www.rti.org/pubs/avas_execsumm.pdf

  18. Clark, J., DeRose, S.: XML path language (XPath) version 1.0. World Wide Web Consortium (W3C) (1999), http://www.w3.org/TR/xpath

  19. Science Applications International Corporation (SAIC): Healthcare RBAC task force charter, v1.1 (2003), http://www.va.gov/RBAC/docs/HealthcareRBACTCharterv1_1.pdf

Download references

Author information

Authors and Affiliations

  1. University of North Carolina at Charlotte, USA

    Jing Jin

  2. Arizona State University, USA

    Gail-Joon Ahn

  3. Intel Corporation, USA

    Michael J. Covington

  4. Samsung Information Systems America, USA

    Xinwen Zhang

Authors
  1. Jing Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gail-Joon Ahn
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michael J. Covington
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xinwen Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science LWSN 2142G, Purdue University, 656 Oval Drive, IN 47907, West Lafayette, USA

    Elisa Bertino

  2. School of Information Sciences, Department of Information Sciences and Telecommunications, University of Pittsburgh, 135 North Bellefield Avenue, PA 15260, Pittsburgh, USA

    James B. D. Joshi

Rights and permissions

Reprints and permissions

Copyright information

© 2009 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Jin, J., Ahn, GJ., Covington, M.J., Zhang, X. (2009). Access Control Model for Sharing Composite Electronic Health Records. In: Bertino, E., Joshi, J.B.D. (eds) Collaborative Computing: Networking, Applications and Worksharing. CollaborateCom 2008. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 10. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03354-4_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-03354-4_25

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-03353-7

  • Online ISBN: 978-3-642-03354-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation