Abstract
The adoption of electronically formatted medical records, so called Electronic Health Records (EHRs), has become extremely important in healthcare systems to enable the exchange of medical information among stakeholders. An EHR generally consists of data with different types and sensitivity degrees which must be selectively shared based on the need-to-know principle. Security mechanisms are required to guarantee that only authorized users have access to specific portions of such critical record for legitimate purposes. In this paper, we propose a novel approach for modelling access control scheme for composite EHRs. Our model formulates the semantics and structural composition of an EHR document, from which we introduce a notion of authorized zones of the composite EHR at different granularity levels, taking into consideration of several important criteria such as data types, intended purposes and information sensitivities.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
IEEE-USA’s Medical Technology Policy Committee Interoperability Working Group (ed.): Interoperability for the National Health Information Network (NHIN). IEEE-USA EBOOKS (2006)
Bartschat, W., Burrington-Brown, J., Carey, S., Chen, J., Deming, S., Durkin, S.: Surveying the RHIO landscape, a description of current rhio models, with a focus on patient identification. J. AHIMA 77(1), 64A–64D (2007)
Dolin, R.H., Alschuler, L., Boyer, S., Beebe, C., Behlen, F.M., Biron, P.V.: Hl7 clinical document architecture, release 2.0. ANSI Standard (2004)
openEHR Community: openEHR, http://www.openehr.org
HL7: Health level 7 (HL7), http://www.hl7.org
Chadwick, D.W., Mundy, D.: Policy based electronic transmission of prescriptions. In: Proceedings of the 4th International Workshop on Policyies for Distributed Systems and Networks (POLICY 2003), pp. 197–206 (2003)
Eyers, D.M., Bacon, J., Moody, K.: OASIS role-based access control for electronic health records. In: IEE Proceedings – Software, pp. 16–23 (2006)
Becker, M.Y., Sewell, P.: Cassandra: flexible trust management, applied to electronic health records. In: Proceedings of IEEE 17th Computer Security Foundations Workshop, pp. 139–154 (2004)
Bhatti, R., Moidu, K., Ghafoor, A.: Policy-based security management for federated healthcare databases (or RHIOs). In: Proceedings of the international workshop on Healthcare Information and Knowledge Management, pp. 41–48 (2006)
Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, R.: Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC) 4, 224–274 (2001)
Fernández, E.B., Gudes, E., Song, H.: A model for evaluation and administration of security in object-oriented databases. IEEE Trans. Knowl. Data Eng. 6(2) (1994)
Rabitti, F., Bertino, E., Kim, W., Woelk, D.: A model of authorization for next-generation database systems. ACM Transactions on Database Systems (TODS) 16(1), 88–131 (1991)
Bertino, E., Castano, S., Ferrari, E., Mesiti, M.: Specifying and enforcing access control policies for xml document sources. World Wide Web Journal 3(3), 139–151 (2000)
Damiani, E., di Vimercati, S.D.C., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. ACM Transactions on Information and System Security (TISSEC) 5(5), 169–202 (2002)
Gabillon, A., Bruno, E.: Regulating access to XML documents. In: Proceedings of the 15th Annual Working Conference on Database and Application Security (2001)
Iowa Foundation for Medical Care: HISPC state implementation project summary and impact analysis report for the state of Iowa (2007), http://www.ifmc.org/news/State%20Impact%20Report_11-27-07.doc
Dimitropoulos, L.L.: Privacy and security solutions for interoperable health information exchange: Interim assessment of variation executive summary (2007), http://www.rti.org/pubs/avas_execsumm.pdf
Clark, J., DeRose, S.: XML path language (XPath) version 1.0. World Wide Web Consortium (W3C) (1999), http://www.w3.org/TR/xpath
Science Applications International Corporation (SAIC): Healthcare RBAC task force charter, v1.1 (2003), http://www.va.gov/RBAC/docs/HealthcareRBACTCharterv1_1.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Jin, J., Ahn, GJ., Covington, M.J., Zhang, X. (2009). Access Control Model for Sharing Composite Electronic Health Records. In: Bertino, E., Joshi, J.B.D. (eds) Collaborative Computing: Networking, Applications and Worksharing. CollaborateCom 2008. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 10. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03354-4_25
Download citation
DOI: https://doi.org/10.1007/978-3-642-03354-4_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03353-7
Online ISBN: 978-3-642-03354-4
eBook Packages: Computer ScienceComputer Science (R0)