Patient-centric authorization framework for sharing electronic health records

Authors:
Jing Jin;Gail-Joon Ahn;Hongxin Hu;Michael J. Covington;Xinwen Zhang
Affiliations:
University of North Carolina at Charlotte, Charlotte, NC, USA;Arizona State University, Tempe, AZ, USA;Arizona State University, Tempe, AZ, USA;Intel Corporation, Hillsboro, OR, USA;Samsung Information Systems America, San Jose, CA, USA
Venue:
Proceedings of the 14th ACM symposium on Access control models and technologies
Year:
2009

Citing 8
Cited 6

Supporting relationships in access control using role based access control

RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Sharing Health-Care Records over the Internet

IEEE Internet Computing
Owner-controlled information

Proceedings of the 2003 workshop on New security paradigms
Cassandra: Flexible Trust Management, Applied to Electronic Health Records

CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Purpose based access control of complex data for privacy protection

Proceedings of the tenth ACM symposium on Access control models and technologies
Policy-based security management for federated healthcare databases (or RHIOs)

HIKM '06 Proceedings of the international workshop on Healthcare information and knowledge management
A Purpose-Based Access Control Model

IAS '07 Proceedings of the Third International Symposium on Information Assurance and Security
Situation-Based Access Control: Privacy management via modeling of patient data access scenarios

Journal of Biomedical Informatics

An attribute-based authorization policy framework with dynamic conflict resolution

Proceedings of the 9th Symposium on Identity and Trust on the Internet
Cryptography based access control in healthcare web systems

2010 Information Security Curriculum Development Conference
Multiparty authorization framework for data sharing in online social networks

DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
Flexible and dynamic consent-capturing

iNetSec'11 Proceedings of the 2011 IFIP WG 11.4 international conference on Open Problems in Network Security
The Business Values of Patient Knowledge Management PKM in the Healthcare Industry

International Journal of Healthcare Information Systems and Informatics
A semantic authorization model for pervasive healthcare

Journal of Network and Computer Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and various privacy protection requirements. We also articulate and handle the policy anomalies that might occur in the composition of discrete access control policies from multiple data sources.