Supporting relationships in access control using role based access control
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Sharing Health-Care Records over the Internet
IEEE Internet Computing
Proceedings of the 2003 workshop on New security paradigms
Cassandra: Flexible Trust Management, Applied to Electronic Health Records
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Purpose based access control of complex data for privacy protection
Proceedings of the tenth ACM symposium on Access control models and technologies
Policy-based security management for federated healthcare databases (or RHIOs)
HIKM '06 Proceedings of the international workshop on Healthcare information and knowledge management
A Purpose-Based Access Control Model
IAS '07 Proceedings of the Third International Symposium on Information Assurance and Security
Situation-Based Access Control: Privacy management via modeling of patient data access scenarios
Journal of Biomedical Informatics
An attribute-based authorization policy framework with dynamic conflict resolution
Proceedings of the 9th Symposium on Identity and Trust on the Internet
Cryptography based access control in healthcare web systems
2010 Information Security Curriculum Development Conference
Multiparty authorization framework for data sharing in online social networks
DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
Flexible and dynamic consent-capturing
iNetSec'11 Proceedings of the 2011 IFIP WG 11.4 international conference on Open Problems in Network Security
The Business Values of Patient Knowledge Management PKM in the Healthcare Industry
International Journal of Healthcare Information Systems and Informatics
A semantic authorization model for pervasive healthcare
Journal of Network and Computer Applications
Hi-index | 0.00 |
In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and various privacy protection requirements. We also articulate and handle the policy anomalies that might occur in the composition of discrete access control policies from multiple data sources.