Emergency Access Authorization for Personally Controlled Online Health Care Data

Authors:
Tingting Chen;Sheng Zhong
Affiliations:
Department of Computer Science and Engineering, State University of New York at Buffalo, Amherst, USA 14260;Department of Computer Science and Engineering, State University of New York at Buffalo, Amherst, USA 14260
Venue:
Journal of Medical Systems
Year:
2012

Citing 10
Cited 0

Role-Based Access Control Models

Computer
Privacy-preserving data mining

SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
Using randomized response techniques for privacy-preserving data mining

Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining
Incognito: efficient full-domain K-anonymity

Proceedings of the 2005 ACM SIGMOD international conference on Management of data
Obfuscated databases and group privacy

Proceedings of the 12th ACM conference on Computer and communications security
Privacy Preserving Data Classification with Rotation Perturbation

ICDM '05 Proceedings of the Fifth IEEE International Conference on Data Mining
Efficient anonymity-preserving data collection

Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining
Comparisons of K-Anonymization and Randomization Schemes under Linking Attacks

ICDM '06 Proceedings of the Sixth International Conference on Data Mining
A CORBA-based integration of distributed electronic healthcare records using the Synapses approach

IEEE Transactions on Information Technology in Biomedicine
A contextual role-based access control authorization model for electronic patient record

IEEE Transactions on Information Technology in Biomedicine

Quantified Score

Hi-index	0.00

Visualization

Abstract

Personally controlled health records (PCHR) systems have emerged to allow patients to control their own medical data. In a PCHR system, all the access privileges to a patient's data are granted by the patient. However, in many emergency cases, it is impossible for the patient to participate in access authorization on site when immediate medical treatment is needed. To solve the emergency access authorization problem in the absence of patients, we consider two cases: a) the requester is already in the PCHR system but has not obtained the access privilege of the patient's health records, and b) the requester does not even have an account in the PCHR system to submit its request. For each of the two cases, we present a method for emergency access authorization, utilizing the weighted voting and source authentication cryptographic techniques. Our methods provide an effective, secure and private solution for emergency access authorization, that makes the existing PCHR system frameworks more practical and thus improves the patients' experiences of health care when using PCHR systems. We have implemented a prototype system as a proof of concept.