Policy-based security management for federated healthcare databases (or RHIOs)

Authors:
Rafae Bhatti;Khalid Moidu;Arif Ghafoor
Affiliations:
Purdue University;Purdue University;Purdue University
Venue:
HIKM '06 Proceedings of the international workshop on Healthcare information and knowledge management
Year:
2006

Citing 8
Cited 3

A federated architecture for information management

ACM Transactions on Information Systems (TOIS)
Role-Based Access Control Models

Computer
Scaling Access to Heterogeneous Data Sources with DISCO

IEEE Transactions on Knowledge and Data Engineering
Mermaid - Experiences with Network Operation

Proceedings of the Second International Conference on Data Engineering
Experiences in Federated Databases: From IRO-DB to MIRO-Web

VLDB '98 Proceedings of the 24rd International Conference on Very Large Data Bases
X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control

ACM Transactions on Information and System Security (TISSEC)
Personal health information management

Communications of the ACM - Personal information management
Hippocratic databases

VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases

Report on ACM Workshop on Health Information and Knowledge Management (HIKM 2006)

ACM SIGMOD Record
Patient-centric authorization framework for sharing electronic health records

Proceedings of the 14th ACM symposium on Access control models and technologies
Towards improved privacy policy coverage in healthcare using policy refinement

SDM'07 Proceedings of the 4th VLDB conference on Secure data management

Quantified Score

Hi-index	0.00

Visualization

Abstract

The role of security management in the RHIOs has recently gained increasing attention due to strict privacy and disclosure rules, and federal regulations such as HIPAA. The envisioned use of electronic health care records in such systems involves pervasive and ubiquitous access to healthcare information from anywhere outside of traditional hospital boundaries which puts increasing demands on the underlying security mechanisms. In this paper, we have designed a context-aware policy-based system to provide security management for health informatics. The policies are based on a set of use cases developed for the HL7 Clinical Document Architecture (CDA) standard. Our system is designed to adapt well to ubiquitous healthcare services in a non-traditional, pervasive environment using the same infrastructure that enables federated healthcare management for traditional organizational boundaries. We also present an enforcement architecture and a demonstration prototype for the policy-based system proposed in this paper.