A Flexible Solu on for Privilege Management and Access Control in EHR Systems

نویسندگان

  • G Gazzarata
  • B Blobel
  • M Giacomini
چکیده

Background: Inter-organiza onal healthcare businesses are ruled by a huge set of policies: legal policies, organiza onal policies, medical policies, ethical policies, etc., which are quite sta c, pa ents policy and process, social and environmental condi ons, which are highly dynamic. In the context of a business case, those diff erent policies must be harmonized to enable privilege management and access control decisions. Objec ves: The authors off er a methodology to achieve interoperability through policies harmoniza on in a privilege management and access control solu on for EHR systems, to be later on implemented in a cancer care network using HL7 specifi ca ons. Methods: To meet the objec ve, the authors make use of a system-theore cal, architecture-centric, ontology-based approach to formally represen ng the aforemen oned polices for harmoniza on. Results: Because of its fl exibility and generality, a policydriven RBAC model is used to formally represent all the other access control models such as MAC, DAC, RBAC, ABAC, HL7 Data Segmenta on and Labeling Services. All the policies deployed in the context of an inter-organiza onal collabora on for cancer care can be formalized and then harmonized. Conclusions: The authors provide an implementa onindependent methodology to enable policies harmoniza on in EHR systems. The methodology described in the paper is independent on the maturity of organiza ons’ privilege management and access control system. Furthermore, it does not hamper organiza ons progressing to more advanced solu ons over the me. Even dynamic policies can be harmonized at run me, allowing advancement towards a pa ent-centered care.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Attribute-based Access Control for Cloud-based Electronic Health Record (EHR) Systems

Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records...

متن کامل

Information Security Requirements for Implementing Electronic Health Records in Iran

Background and Goal: ICT development in recent years has created excellent developments in human social and economic life. One of the most important opportunities to use information technology is in the medical field, that the result would be electronic health record (EHR).The purpose of this research is to investigate the effects information securi...

متن کامل

Information Security Requirements for Implementing Electronic Health Records in Iran

Background and Goal: ICT development in recent years has created excellent developments in human social and economic life. One of the most important opportunities to use information technology is in the medical field, that the result would be electronic health record (EHR).The purpose of this research is to investigate the effects information securi...

متن کامل

Implementing security and access control mechanisms for an electronic healthcare record

Personal Electronic Health Records (EHR) have recently been published as one means to support patient empowerment and patient control over their personal health record. The functionality of such an EHR may vary from a simple web-based interface for interactive data entry and data review up to a much more powerful system additionally supporting electronic data/document communication between clin...

متن کامل

Active privilege management for distributed access control systems

The last decade has seen the explosive uptake of technologies to support true Internet-scale distributed systems, many of which will require security. The policy dictating authorisation and privilege restriction should be decoupled from the services being protected: (1) policy can be given its own independent language syntax and semantics, hopefully in an application independent way; (2) policy...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2017