AUTOMATING AUTHORIZATION PROPAGATION PROCESS IN PERSONAL HEALTH RECORDS

Vassiliki Koufi, Flora Malamateniou, George Vassilacopoulos

2010

Abstract

Traditionally patient records are generated, maintained and controlled by the individual health care providers where the patient has received care. This results in fragmented bits of data stored in diverse information systems which, in many cases, are not interoperable. Hence, a complete picture of a person’s healthcare record cannot be obtained when and where needed. A solution to this problem can be provided by personal health records (PHR), that is electronic health records (EHR) whose architectures are based on the fundamental assumptions that the complete records are centrally stored and that each patient retains authority over access to any portion of his/her record. This paper deals with a particular security issue arising in PHRs which is concerned with the process of granting (revoking) authorization to (from) healthcare professionals without the patient’s involvement. This security issue is particularly important in managing emergency cases. To deal with this problem, authorization propagation process is automated by means of context-aware technology, which is used to regulate user access to data via a fine-grained access control mechanism.

References

  1. Koufi, V., Vassilacopoulos, G., 2008. HDGPortal: A Grid Portal Application for Pervasive Access to ProcessBased Healthcare Systems, In PervasiveHealth'08, 2nd International Conference in Pervasive Computing Technologies in Healthcare
  2. Tang, P. C., Ash, J. S., Bates, D. W., Overhage, J. M., Sands, D. Z., 2006. Personal health records: definitions, benefits, and strategies for overcoming barriers to adoption. Journal of the American Medical Informatics Association : JAMIA (2006) 13(2): 121- 126.
  3. Wiljer, D., Urowitz, S., Apatu, E., DeLenardo, C., Eysenbach, G., Harth, T., Pai, H., Leonard, K. J., 2008. Patient accessible electronic health records: exploring recommendations for successful implementation strategies. Journal of medical Internet research, 10(4).
  4. Lauer, G., 2009 Health Record Banks Gaining Traction in Regional Projects, http://www.ihealthbeat.org/features/2009/healthrecord-banks-gaining-traction-in-regionalprojects.aspx
  5. Yasnoff, W. A., 2008. Electronic Records are Key to Health-care Reform, BusinessWeek.
  6. Win, K. T., Susilo, W., Mu, Y., 2006. Personal Health Record Systems and Their Security Protection, Journal of Medical Systems (2006) 30: 309-315.
  7. Comini, L., Mazzu, M., Scalvini, S., 2008. Security aspects in electronic personal health record: data access and preservation, Digital Prevention Europe, Briefing Paper.
  8. Røstad, L., Nytrø, Ø, 2008. Personalized Access Control for a Personally Controlled Health Record, In CSAW'08, 2nd ACM Workshop on Computer Security Architectures
  9. National Institute of Standards and Technology (NIST), 2009. Role Based Access Control (RBAC) and Role Based Security, http://csrc.nist.gov/groups/SNS/rbac/
  10. Organization for the Advancement of Structured Information Standards (OASIS), 2008. Core and Hierarchical Role Based Access Control (RBAC) Profile of XACML v2.0, http://docs.oasisopen.org/xacml/2.0/access_control-xacml-2.0-rbacprofile1-spec-os.pdf
  11. Java Authentication and Authorization Service, http://java.sun.com/javase/6/docs/technotes/guides/sec urity/jaas/JAASRefGuide.html
  12. ICW eHealth Framework, Lifesensor, 2009. http://idn.icwglobal.com/solutions/lifesensor/lifesensor.html
  13. Wikipedia, 2009. Emergency Department, http://en.wikipedia.org/wiki/Emergency_department
Download


Paper Citation


in Harvard Style

Koufi V., Malamateniou F. and Vassilacopoulos G. (2010). AUTOMATING AUTHORIZATION PROPAGATION PROCESS IN PERSONAL HEALTH RECORDS . In Proceedings of the Third International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2010) ISBN 978-989-674-016-0, pages 82-89. DOI: 10.5220/0002747200820089


in Bibtex Style

@conference{healthinf10,
author={Vassiliki Koufi and Flora Malamateniou and George Vassilacopoulos},
title={AUTOMATING AUTHORIZATION PROPAGATION PROCESS IN PERSONAL HEALTH RECORDS},
booktitle={Proceedings of the Third International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2010)},
year={2010},
pages={82-89},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002747200820089},
isbn={978-989-674-016-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Third International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2010)
TI - AUTOMATING AUTHORIZATION PROPAGATION PROCESS IN PERSONAL HEALTH RECORDS
SN - 978-989-674-016-0
AU - Koufi V.
AU - Malamateniou F.
AU - Vassilacopoulos G.
PY - 2010
SP - 82
EP - 89
DO - 10.5220/0002747200820089