loading
Documents

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Andrea Margheri 1 ; Massimiliano Masi 2 ; Rosario Pugliese 1 and Francesco Tiezzi 3

Affiliations: 1 Università di Firenze, Italy ; 2 Tiani “Spirit” GmbH, Austria ; 3 IMT Advanced Studies Lucca, Italy

ISBN: 978-989-8565-37-2

ISSN: 2184-4305

Keyword(s): Data Security, Electronic Health Records, Access Control.

Related Ontology Subjects/Areas/Topics: Biomedical Engineering ; Confidentiality and Data Security ; Design and Development Methodologies for Healthcare IT ; Electronic Health Records and Standards ; Health Information Systems

Abstract: The importance of the exchange of Electronic Health Records (EHRs) between hospitals has been recognized by governments and institutions. Due to the sensitivity of data exchanged, only mature standards and implementations can be chosen to operate. This exchange process is of course under the control of the patient, who decides who has the rights to access her personal healthcare data and who has not, by giving her personal privacy consent. Patients’ privacy consent is regulated by local legislations, which can vary frequently from region to region. The technology implementing such privacy aspects must be highly adaptable, often resulting in complex security scenarios that cannot be easily managed by patients and software designers. To overcome such security problems, we advocate the use of a linguistic approach that relies on languages for expressing policies with solid mathematical foundations. Our approach bases on FACPL, a policy language we have intentionally designed by taking in spiration from OASIS XACML, the de-facto standard used in all projects covering secure EHRs transmission protected by patients’ privacy consent. FACPL can express policies similar to those expressible by XACML but, differently from XACML, it has an intuitive syntax, a formal semantics and easy to use software tools supporting policy development and enforcement. In this paper, we present the potentialities of our approach and outline ongoing work. (More)

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 35.172.233.2

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Margheri, A.; Masi, M.; Pugliese, R. and Tiezzi, F. (2013). On a Formal and User-friendly Linguistic Approach to Access Control of Electronic Health Data.In Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2013) ISBN 978-989-8565-37-2, ISSN 2184-4305, pages 263-268. DOI: 10.5220/0004328202630268

@conference{healthinf13,
author={Andrea Margheri. and Massimiliano Masi. and Rosario Pugliese. and Francesco Tiezzi.},
title={On a Formal and User-friendly Linguistic Approach to Access Control of Electronic Health Data},
booktitle={Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2013)},
year={2013},
pages={263-268},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004328202630268},
isbn={978-989-8565-37-2},
}

TY - CONF

JO - Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2013)
TI - On a Formal and User-friendly Linguistic Approach to Access Control of Electronic Health Data
SN - 978-989-8565-37-2
AU - Margheri, A.
AU - Masi, M.
AU - Pugliese, R.
AU - Tiezzi, F.
PY - 2013
SP - 263
EP - 268
DO - 10.5220/0004328202630268

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.