Advertisement

Privacy and Access Control for IHE-Based Systems

  • Basel Katt
  • Ruth Breu
  • Micahel Hafner
  • Thomas Schabetsberger
  • Richard Mair
  • Florian Wozak
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 0001)

Abstract

Electronic Health Record (EHR) is the heart element of any e-health system, which aims at improving the quality and efficiency of healthcare through the use of information and communication technologies. The sensitivity of the data contained in the health record poses a great challenge to security. In this paper we propose a security architecture for EHR systems that are conform with IHE profiles. In this architecture we are tackling the problems of access control and privacy. Furthermore, a prototypical implementation of the proposed model is presented.

Keywords

Access Control Policy Language Electronic Health Record Security Architecture Role Base Access Control 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    [ACF]ITU-T Rec X.812 – ISO/IEC 10181-3:1996. Security frameworks for open systems: Access control framework. Technical report (1995)(1996)Google Scholar
  2. 2.
    OECD: Guidelines on the protection of privacy and transborder flows of personal data, http://www.oecd.org/document/18/03343en_2649_34255_1815186_1_1_1_1.00&&en-USS_01DBC.html
  3. 3.
    Ferreira, L.A.A., Cruz-Correia, R., Chadwick, D.: Access control: How can it improve patients healthcare? (2007)Google Scholar
  4. 4.
    Anderson, A.: Multiple resource profile of xacml v2.0 (2005), http://docs.oasisopen.org/xacml/2.0/accesscontrol-xacml-2.0-mult-profile-spec-os.pdf
  5. 5.
    Anderson, R.J.: Security in clinical systems (1996)Google Scholar
  6. 6.
    Blobel, B.: Authorization and access control for electronic health record systems. International Journal of Medical Informatics (2004)Google Scholar
  7. 7.
    Blobel, B., Roger-France, F.: A systematic approach for analysis and design of secure healthcare systems. International Journal of Medical Informatics (2001)Google Scholar
  8. 8.
    Hafner, M., Mair, R., Breu, R., Agreiter, B., Unterthiner, S., Schabetsberger, T.: Health@net. die verteilte elektronische gesundheitsakte- eine fallstudie in modell-getriebenem security engineering. IT-Sicherheitskongress des BSI (2007)Google Scholar
  9. 9.
    Hu, J., Weaver, A.C.: A dynamic, context-aware security infrastructure for distributed healthcare applications. In: Proceedings of the first workshop on pervasive privacy security, privacy, and trust (2004)Google Scholar
  10. 10.
    IHE Integrating the Healthcare Enterprise. It infrastructure technical framework- cross enterprise document sharing (xds). Technical report (2004) Google Scholar
  11. 11.
    IHE Integrating the Healthcare Enterprise. Changing the way healthcare connects.Technical report (2006) Google Scholar
  12. 12.
    IHE Integrating the Healthcare Enterprise. Ihe it infrastructure white paper- hie security and privacy through ihe. Technical report (2007) Google Scholar
  13. 13.
    IHE Integrating the Healthcare Enterprise. It infrastructure technical framework- basic patient privacy concents (bppc). Technical report (2007) Google Scholar
  14. 14.
    IHE Integrating the Healthcare Enterprise. It infrastructure technical framework vol.1 (iti tf-1) integration profiles. Technical report (2007) Google Scholar
  15. 15.
    Katt, B., Breu, R., Hafner, M.: Model-driven policy framework for usage controlbasedprivacy (to appear)Google Scholar
  16. 16.
    Katt, B., Zhang, X., Breu, R., Hafner, M., Seifert, J.-P.: A general obligation model and continuity enhanced policy enforcement engine for usage control. SACMAT (2008)Google Scholar
  17. 17.
    Moses, T.: Extensible access control markup language (xacml) version 2.0 (2005), http://docs.oasisopen.org/xacml/2.0/accesscontrol-xacml-2.0-core-spec-os.pdf
  18. 18.
    Namli, T., Dogac, A.: Implementation experiences on ihe xua and bppc. Technical report, Software Research and Development Center Middle East Technical University (2006)Google Scholar
  19. 19.
    Namli, T., Dogac, A.: Using SAML and XACML for Web Service Security and Privacy, ch. 8, pp. 183–206. Idea Group Publishing (2008)Google Scholar
  20. 20.
    Sandhu, R.: Role based access control models. IEEE Computer 29(2), 38–47 (1996)Google Scholar
  21. 21.
    Yee, G., Korba, L., Song, R.: Ensuring privacy for e-health services. In: Proceedings of The First International Conference on Availability, Reliability and Security (ARES 2006) (2006)Google Scholar

Copyright information

© Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2009

Authors and Affiliations

  • Basel Katt
    • 1
  • Ruth Breu
    • 1
  • Micahel Hafner
    • 1
  • Thomas Schabetsberger
    • 2
  • Richard Mair
    • 2
  • Florian Wozak
    • 2
  1. 1.University of InnsbruckAustria
  2. 2.Health@net (CEMIT)Austria

Personalised recommendations