A Tag-Based Data Model for Privacy-Preserving Medical Applications

  • Surya Nepal
  • John Zic
  • Frederic Jaccard
  • Gregoire Kraehenbuehl
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4254)


In autonomous distributed healthcare environments, patients’ electronic medical records are controlled and managed by each healthcare facility. It is important to ensure that when records are accessed and transferred that it is done securely, while still respecting patients’ rights on privacy and confidentiality of their personal health information. We propose a new tag-based data model for representing patients’ electronic medical records as well as access and transfer policy statements. This model helps to categorize the patient information, as well as expressing patients’ consent for a variety of domains (individual, health care provider and facility). Unlike most existing data models used in healthcare information systems, our model supports patients’ consent expression in terms of healthcare facilities, healthcare providers, their roles, and categories of medical records or any combination of them within a single framework. Our model has been demonstrated by developing a prototype system using some trusted computing components.


Electronic Medical Record Trusted Platform Module Access Policy Policy Enforcement Transfer Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    O’Keefe, C.M., Greenfield, P., Goodchild, A.: A Decentralised Approach to Electronic Consent and Health Information Access Control. Journal of Research and Practice in Information Technology 37(2), 161–178 (2005)Google Scholar
  2. 2.
    Chadwick, D., Mundy, D.: The secure electronic transfer of prescriptions. Healthcare Computing (2004)Google Scholar
  3. 3.
    Task Force on Medical Informatics: Safeguard Needed in Transfer of Patient Data. Pediatrics 98(5), 984–986 (1996)Google Scholar
  4. 4.
    Khayat, E.J., Abdallah, A.E.: A formal model for flat role-based access control. In: IEEE International Conference on Computer Systems and Applications, Tunisia (July 2003)Google Scholar
  5. 5.
    Evered, M., Bogeholz, S.: A case study in access control requirements for a health information system. In: Australasian Information Security Workshop 2004 (2004)Google Scholar
  6. 6.
    Reid, J., Cheong, I., Henricksen, M., Smith, J.: A Novel Use of RBAC to Protect Privacy in Distributed Health Care Information Systems. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 403–415. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Stein, L.D.: The Electronic Medical Record: Promises and Threats. Web Journal 2(3) (1997)Google Scholar
  8. 8.
    Huston, T.: Security Issues for Implementation of E-medical Records. Communication of the ACM 44(9), 89–94 (2001)CrossRefGoogle Scholar
  9. 9.
    Choudhri, A., Kagal, L., Joshi, A., Finin, T., Yesha, Y.: PatientService: Electronic Patient Record Redaction and Delivery in Pervasive Environment. In: Fifth International Workshop on Enterprise Networking and Computing in Healthcare Industry (Healthcom 2003) (2003)Google Scholar
  10. 10.
    Motta, G.H.M.B., Furuie, S.S.: A Contextual Role-Based Access Control Authorization Model for Electronic Patient Record. IEEE Transactions on Information Technology in Biomedicine 7(3), 202–207 (2003)CrossRefGoogle Scholar
  11. 11.
    Crook, R., Ince, D., Nuseibeh, B.: Modelling access policies using roles in requirements engineering. Information and Software Technology 45, 979–991 (2003)CrossRefGoogle Scholar
  12. 12.
    OASIS. eXtensible Access Control Markup Language (XACML) Version 2.0 3 (2005),
  13. 13.
    Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise Privacy Authorization Language (EPAL 1.1), IBM Technical Report (2003)Google Scholar
  14. 14.
    Messerges, T.S., Dabbish, E.A.: Digital rights management in a 3G mobile phone and beyond. In: Proceedings of the 2003 ACM Workshop on Digital Rights Management, DRM 2003, Washington, DC, USA, October 27, pp. 27–38. ACM Press, New York (2003), CrossRefGoogle Scholar
  15. 15.
    Open Mobile Alliance, DRM Architecture, version 2.0.6 (2004) at:

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Surya Nepal
    • 1
  • John Zic
    • 1
  • Frederic Jaccard
    • 1
  • Gregoire Kraehenbuehl
    • 1
  1. 1.CSIRO ICT CentreEppingAustralia

Personalised recommendations