Abstract
Processes in healthcare and socio-assistive domains typically span multiple institutions and require cooperation and information exchange among multiple IT systems. In most cases this cooperation today is handled ”manually” via document exchange (by email, post, or fax) and in a point-to-point fashion. One of the reasons that makes it difficult to implement an integrated solution is that of privacy, as health information is often sensitive and there needs to be a tight control on which information is sent to who and on the purpose for which it is requested and used. In this paper we report on how we approached this problem and on the lessons learned from designing and deploying a solution for monitoring multi-organization healthcare processes in Italy. The key idea lies in combining a powerful monitoring and integration paradigm, that of event bus and publish/subscribe systems on top of service-oriented architectures, with a simple but flexible privacy mechanism based on publication of event summaries and then on explicit requests for details by all interested parties. This approach was the first to overcome the privacy limitations defined by the laws while allowing publish/subscribe event-based integration.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alonso, G., Casati, F., Kuno, H., Machiraju, V.: Web Services: Concepts, Architecture and Applications. Springer, Heidelberg (2004)
Anderson, A.H.: A comparison of two privacy policy languages: EPAL and XACML. In: SWS 2006: Proceedings of the 3rd ACM workshop on Secure web services, pp. 53–60. ACM, New York (2006)
Breininger, K., McRae, M.: ebxml registry tc v3.0. Technical report, OASIS (2005)
Canada health infoway, http://www.infoway-inforoute.ca/
Chiasera, A., Casati, F., Florian, D., Velegrakis, Y.: Engineering privacy requirements in business intelligence applications. In: Jonker, W., Petković, M. (eds.) SDM 2008. LNCS, vol. 5159, pp. 219–228. Springer, Heidelberg (2008)
Chou, S.-C., Huang, C.-H.: An extended xacml model to ensure secure information access for web services. J. Syst. Softw. 83(1), 77–84 (2010)
CISIS. Inf-3: Sistema federato di autenticazione, http://tinyurl.com/27yo92v
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for xml documents. ACM Trans. Inf. Syst. Secur. 5(2), 169–202 (2002)
Dogac, A., Laleci, G.B., Kabak, Y., Unal, S., Heard, S., Beale, T., Elkin, P.L., Najmi, F., Mattocks, C., Webber, D., Kernberg, M.: Exploiting ebxml registry semantic constructs for handling archetype metadata in healthcare informatics. Int. J. Metadata Semant. Ontologies 1(1), 21–36 (2006)
Eugster, P.T., Felber, P.A., Guerraoui, R., Kermarrec, A.-M.: The many faces of publish/subscribe. ACM Comput. Surv. 35(2), 114–131 (2003)
IHE: IHE - integrating the healthcare enterprise xds profile, http://www.ihe.net/profiles/
Personal data protection code. Italian privacy guarantor, Legislative Decree no. 196 dated 30 June 2003 (2003)
Guidelines on the electronic health record and the health file. Italian privacy guarantor, Italy’s Official Journal 71 dated 26 March 2009 (2009)
Luo, B., Lee, D., Lee, W.-C., Liu, P.: Qfilter: fine-grained run-time xml access control via nfa-based query rewriting. In: CIKM 2004: Proceedings of the thirteenth ACM international conference on Information and knowledge management, pp. 543–552. ACM, New York (2004)
Michelson, B.M.: Event-driven architecture overview event-driven soa is just part of the eda. Patricia Seybold Group (2006)
Moses, T.: Extensible access control markup language tc v2.0 (xacml). Technical report, OASIS (2005)
NHS-UK: Nhs connecting for health, http://www.connectingforhealth.nhs.uk/
NICTIZ-AORTA: AORTA the dutch national infrastructure
Schunter, M., Wenning, R. (eds.): The Platform for Privacy Preferences 1.1 (P3P1.1) Specification. W3C Working Group Note (November 2006)
ServiceMix, A.: Apache servicemix, http://servicemix.apache.org/
W3C. Xmlschema (2001), http://www.w3.org/2001/XMLSchema
Webber, D., Dutton, A.: Understanding ebxml, uddi, xml/edi. Technical report, XML Global Technologies Inc. (2000)
Yagüe, M.: Survey on xml-based policy languages for open environments. Journal of Information Assurance and Security, 11–20 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Armellin, G., Betti, D., Casati, F., Chiasera, A., Martinez, G., Stevovic, J. (2010). Privacy Preserving Event Driven Integration for Interoperating Social and Health Systems. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2010. Lecture Notes in Computer Science, vol 6358. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15546-8_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-15546-8_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15545-1
Online ISBN: 978-3-642-15546-8
eBook Packages: Computer ScienceComputer Science (R0)