Abstract
Discussions about appropriate security controls to protect medical records led to the understanding that the patient her-/himself plays a crucial role in networked electronic health-care. Patients have individual privacy concerns and may want to execute their personal right of self-determination on access and usage of their medical records. The ability for patients to have control over their personal medical data is the essence of patient-centric networked electronic health-care, but poses challenges regarding its tool support. Since patients can be generally treated as non-security experts as well as non-health-care domain experts, usability-supporting factors of authoring tools for privacy preferences have to receive major attention by implementers. Additionally, domain characteristics have to influence the design of such authoring applications. Finally expressed privacy preferences have to be analysed to inform the patient-author and guide her/him in the policy authoring process. In this paper we discuss the process of authorization policy authoring for shared electronic health records which we use to implement patient-controlled access control authoring tools. Further a use-case in the context of a specific health-care infrastructure is presented.
This work was partially supported by the Austrian Federal Ministry of Economy as part of the Laura-Bassi – Living Models for Open Systems – project FFG 822740/QE LaB, see http://lab.q-e.at/
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
European Commision. Directive 95/46/EC, Data Protection Directive (1995)
IBM Austria. Feasibility Study for implementing the electronic health record (ELGA) in the Austrian health system (2006)
IHE. IT Infrastructure (ITI) Technical Framework. Integration Profiles, vol. 1
IHE. IT Infrastructure Access Control (White Paper) (2009)
IHE. IT Infrastructure (ITI) Technical Framework, Supplement, Healthcare provider directory (HPD) (2010)
ISO. ISO/IEC 10181-3:1996 Information technology – Open Systems Interconnection – Security frameworks for open systems: Access control framework (1996)
Karat, C., Karat, J., Brodie, C., Feng, J.: Evaluating interfaces for privacy policy rule authoring. In: CHI 2006. ACM (2006)
Katt, B., Breu, R., Hafner, M., Schabetsberger, T., Mair, R., Wozak, F.: Privacy and Access Control for IHE-Based Systems. In: Weerasinghe, D. (ed.) eHealth 2008. LNCSIT, vol. 1, pp. 145–153. Springer, Heidelberg (2009)
Kotschy, W.: STRING ELGA Datenschutzrechtliche Analyse (German, Electronic health record – Data privacy aspects). Austrian Federal Ministry of Health (2005)
LeMay, M., Fatemieh, O., Gunter, C.A.: PolicyMorph: Interactive Policy Transformations for a Logical Attribute-Based Access Control Framework. In: SACMAT 2007. ACM (2007)
Moffett, J.D., Sloman, M.S.: Policy conflict analysis in distributed system management (1993)
OASIS. eXtensible Access Control Markup Language (XACML) v2.0 (2005)
Reeder, R.W., Karat, C.-M., Karat, J., Brodie, C.: Usability Challenges in Security and Privacy Policy-Authoring Interfaces. In: Baranauskas, C., Abascal, J., Barbosa, S.D.J. (eds.) INTERACT 2007. LNCS, vol. 4663, pp. 141–155. Springer, Heidelberg (2007)
Trojer, T., Katt, B., Wozak, F., Schabetsberger, T.: An Authoring Framework for Security Policies: A Use-Case within the Healthcare Domain. In: Szomszor, M., Kostkova, P. (eds.) e-Health 2010. LNICT, vol. 69, pp. 1–9. Springer, Heidelberg (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Trojer, T., Katt, B., Schabetsberger, T., Mair, R., Breu, R. (2012). The Process of Policy Authoring of Patient-Controlled Privacy Preferences. In: Kostkova, P., Szomszor, M., Fowler, D. (eds) Electronic Healthcare. eHealth 2011. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 91. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29262-0_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-29262-0_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29261-3
Online ISBN: 978-3-642-29262-0
eBook Packages: Computer ScienceComputer Science (R0)