Article

Policy-based security management for federated healthcare databases (or RHIOs)

Authors:

Arif GhafoorAuthors Info & Claims

HIKM '06: Proceedings of the international workshop on Healthcare information and knowledge management

Pages 41 - 48

https://doi.org/10.1145/1183568.1183577

Published: 11 November 2006 Publication History

Abstract

The role of security management in the RHIOs has recently gained increasing attention due to strict privacy and disclosure rules, and federal regulations such as HIPAA. The envisioned use of electronic health care records in such systems involves pervasive and ubiquitous access to healthcare information from anywhere outside of traditional hospital boundaries which puts increasing demands on the underlying security mechanisms. In this paper, we have designed a context-aware policy-based system to provide security management for health informatics. The policies are based on a set of use cases developed for the HL7 Clinical Document Architecture (CDA) standard. Our system is designed to adapt well to ubiquitous healthcare services in a non-traditional, pervasive environment using the same infrastructure that enables federated healthcare management for traditional organizational boundaries. We also present an enforcement architecture and a demonstration prototype for the policy-based system proposed in this paper.

References

[1]

Bartschat W, Burrington-Brown J, Carey S, Chen J, Deming S, Durkin S et al. Surveying the RHIO landscape. A description of current RHIO models, with a focus on patient identification. J AHIMA 2006; 77(1):64A-64D.

[2]

Conn J. Destination RHIO. As regional data networks continue to grow in number, some find financial strength. Mod Healthc 2005; 35(42):28, 32.

[3]

Clement J. McDonald, J. Marc Overhage, Michael Barnes, Gunther Schadow, Lonnie Blevins, Paul R. Dexter, Burke Mamlin. Indiana Network For Patient Care: A Working Local Health Information Infrastructure. Health Affairs, September/October 2005.

[4]

Terry K. Why these docters love their RHIO. Med Econ 2005; 82(19):TCP8, TCP10, TCP12.

[5]

Leviss J. Identity and access management: the starting point for a RHIO. Health Manag Technol 2006; 27(1):64, 63.

[6]

R. Agrawal, J. Kiernan, R. Srikant, Y. Xu, "Hippocratic Databases", In Proceedings of the 28th Int'l Conf. on Very Large Databases (VLDB), Hong Kong, 2002.

Digital Library

[7]

IBM. The Enterprise Privacy Authorization Language (EPAL). Available at www.zurich.ibm.com/security/enterprise-privacy/epal.

[8]

M. Mont, R. Thyne, K. Chan, P. Bramhall, "Extending HP Identity Management Solutions to Enforce Privacy Policies and Obligations for Regulatory Compliance by Enterprises", HP Laboratories Technical Report 2005--110.

[9]

A. M. Snyder, A. C. Weaver, "The elogistics of Securing Distributed Medical Data," IEEE International Conference on Industrial Informatics, Banff, Alberta, Canada, August 20-25, 2003.

[10]

A.C. Weaver, S. J. Dwyer III, A. M. Snyder, et al., "Federated, Secure Trust Networks for Distributed Healthcare IT Services," IEEE International Conference on Industrial Informatics, August 2003, Alberta, Canada.

[11]

World Wide Web Consortium (W3C). Platform for Privacy Preferences (P3P). Available at www.w3.org/P3P.

[12]

W. Pratt, K. Unruih, A. Civan, M. Skeels, "Personal Health Information Management", Communications of the ACM,Vol. 49,No. 1.

Digital Library

[13]

P. Fankhauser, G. Gardarin, M. Lopez, J. Munoz, A. Tomasic, "Experiences in Federated Databases: From IRO-DB to MIRO-Web", Proceedings of the 24th VLDB Conference, New York, USA, 1998.

Digital Library

[14]

D. Heimbigner, D. McLeod, "A federated architecture for information management", ACM Transactions on Information Systems (TOIS), Volume 3, Issue 3, July 1985.

Digital Library

[15]

M. Tempelton, D. Brill, A. Chen, S. Dao, E. Lund, "Mermaid: Experiences with network operation". In Proceedings of the 2nd International Conference on Data Engineering 1983.

Digital Library

[16]

A. Tomasic, L. Raschid, "Scaling Access to Heterogeneous Data Sources with Disco", IEEE Transactions on Knowledge and Data Engineering, Vol 10, No 5, September/October 1998.

Digital Library

[17]

R. Dolin, L. Alschuler, S. Boyer, C. Beebe, F. Behlen, P. Biron, Editors, HL7 Clinical Document Architecture, Release 2.0, August 2004.

[18]

L. Alschuler, "Layered Constraints: The Proposal for HL7 Healthcare Templates", XML 2002, Baltimore, MD.

[19]

F. Moss, "Clinical Record Use Cases", OASIS XACML Technical Committee, 2001.

[20]

R. S. Sandhu, E.J. Coyne, H.L. Feinstein, C.E. Youman, "Role-Based Access Control Models", IEEE Computer 29(2)

Digital Library

[21]

R. Bhatti, J. B. D. Joshi, E. Bertino, A. Ghafoor, "X-GTRBAC: An XML-based Policy Specification Framework and Architecture for Enterprise-Wide Access Control", ACM Transactions on Information and System Security (TISSEC),Vol. 8, No. 2.

Digital Library

Cited By

Saleemi MAnjum MRehman M(2020)Ubiquitous healthcare: a systematic mapping studyJournal of Ambient Intelligence and Humanized Computing10.1007/s12652-020-02513-x14:5(5021-5046)Online publication date: 26-Sep-2020
https://doi.org/10.1007/s12652-020-02513-x
Parrend PMazzucotelli TColin FCollet PMandel J(2018)Cerberus, an Access Control Scheme for Enforcing Least Privilege in Patient Cohort Study PlatformsJournal of Medical Systems10.1007/s10916-017-0844-y42:1(1-19)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1007/s10916-017-0844-y
Jayabalan MOaDaniel T(2017)Continuous and transparent access control framework for electronic health records: A preliminary study2017 2nd International conferences on Information Technology, Information Systems and Electrical Engineering (ICITISEE)10.1109/ICITISEE.2017.8285487(165-170)Online publication date: Nov-2017
https://doi.org/10.1109/ICITISEE.2017.8285487
Show More Cited By

Index Terms

Policy-based security management for federated healthcare databases (or RHIOs)

Recommendations

Engineering a Policy-Based System for Federated Healthcare Databases

Policy-based management for federated healthcare systems have recently gained increasing attention due to strict privacy and disclosure rules. While the work on privacy languages and enforcement mechanisms, such as Hippocratic databases, has advanced ...
Research Issues of Privacy Access Control Model for Mobile Ad Hoc Healthcare Applications with XACML
AINAW '07: Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops - Volume 02

Information privacy is usually concerned with the confidentiality of protected health information (PHI) such as electronic medical records (EMR). To meet the needs of highly mobile patients in healthcare scenarios, mobile devices such as personal ...
Implementation of a Security Access Control Model for Inter-organizational Healthcare Information Systems
APSCC '08: Proceedings of the 2008 IEEE Asia-Pacific Services Computing Conference

The inability to share information across systems is just one of the major impediments in the health care business that hinders progress towards efficiency and cost-effectiveness. Workflow management systems are very popular and largely being used in a ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

HIKM '06: Proceedings of the international workshop on Healthcare information and knowledge management

November 2006

66 pages

ISBN:1595935282

DOI:10.1145/1183568

Program Chairs:
Li Xiong
Emory University
,
Yuni Xia
Indiana University - Purdue University Indianapolis

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 November 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CIKM06

Sponsor:

CIKM06: Conference on Information and Knowledge Management

November 11, 2006

Virginia, Arlington, USA

Acceptance Rates

Overall Acceptance Rate 32 of 70 submissions, 46%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
1,460
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Saleemi MAnjum MRehman M(2020)Ubiquitous healthcare: a systematic mapping studyJournal of Ambient Intelligence and Humanized Computing10.1007/s12652-020-02513-x14:5(5021-5046)Online publication date: 26-Sep-2020
https://doi.org/10.1007/s12652-020-02513-x
Parrend PMazzucotelli TColin FCollet PMandel J(2018)Cerberus, an Access Control Scheme for Enforcing Least Privilege in Patient Cohort Study PlatformsJournal of Medical Systems10.1007/s10916-017-0844-y42:1(1-19)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1007/s10916-017-0844-y
Jayabalan MOaDaniel T(2017)Continuous and transparent access control framework for electronic health records: A preliminary study2017 2nd International conferences on Information Technology, Information Systems and Electrical Engineering (ICITISEE)10.1109/ICITISEE.2017.8285487(165-170)Online publication date: Nov-2017
https://doi.org/10.1109/ICITISEE.2017.8285487
Rahman FBhuiyan MAhamed S(2017)A privacy preserving framework for RFID based healthcare systemsFuture Generation Computer Systems10.1016/j.future.2016.06.00172(339-352)Online publication date: Jul-2017
https://doi.org/10.1016/j.future.2016.06.001
Jayabalan MO'daniel T(2016)Access control and privilege management in electronic health recordJournal of Medical Systems10.1007/s10916-016-0589-z40:12(1-9)Online publication date: 1-Dec-2016
https://dl.acm.org/doi/10.1007/s10916-016-0589-z
Chun SKwon JLee H(2013)Social Credential-Based Role Recommendation and Patient Privacy Control in Medical EmergencyMethods, Models, and Computation for Medical Informatics10.4018/978-1-4666-2653-9.ch013(215-237)Online publication date: 2013
https://doi.org/10.4018/978-1-4666-2653-9.ch013
Rahman FAhamed SYang JWang Q(2012)I am not a goldfish in a bowl: A privacy preserving framework for RFID based healthcare systems2012 IEEE 14th International Conference on e-Health Networking, Applications and Services (Healthcom)10.1109/HealthCom.2012.6379432(335-340)Online publication date: Oct-2012
https://doi.org/10.1109/HealthCom.2012.6379432
Chun SKwon JLee H(2011)Social Credential-Based Role Recommendation and Patient Privacy Control in Medical EmergencyInternational Journal of Computational Models and Algorithms in Medicine10.4018/jcmam.20111001012:4(1-22)Online publication date: 1-Oct-2011
https://doi.org/10.4018/jcmam.2011100101
Bhatti RGrandison T(2011)Improving Security Policy Coverage in HealthcareCertification and Security in Health-Related Web Applications10.4018/978-1-61692-895-7.ch004(66-83)Online publication date: 2011
https://doi.org/10.4018/978-1-61692-895-7.ch004
Liu MFu GJing J(2011)eHCBACProceedings of the 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications10.1109/TrustCom.2011.97(745-750)Online publication date: 16-Nov-2011
https://dl.acm.org/doi/10.1109/TrustCom.2011.97
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents