research-article

Security privacy access control for policy integration and conflict reconciliation in health care organizations collaborations

Authors:

iiWAS '09: Proceedings of the 11th International Conference on Information Integration and Web-based Applications & Services

Pages 750 - 754

https://doi.org/10.1145/1806338.1806480

Published: 14 December 2009 Publication History

Get Access

Abstract

Recently research is more focused on security integration policy and conflict reconciliation among various healthcare organizations. However, it is necessary to identify various inconsistencies between security policies through logical reasoning and to provide suggestion to solve inconsistencies for cross-organization collaboration. Besides that, existing approaches in security policy integration and conflict reconciliation did not concern about a security privacy access control model. This may cause unauthorized access to sensitive information in electronic medical records. Hence, it is important for us to investigate the security privacy access control model considering temporal and spatial context constraints in order to integrate security policies for collaborations among organizations to tackle such a need. In this paper, we propose a security privacy access control model, based on role-based access control (RBAC) considering temporal and spatial context in security policies integration and conflict reconciliation. Besides that, we need to investigate the type of conflicts and how to identify inconsistencies between policies from different healthcare organization collaboration.

References

[1]

He, D. D., Compton, M., Taylor, K., and Yang, J. 2009 Access Control: What is Required in Business Collaboration? In Proceedings of the 20th Australian Database Conference (ADC 2009), Wellington, New Zealand, January 2009, pages 107--116.

Digital Library

Google Scholar

[2]

He, D. D. 2008 Authorization Control in Business Collaboration. In Proceedings of the PhD Symposium at the 6th International Conference on Service Oriented Computing (ICSOC 2008), Sydney, Australia, 1 December 2008.

Google Scholar

[3]

He, D. D., and Yang, J. 2007 Security Policy Specification and Integration in Business Collaboration. In Proceedings of the IEEE International Conference on Services Computing (SCC 2007), pages 20--27.

Crossref

Google Scholar

[4]

He, D. D., and Yang, J. 2008 Identify Authorization Control Requirement in Business Collaboration. In Proceedings of the IEEE International Conference on Services Computing (SCC'08), pages 561--562.

Digital Library

Google Scholar

[5]

Hung, P. C. K., and Zheng, Y. 2007 Privacy Access Control Model for Aggregated e-Health Services. In Proceedings of the 2007 Eleventh International IEEE EDOC Conference Workshop (EDOCW'07), pages 12--19.

Digital Library

Google Scholar

[6]

Park, J. H., and Lee, D. G. 2007 PIS-CC RBAC: Patient Information Service based on CC_RBAC in Next Generation Hospital considering Ubiquitous Intelligent Environment. In Proceedings of the International Conference on Multimedia and Ubiquitous Engineering (MUE'07), pages 196--200.

Digital Library

Google Scholar

[7]

Yau, S. S., and Chen, Z. 2008 Security Policy Integration and Conflict Reconciliation for Collaboration among Organizations in Ubiquitous Computing Environments. In Proceedings of the 5th International Conference on Ubiquitous Intelligence and Computing, Oslo, Norway, pages 3--19.

Digital Library

Google Scholar

[8]

Martino, L. D., Ni, Q., Lin, D., and Bertino, E. 2008 Multi-domain and Privacy-aware Role Based Access Control in eHealth. In Proceedings of the Second International Conference on Pervasive Computing Technologies for Healthcare, pages 131--134.

Google Scholar

[9]

Chi, H., Jones, E. L., and Zhao, L. 2008 Implementation of a Security Access Control Model for Inter-Organizational Healthcare Information Systems. In Proceedings of the Asia-Pacific Services Computing Conference, 2008. APSCC '08. IEEE, pages 692--696.

Digital Library

Google Scholar

[10]

Jurczyk, P., and Xiong, L. 2008 Towards Privacy-Preserving Integration of Distributed Heterogeneous Data. In Proceedings of the 2nd PhD Workshop on Information and Knowledge Management, pages 65--72.

Digital Library

Google Scholar

Cited By

View all

Jayabalan MO'daniel T(2016)Access control and privilege management in electronic health recordJournal of Medical Systems10.1007/s10916-016-0589-z40:12(1-9)Online publication date: 1-Dec-2016
https://dl.acm.org/doi/10.1007/s10916-016-0589-z
Bai YDai LLi J(2014)Issues and Challenges in Securing eHealth SystemsInternational Journal of E-Health and Medical Communications10.4018/ijehmc.20140101015:1(1-19)Online publication date: Jan-2014
https://doi.org/10.4018/ijehmc.2014010101
Akeel FWills GGravell A(2013)SecureDIS: A framework for secure Data Integration Systems8th International Conference for Internet Technology and Secured Transactions (ICITST-2013)10.1109/ICITST.2013.6750270(588-593)Online publication date: Dec-2013
https://doi.org/10.1109/ICITST.2013.6750270
Show More Cited By

Index Terms

Security privacy access control for policy integration and conflict reconciliation in health care organizations collaborations

Recommendations

Security Policy Integration and Conflict Reconciliation for Collaborations among Organizations in Ubiquitous Computing Environments
UIC '08: Proceedings of the 5th international conference on Ubiquitous Intelligence and Computing

The investigative capabilities and productivity of researchers and practitioners of various organizations can be greatly expanded with collaborations among these organizations in ubiquitous computing environments. However, in order to provide effective ...
Configuring role-based access control to enforce mandatory and discretionary access control policies

Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Delegation in role-based access control

User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively ...

Reviews

Reviewer: Riemer Brouwer

Kuang and Ibrahim's paper addresses the increasingly important topic of how to ensure consistent security of data when such data is being shared by multiple organizations. In healthcare organizations, continuously ensuring the privacy of data is a key element of various legal requirements. The authors start by presenting an informative overview of related work that has been done in the field. In doing so, they demonstrate that each of the previous studies lacks certain elements, such as the temporal or spatial context, or conflict resolution, which, not surprisingly, they claim to address in their own study. The proposed model falls slightly short of the expectations one builds as the authors point out the weaknesses in their colleagues' studies. Their proposed conflict resolution model, for example, is simply that conflicts need to be resolved. Furthermore, their examples are not clearly related to either healthcare or privacy, making it slightly difficult for readers to understand their point. Still, the topic is highly relevant, and as a first exploration of the intricacies surrounding security and privacy-related concerns across collaborating healthcare organizations, this paper will provide readers with a better understanding of the challenges in this field. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

iiWAS '09: Proceedings of the 11th International Conference on Information Integration and Web-based Applications & Services

December 2009

763 pages

ISBN:9781605586601

DOI:10.1145/1806338

General Chair:
Gabriele Kotsis
Johannes Kepler University Linz, Austria
,
Program Chairs:
David Taniar
Monash University, Australia
,
Eric Pardede
La Trobe University, Australia

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 December 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Universiti Putra Malaysia

Conference

iiWAS '09

Sponsor:

iiWAS '09: 11th International Conference on Information Integration and Web-based Applications & Services

December 14 - 16, 2009

Kuala Lumpur, Malaysia

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
213
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 11 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Jayabalan MO'daniel T(2016)Access control and privilege management in electronic health recordJournal of Medical Systems10.1007/s10916-016-0589-z40:12(1-9)Online publication date: 1-Dec-2016
https://dl.acm.org/doi/10.1007/s10916-016-0589-z
Bai YDai LLi J(2014)Issues and Challenges in Securing eHealth SystemsInternational Journal of E-Health and Medical Communications10.4018/ijehmc.20140101015:1(1-19)Online publication date: Jan-2014
https://doi.org/10.4018/ijehmc.2014010101
Akeel FWills GGravell A(2013)SecureDIS: A framework for secure Data Integration Systems8th International Conference for Internet Technology and Secured Transactions (ICITST-2013)10.1109/ICITST.2013.6750270(588-593)Online publication date: Dec-2013
https://doi.org/10.1109/ICITST.2013.6750270
Kayem AMartin PAkl S(2012)Self-Protecting Access ControlPrivacy Protection Measures and Technologies in Business Organizations10.4018/978-1-61350-501-4.ch004(95-128)Online publication date: 2012
https://doi.org/10.4018/978-1-61350-501-4.ch004

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Security Policy Integration and Conflict Reconciliation for Collaborations among Organizations in Ubiquitous Computing Environments

Configuring role-based access control to enforce mandatory and discretionary access control policies

Delegation in role-based access control

Reviews

Access critical reviews of Computing literature here

Comments

Published In

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Security Policy Integration and Conflict Reconciliation for Collaborations among Organizations in Ubiquitous Computing Environments

Configuring role-based access control to enforce mandatory and discretionary access control policies

Delegation in role-based access control

Reviews

Access critical reviews of Computing literature here

Comments

Information

Published In

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Get Access

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations