Patient-centric authorization framework for electronic healthcare services
| Autor: | Michael J. Covington, Gail-Joon Ahn, Jing Jin, Xinwen Zhang, Hongxin Hu |
|---|---|
| Rok vydání: | 2011 |
| Předmět: |
Scheme (programming language)
General Computer Science Computer access control business.industry Computer science Internet privacy Authorization Data theft Access control Computer security computer.software_genre Data aggregator Information sensitivity Health care business Law computer computer.programming_language Point of care |
| Zdroj: | Computers & Security. 30:116-127 |
| ISSN: | 0167-4048 |
| DOI: | 10.1016/j.cose.2010.09.001 |
| Popis: | In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and privacy protection requirements. We also articulate and address issues and mechanisms on policy anomalies that occur in the composition of discrete access control policies from different data sources. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|
Full Text from ScienceDirect