TY - JOUR
T1 - Patient-centric authorization framework for electronic healthcare services
AU - Jin, Jing
AU - Ahn, Gail-Joon
AU - Hu, Hongxin
AU - Covington, Michael J.
AU - Zhang, Xinwen
N1 - Funding Information:
This work was partially supported by the grants from National Science Foundation ( NSF-IIS-0900970 and NSF-CNS-0831360 ) and Department of Energy ( DE-SC0004308 and DE-FG02-03ER25565 ). Jing Jin received the Ph.D. degree at the College of Computing and Informatics, University of North Carolina at Charlotte, Charlotte. She was a member of the Laboratory of Information Integration, Security, and Privacy (LIISP), University of North Carolina at Charlotte. Her current research interests include access control and trust management, identity and privacy management, network and distributed system security, and security in health informatics. Gail-Joon Ahn received the Ph.D. degree in information technology from George Mason University, Fairfax, Virgina, 2000. He is currently an Associate Professor in the School of Computing, Informatics, and Decision Systems Engineering and the Director of Security Engineering for Future Computing (SEFCOM) Laboratory at Arizona State University (ASU), Tempe. His current research interests include information and systems security, vulnerability and risk management, access control, and security architecture for distributed systems. His research has been supported by the U.S. National Science Foundation, National Security Agency (NSA), U.S. Department of Defense (DoD), U.S. Department of Energy (DoE), Bank of America, Hewlett Packard, Microsoft, and Robert Wood Johnson Foundation. Dr. Ahn is a recipient of the U.S. Department of Energy CAREER Award and the Educator of the Year Award from the Federal Information Systems Security Educators Association (FISSEA). He was an Associate Professor in the College of Computing and Informatics, and the Founding Director of the Center for Digital Identity and Cyber Defense Research, and Laboratory of Information Integration, Security, and Privacy (LIISP), University of North Carolina at Charlotte, Charlotte. Hongxin Hu is currently working toward the Ph.D. degree at the School of Computing, Informatics, and Decision Systems Engineering, Arizona State University, Tempe. He is a member of the Security Engineering for Future Computing (SEFCOM) Laboratory, Arizona State University. His current research interests include access control models and mechanisms, network and distributed system security, secure software engineering, and security in social network and cloud computing. Michael J. Covington received his Ph.D. and MSCS degrees from the Georgia Institute of Technology's College of Computing in Atlanta, Georgia. He also holds a B.S. degree from Mount Saint Mary's College in Emmitsburg, Maryland. Xinwen Zhang is a research scientist at Samsung Information Systems America at San Jose, CA. His research interests include security policies, models, architectures, and mechanism in general computing and networking systems. His recent research focuses on secure and trusted mobile platforms, applications, and services. He has a PhD in information technology from George Mason University, Fairfax, VA.
PY - 2011/3
Y1 - 2011/3
N2 - In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and privacy protection requirements. We also articulate and address issues and mechanisms on policy anomalies that occur in the composition of discrete access control policies from different data sources.
AB - In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and privacy protection requirements. We also articulate and address issues and mechanisms on policy anomalies that occur in the composition of discrete access control policies from different data sources.
KW - Electronic Health Records(EHRs)
KW - Patient-centric authorization
KW - Policy anomaly analysis
KW - Policy composition
KW - Selective sharing
UR - http://www.scopus.com/inward/record.url?scp=79951680016&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=79951680016&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2010.09.001
DO - 10.1016/j.cose.2010.09.001
M3 - Article
AN - SCOPUS:79951680016
SN - 0167-4048
VL - 30
SP - 116
EP - 127
JO - Computers and Security
JF - Computers and Security
IS - 2-3
ER -