Patient-centric authorization framework for electronic healthcare services

Jing Jin, Gail-Joon Ahn, Hongxin Hu, Michael J. Covington, Xinwen Zhang

Research output: Contribution to journalArticle

39 Citations (Scopus)

Abstract

In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and privacy protection requirements. We also articulate and address issues and mechanisms on policy anomalies that occur in the composition of discrete access control policies from different data sources.

Original languageEnglish (US)
Pages (from-to)116-127
Number of pages12
JournalComputers and Security
Volume30
Issue number2-3
DOIs
StatePublished - Mar 2011

Fingerprint

authorization
Access control
Health
electronics
health
privacy
larceny
aggregation
guarantee
continuity
Agglomeration
Composite materials
Chemical analysis

Keywords

  • Electronic Health Records(EHRs)
  • Patient-centric authorization
  • Policy anomaly analysis
  • Policy composition
  • Selective sharing

ASJC Scopus subject areas

  • Computer Science(all)
  • Law

Cite this

Patient-centric authorization framework for electronic healthcare services. / Jin, Jing; Ahn, Gail-Joon; Hu, Hongxin; Covington, Michael J.; Zhang, Xinwen.

In: Computers and Security, Vol. 30, No. 2-3, 03.2011, p. 116-127.

Research output: Contribution to journalArticle

Jin, Jing ; Ahn, Gail-Joon ; Hu, Hongxin ; Covington, Michael J. ; Zhang, Xinwen. / Patient-centric authorization framework for electronic healthcare services. In: Computers and Security. 2011 ; Vol. 30, No. 2-3. pp. 116-127.
@article{0e0b9d79de48484cbd5bf3c9f19bd5ea,
title = "Patient-centric authorization framework for electronic healthcare services",
abstract = "In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and privacy protection requirements. We also articulate and address issues and mechanisms on policy anomalies that occur in the composition of discrete access control policies from different data sources.",
keywords = "Electronic Health Records(EHRs), Patient-centric authorization, Policy anomaly analysis, Policy composition, Selective sharing",
author = "Jing Jin and Gail-Joon Ahn and Hongxin Hu and Covington, {Michael J.} and Xinwen Zhang",
year = "2011",
month = "3",
doi = "10.1016/j.cose.2010.09.001",
language = "English (US)",
volume = "30",
pages = "116--127",
journal = "Computers and Security",
issn = "0167-4048",
publisher = "Elsevier Limited",
number = "2-3",

}

TY - JOUR

T1 - Patient-centric authorization framework for electronic healthcare services

AU - Jin, Jing

AU - Ahn, Gail-Joon

AU - Hu, Hongxin

AU - Covington, Michael J.

AU - Zhang, Xinwen

PY - 2011/3

Y1 - 2011/3

N2 - In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and privacy protection requirements. We also articulate and address issues and mechanisms on policy anomalies that occur in the composition of discrete access control policies from different data sources.

AB - In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and privacy protection requirements. We also articulate and address issues and mechanisms on policy anomalies that occur in the composition of discrete access control policies from different data sources.

KW - Electronic Health Records(EHRs)

KW - Patient-centric authorization

KW - Policy anomaly analysis

KW - Policy composition

KW - Selective sharing

UR - http://www.scopus.com/inward/record.url?scp=79951680016&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79951680016&partnerID=8YFLogxK

U2 - 10.1016/j.cose.2010.09.001

DO - 10.1016/j.cose.2010.09.001

M3 - Article

VL - 30

SP - 116

EP - 127

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

IS - 2-3

ER -