Patient-centric authorization framework for sharing electronic health records

Jing Jin; Gail-Joon Ahn; Hongxin Hu; Michael J. Covington; Xinwen Zhang

doi:10.1145/1542207.1542228

Patient-centric authorization framework for sharing electronic health records

Jing Jin, Gail-Joon Ahn, Hongxin Hu, Michael J. Covington, Xinwen Zhang

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

56 Scopus citations

Abstract

In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and various privacy protection requirements. We also articulate and handle the policy anomalies that might occur in the composition of discrete access control policies from multiple data sources.

Original language	English (US)
Title of host publication	SACMAT'09 - Proceedings of the 14th ACM Symposium on Access Control Models and Technologies
Pages	125-134
Number of pages	10
DOIs	https://doi.org/10.1145/1542207.1542228
State	Published - 2009
Event	14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009 - Stresa, Italy Duration: Jun 3 2009 → Jun 5 2009

Publication series

Name	Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Conference

Conference	14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009
Country/Territory	Italy
City	Stresa
Period	6/3/09 → 6/5/09

Keywords

Electronic health records (EHRs)
Patient-centric authorization
Selective sharing

ASJC Scopus subject areas

Software
Computer Networks and Communications
Safety, Risk, Reliability and Quality
Information Systems

Access to Document

10.1145/1542207.1542228

Cite this

Jin, J., Ahn, G-J., Hu, H., Covington, M. J., & Zhang, X. (2009). Patient-centric authorization framework for sharing electronic health records. In SACMAT'09 - Proceedings of the 14th ACM Symposium on Access Control Models and Technologies (pp. 125-134). (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT). https://doi.org/10.1145/1542207.1542228

Patient-centric authorization framework for sharing electronic health records. / Jin, Jing; Ahn, Gail-Joon; Hu, Hongxin et al.
SACMAT'09 - Proceedings of the 14th ACM Symposium on Access Control Models and Technologies. 2009. p. 125-134 (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Jin, J, Ahn, G-J, Hu, H, Covington, MJ & Zhang, X 2009, Patient-centric authorization framework for sharing electronic health records. in SACMAT'09 - Proceedings of the 14th ACM Symposium on Access Control Models and Technologies. Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT, pp. 125-134, 14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009, Stresa, Italy, 6/3/09. https://doi.org/10.1145/1542207.1542228

@inproceedings{e4567d9c60aa4d749e7698fb21957110,

title = "Patient-centric authorization framework for sharing electronic health records",

abstract = "In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and various privacy protection requirements. We also articulate and handle the policy anomalies that might occur in the composition of discrete access control policies from multiple data sources.",

keywords = "Electronic health records (EHRs), Patient-centric authorization, Selective sharing",

author = "Jing Jin and Gail-Joon Ahn and Hongxin Hu and Covington, {Michael J.} and Xinwen Zhang",

year = "2009",

doi = "10.1145/1542207.1542228",

language = "English (US)",

isbn = "9781605585376",

series = "Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT",

pages = "125--134",

booktitle = "SACMAT'09 - Proceedings of the 14th ACM Symposium on Access Control Models and Technologies",

note = "14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009 ; Conference date: 03-06-2009 Through 05-06-2009",

}

TY - GEN

T1 - Patient-centric authorization framework for sharing electronic health records

AU - Jin, Jing

AU - Ahn, Gail-Joon

AU - Hu, Hongxin

AU - Covington, Michael J.

AU - Zhang, Xinwen

PY - 2009

Y1 - 2009

N2 - In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and various privacy protection requirements. We also articulate and handle the policy anomalies that might occur in the composition of discrete access control policies from multiple data sources.

AB - In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and various privacy protection requirements. We also articulate and handle the policy anomalies that might occur in the composition of discrete access control policies from multiple data sources.

KW - Electronic health records (EHRs)

KW - Patient-centric authorization

KW - Selective sharing

UR - http://www.scopus.com/inward/record.url?scp=70450252045&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70450252045&partnerID=8YFLogxK

U2 - 10.1145/1542207.1542228

DO - 10.1145/1542207.1542228

M3 - Conference contribution

AN - SCOPUS:70450252045

SN - 9781605585376

T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

SP - 125

EP - 134

BT - SACMAT'09 - Proceedings of the 14th ACM Symposium on Access Control Models and Technologies

T2 - 14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009

Y2 - 3 June 2009 through 5 June 2009

ER -

Patient-centric authorization framework for sharing electronic health records

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this