Patient-centric authorization framework for sharing electronic health records

Jing Jin, Gail-Joon Ahn, Hongxin Hu, Michael J. Covington, Xinwen Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

52 Scopus citations

Abstract

In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and various privacy protection requirements. We also articulate and handle the policy anomalies that might occur in the composition of discrete access control policies from multiple data sources.

Original languageEnglish (US)
Title of host publicationSACMAT'09 - Proceedings of the 14th ACM Symposium on Access Control Models and Technologies
Pages125-134
Number of pages10
DOIs
StatePublished - Nov 30 2009
Event14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009 - Stresa, Italy
Duration: Jun 3 2009Jun 5 2009

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Conference

Conference14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009
CountryItaly
CityStresa
Period6/3/096/5/09

    Fingerprint

Keywords

  • Electronic health records (EHRs)
  • Patient-centric authorization
  • Selective sharing

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Information Systems

Cite this

Jin, J., Ahn, G-J., Hu, H., Covington, M. J., & Zhang, X. (2009). Patient-centric authorization framework for sharing electronic health records. In SACMAT'09 - Proceedings of the 14th ACM Symposium on Access Control Models and Technologies (pp. 125-134). (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT). https://doi.org/10.1145/1542207.1542228