OASIS role-based access control for electronic health records

2006 ◽  
Vol 153 (1) ◽  
pp. 16 ◽  
Author(s):  
D.M. Eyers ◽  
J. Bacon ◽  
K. Moody
Keyword(s):  
Access Control ◽  
Electronic Health Records ◽  
Role Based Access Control ◽  
Health Records ◽  
Electronic Health ◽  
Role Based

scholarly journals Secure Exchange of Electronic Health Records

2012 ◽  
pp. 1403-1424
Author(s):  
Alejandro Enrique Flores ◽  
Khin Than Win ◽  
Willy Susilo
Keyword(s):  
Health Care ◽  
Access Control ◽  
Electronic Health Records ◽  
Shared Care ◽  
Health Records ◽  
Discretionary Access Control ◽  
Attribute Based Encryption ◽  
Electronic Health ◽  
Role Based ◽  
Traditional Approaches

Protecting the confidentiality of a patient’s information in a shared care environment could become a complex task. Correct identification of users, assigning of access permissions, and resolution of conflict rise as main points of interest in providing solutions for data exchange among health care providers. Traditional approaches such as Mandatory Access Control, Discretionary Access control and Role-Based Access Control policies do not always provide a suitable solution for health care settings, especially for shared care environments. The core of this contribution consists in the description of an approach which uses attribute-based encryption to protect the confidentiality of patients’ information during the exchange of electronic health records among healthcare providers. Attribute-based encryption allows the reinforcing of access policies and reduces the risk of unauthorized access to sensitive information; it also provides a set of functionalities which are described using a case study. Attribute-based encryption provides an answer to restrictions presented by traditional approaches and facilitate the reinforcing of existing security policies over the transmitted data.

scholarly journals Secure Exchange of Electronic Health Records

2013 ◽  
pp. 1059-1079
Author(s):  
Alejandro Enrique Flores ◽  
Khin Than Win ◽  
Willy Susilo
Keyword(s):  
Health Care ◽  
Access Control ◽  
Electronic Health Records ◽  
Shared Care ◽  
Health Records ◽  
Discretionary Access Control ◽  
Attribute Based Encryption ◽  
Electronic Health ◽  
Role Based ◽  
Traditional Approaches

Protecting the confidentiality of a patient’s information in a shared care environment could become a complex task. Correct identification of users, assigning of access permissions, and resolution of conflict rise as main points of interest in providing solutions for data exchange among health care providers. Traditional approaches such as Mandatory Access Control, Discretionary Access control and Role-Based Access Control policies do not always provide a suitable solution for health care settings, especially for shared care environments. The core of this contribution consists in the description of an approach which uses attribute-based encryption to protect the confidentiality of patients’ information during the exchange of electronic health records among healthcare providers. Attribute-based encryption allows the reinforcing of access policies and reduces the risk of unauthorized access to sensitive information; it also provides a set of functionalities which are described using a case study. Attribute-based encryption provides an answer to restrictions presented by traditional approaches and facilitate the reinforcing of existing security policies over the transmitted data.

scholarly journals Secure Exchange of Electronic Health Records

2011 ◽  
pp. 1-22 ◽  
Author(s):  
Alejandro Enrique Flores ◽  
Khin Than Win ◽  
Willy Susilo
Keyword(s):  
Health Care ◽  
Access Control ◽  
Electronic Health Records ◽  
Shared Care ◽  
Health Records ◽  
Discretionary Access Control ◽  
Attribute Based Encryption ◽  
Electronic Health ◽  
Role Based ◽  
Traditional Approaches

Protecting the confidentiality of a patient‘s information in a shared care environment could become a complex task. Correct identification of users, assigning of access permissions, and resolution of conflict rise as main points of interest in providing solutions for data exchange among health care providers. Traditional approaches such as Mandatory Access Control, Discretionary Access control and Role-Based Access Control policies do not always provide a suitable solution for health care settings, especially for shared care environments. The core of this contribution consists in the description of an approach which uses attribute-based encryption to protect the confidentiality of patients’ information during the exchange of electronic health records among healthcare providers. Attribute-based encryption allows the reinforcing of access policies and reduces the risk of unauthorized access to sensitive information; it also provides a set of functionalities which are described using a case study. Attribute-based encryption provides an answer to restrictions presented by traditional approaches and facilitate the reinforcing of existing security policies over the transmitted data.

Securing XML with Role-Based Access Control

2014 ◽  
pp. 334-365 ◽  
Author(s):  
Alberto De la Rosa Algarín ◽  
Steven A. Demurjian ◽  
Timoteus B. Ziminski ◽  
Yaira K. Rivera Sánchez ◽  
Robert Kuykendall
Keyword(s):  
Access Control ◽  
Electronic Health Record ◽  
Information Exchange ◽  
Security Policies ◽  
Health Record ◽  
Role Based Access Control ◽  
Future Trends ◽  
Security Framework ◽  
Electronic Health ◽  
Role Based

Today’s applications are often constructed by bringing together functionality from multiple systems that utilize varied technologies (e.g. application programming interfaces, Web services, cloud computing, data mining) and alternative standards (e.g. XML, RDF, OWL, JSON, etc.) for communication. Most such applications achieve interoperability via the eXtensible Markup Language (XML), the de facto document standard for information exchange in domains such as library repositories, collaborative software development, health informatics, etc. The use of a common data format facilitates exchange and interoperability across heterogeneous systems, but challenges in the aspect of security arise (e.g. sharing policies, ownership, permissions, etc.). In such situations, one key security challenge is to integrate the local security (existing systems) into a global solution for the application being constructed and deployed. In this chapter, the authors present a Role-Based Access Control (RBAC) security framework for XML, which utilizes extensions to the Unified Modeling Language (UML) to generate eXtensible Access Control Markup Language (XACML) policies that target XML schemas and instances for any application, and provides both the separation and reconciliation of local and global security policies across systems. To demonstrate the framework, they provide a case study in health care, using the XML standards Health Level Seven’s (HL7) Clinical Document Architecture (CDA) and the Continuity of Care Record (CCR). These standards are utilized for the transportation of private and identifiable information between stakeholders (e.g. a hospital with an electronic health record, a clinic’s electronic health record, a pharmacy system, etc.), requiring not only a high level of security but also compliance to legal entities. For this reason, it is not only necessary to secure private information, but for its application to be flexible enough so that updating security policies that affect millions of documents does not incur a large monetary or computational cost; such privacy could similarly involve large banks and credit card companies that have similar information to protect to deter identity theft. The authors demonstrate the security framework with two in-house developed applications: a mobile medication management application and a medication reconciliation application. They also detail future trends that present even more challenges in providing security at global and local levels for platforms such as Microsoft HealthVault, Harvard SMART, Open mHealth, and open electronic health record systems. These platforms utilize XML, equivalent information exchange document standards (e.g., JSON), or semantically augmented structures (e.g., RDF and OWL). Even though the primary use of these platforms is in healthcare, they present a clear picture of how diverse the information exchange process can be. As a result, they represent challenges that are domain independent, thus becoming concrete examples of future trends and issues that require a robust approach towards security.

Hierarchy Similarity Analyser-An Approach to Securely Share Electronic Health Records

2020 ◽  
pp. 1485-1501
Author(s):  
Shalini Bhartiya ◽  
Deepti Mehrotra ◽  
Anup Girdhar
Keyword(s):  
Access Control ◽  
Electronic Health Records ◽  
Control Policy ◽  
Healthcare Organizations ◽  
Health Records ◽  
Role Hierarchy ◽  
Access Control Policies ◽  
Electronic Health ◽  
Policy Testing ◽  
Organizational Rules

Health professionals need an access to various dimensions of Electronic Health Records (EHR). Depending on technical constraints, each organization defines its own access control schema exhibiting heterogeneity in organizational rules and policies. Achieving interoperability between such schemas often result in contradictory rules thereby exposing data to undue disclosures. Permitting interoperable sharing of EHRs and simultaneously restricting unauthorized access is the major objective of this paper. An Extensible Access Control Markup Language (XACML)-based framework, Hierarchy Similarity Analyser (HSA), is proposed which fine-grains access control policies of disparate healthcare organizations to achieve interoperable and secured sharing of EHR under set authorizations. The proposed framework is implemented and verified using automated Access Control Policy Testing (ACPT) tool developed by NIST. Experimental results identify the users receive secured and restricted access as per their authorizations and role hierarchy in the organization.

scholarly journals Privacy-aware relationship semantics–based XACML access control model for electronic health records in hybrid cloud

2019 ◽  
Vol 15 (6) ◽  
pp. 155014771984605 ◽  
Author(s):  
Tehsin Kanwal ◽  
Ather Abdul Jabbar ◽  
Adeel Anjum ◽  
Saif UR Malik ◽  
Abid Khan ◽  
...  
Keyword(s):  
Access Control ◽  
Electronic Health Records ◽  
Cloud Service ◽  
Control Model ◽  
Hybrid Cloud ◽  
Access Control Model ◽  
Health Records ◽  
Fine Grained ◽  
Electronic Health ◽  
Records Access

State-of-the-art progress in cloud computing encouraged the healthcare organizations to outsource the management of electronic health records to cloud service providers using hybrid cloud. A hybrid cloud is an infrastructure consisting of a private cloud (managed by the organization) and a public cloud (managed by the cloud service provider). The use of hybrid cloud enables electronic health records to be exchanged between medical institutions and supports multipurpose usage of electronic health records. Along with the benefits, cloud-based electronic health records also raise the problems of security and privacy specifically in terms of electronic health records access. A comprehensive and exploratory analysis of privacy-preserving solutions revealed that most current systems do not support fine-grained access control or consider additional factors such as privacy preservation and relationship semantics. In this article, we investigated the need of a privacy-aware fine-grained access control model for the hybrid cloud. We propose a privacy-aware relationship semantics–based XACML access control model that performs hybrid relationship and attribute-based access control using extensible access control markup language. The proposed approach supports fine-grained relation-based access control with state-of-the-art privacy mechanism named Anatomy for enhanced multipurpose electronic health records usage. The proposed (privacy-aware relationship semantics–based XACML access control model) model provides and maintains an efficient privacy versus utility trade-off. We formally verify the proposed model (privacy-aware relationship semantics–based XACML access control model) and implemented to check its effectiveness in terms of privacy-aware electronic health records access and multipurpose utilization. Experimental results show that in the proposed (privacy-aware relationship semantics–based XACML access control model) model, access policies based on relationships and electronic health records anonymization can perform well in terms of access policy response time and space storage.

Hierarchy Similarity Analyser-An Approach to Securely Share Electronic Health Records

2016 ◽  
Vol 7 (2) ◽  
pp. 14-29 ◽  
Author(s):  
Shalini Bhartiya ◽  
Deepti Mehrotra ◽  
Anup Girdhar
Keyword(s):  
Access Control ◽  
Electronic Health Records ◽  
Control Policy ◽  
Healthcare Organizations ◽  
Health Records ◽  
Role Hierarchy ◽  
Access Control Policies ◽  
Electronic Health ◽  
Policy Testing ◽  
Organizational Rules

Health professionals need an access to various dimensions of Electronic Health Records (EHR). Depending on technical constraints, each organization defines its own access control schema exhibiting heterogeneity in organizational rules and policies. Achieving interoperability between such schemas often result in contradictory rules thereby exposing data to undue disclosures. Permitting interoperable sharing of EHRs and simultaneously restricting unauthorized access is the major objective of this paper. An Extensible Access Control Markup Language (XACML)-based framework, Hierarchy Similarity Analyser (HSA), is proposed which fine-grains access control policies of disparate healthcare organizations to achieve interoperable and secured sharing of EHR under set authorizations. The proposed framework is implemented and verified using automated Access Control Policy Testing (ACPT) tool developed by NIST. Experimental results identify the users receive secured and restricted access as per their authorizations and role hierarchy in the organization.

Sign in / Sign up

Export Citation Format

Share Document