Hierarchy Similarity Analyser-An Approach to Securely Share Electronic Health Records

2016 ◽  
Vol 7 (2) ◽  
pp. 14-29 ◽  
Author(s):  
Shalini Bhartiya ◽  
Deepti Mehrotra ◽  
Anup Girdhar
Keyword(s):  
Access Control ◽  
Electronic Health Records ◽  
Control Policy ◽  
Healthcare Organizations ◽  
Health Records ◽  
Role Hierarchy ◽  
Access Control Policies ◽  
Electronic Health ◽  
Policy Testing ◽  
Organizational Rules

Health professionals need an access to various dimensions of Electronic Health Records (EHR). Depending on technical constraints, each organization defines its own access control schema exhibiting heterogeneity in organizational rules and policies. Achieving interoperability between such schemas often result in contradictory rules thereby exposing data to undue disclosures. Permitting interoperable sharing of EHRs and simultaneously restricting unauthorized access is the major objective of this paper. An Extensible Access Control Markup Language (XACML)-based framework, Hierarchy Similarity Analyser (HSA), is proposed which fine-grains access control policies of disparate healthcare organizations to achieve interoperable and secured sharing of EHR under set authorizations. The proposed framework is implemented and verified using automated Access Control Policy Testing (ACPT) tool developed by NIST. Experimental results identify the users receive secured and restricted access as per their authorizations and role hierarchy in the organization.

Hierarchy Similarity Analyser-An Approach to Securely Share Electronic Health Records

2020 ◽  
pp. 1485-1501
Author(s):  
Shalini Bhartiya ◽  
Deepti Mehrotra ◽  
Anup Girdhar
Keyword(s):  
Access Control ◽  
Electronic Health Records ◽  
Control Policy ◽  
Healthcare Organizations ◽  
Health Records ◽  
Role Hierarchy ◽  
Access Control Policies ◽  
Electronic Health ◽  
Policy Testing ◽  
Organizational Rules

Health professionals need an access to various dimensions of Electronic Health Records (EHR). Depending on technical constraints, each organization defines its own access control schema exhibiting heterogeneity in organizational rules and policies. Achieving interoperability between such schemas often result in contradictory rules thereby exposing data to undue disclosures. Permitting interoperable sharing of EHRs and simultaneously restricting unauthorized access is the major objective of this paper. An Extensible Access Control Markup Language (XACML)-based framework, Hierarchy Similarity Analyser (HSA), is proposed which fine-grains access control policies of disparate healthcare organizations to achieve interoperable and secured sharing of EHR under set authorizations. The proposed framework is implemented and verified using automated Access Control Policy Testing (ACPT) tool developed by NIST. Experimental results identify the users receive secured and restricted access as per their authorizations and role hierarchy in the organization.

Hierarchy Similarity Analyser

2020 ◽  
pp. 204-220
Author(s):  
Shalini Bhartiya ◽  
Deepti Mehrotra ◽  
Anup Girdhar
Keyword(s):  
Access Control ◽  
Health Professionals ◽  
Control Policy ◽  
Healthcare Organizations ◽  
Access Control Policy ◽  
Unauthorized Access ◽  
Role Hierarchy ◽  
Access Control Policies ◽  
Policy Testing ◽  
Organizational Rules

Health professionals need an access to various dimensions of Electronic Health Records (EHR). Depending on technical constraints, each organization defines its own access control schema exhibiting heterogeneity in organizational rules and policies. Achieving interoperability between such schemas often result in contradictory rules thereby exposing data to undue disclosures. Permitting interoperable sharing of EHRs and simultaneously restricting unauthorized access is the major objective of this paper. An Extensible Access Control Markup Language (XACML)-based framework, Hierarchy Similarity Analyser (HSA), is proposed which fine-grains access control policies of disparate healthcare organizations to achieve interoperable and secured sharing of EHR under set authorizations. The proposed framework is implemented and verified using automated Access Control Policy Testing (ACPT) tool developed by NIST. Experimental results identify the users receive secured and restricted access as per their authorizations and role hierarchy in the organization.

A Global Socio-economic-medico-legal Model for the Sustainability of Longitudinal Electronic Health Records

2006 ◽  
Vol 45 (03) ◽  
pp. 240-245 ◽  
Author(s):  
A. Shabo
Keyword(s):  
Electronic Health Records ◽  
Healthcare Providers ◽  
Financial Assets ◽  
Healthcare Organizations ◽  
Health Records ◽  
Record Keeping ◽  
Proposed Model ◽  
Legal Model ◽  
Electronic Health

Summary Objectives: This paper pursues the challenge of sustaining lifetime electronic health records (EHRs) based on a comprehensive socio-economic-medico-legal model. The notion of a lifetime EHR extends the emerging concept of a longitudinal and cross-institutional EHR and is invaluable information for increasing patient safety and quality of care. Methods: The challenge is how to compile and sustain a coherent EHR across the lifetime of an individual. Several existing and hypothetical models are described, analyzed and compared in an attempt to suggest a preferred approach. Results: The vision is that lifetime EHRs should be sustained by new players in the healthcare arena, who will function as independent health record banks (IHRBs). Multiple competing IHRBs would be established and regulated following preemptive legislation. They should be neither owned by healthcare providers nor by health insurer/payers or government agencies. The new legislation should also stipulate that the records located in these banks be considered the medico-legal copies of an individual’s records, and that healthcare providers no longer serve as the legal record keepers. Conclusions: The proposed model is not centered on any of the current players in the field; instead, it is focussed on the objective service of sustaining individual EHRs, much like financial banks maintain and manage financial assets. This revolutionary structure provides two main benefits: 1) Healthcare organizations will be able to cut the costs of long-term record keeping, and 2) healthcare providers will be able to provide better care based on the availability of a lifelong EHR of their new patients.

scholarly journals Secure Exchange of Electronic Health Records

2012 ◽  
pp. 1403-1424
Author(s):  
Alejandro Enrique Flores ◽  
Khin Than Win ◽  
Willy Susilo
Keyword(s):  
Health Care ◽  
Access Control ◽  
Electronic Health Records ◽  
Shared Care ◽  
Health Records ◽  
Discretionary Access Control ◽  
Attribute Based Encryption ◽  
Electronic Health ◽  
Role Based ◽  
Traditional Approaches

Protecting the confidentiality of a patient’s information in a shared care environment could become a complex task. Correct identification of users, assigning of access permissions, and resolution of conflict rise as main points of interest in providing solutions for data exchange among health care providers. Traditional approaches such as Mandatory Access Control, Discretionary Access control and Role-Based Access Control policies do not always provide a suitable solution for health care settings, especially for shared care environments. The core of this contribution consists in the description of an approach which uses attribute-based encryption to protect the confidentiality of patients’ information during the exchange of electronic health records among healthcare providers. Attribute-based encryption allows the reinforcing of access policies and reduces the risk of unauthorized access to sensitive information; it also provides a set of functionalities which are described using a case study. Attribute-based encryption provides an answer to restrictions presented by traditional approaches and facilitate the reinforcing of existing security policies over the transmitted data.

scholarly journals Privacy-aware relationship semantics–based XACML access control model for electronic health records in hybrid cloud

2019 ◽  
Vol 15 (6) ◽  
pp. 155014771984605 ◽  
Author(s):  
Tehsin Kanwal ◽  
Ather Abdul Jabbar ◽  
Adeel Anjum ◽  
Saif UR Malik ◽  
Abid Khan ◽  
...  
Keyword(s):  
Access Control ◽  
Electronic Health Records ◽  
Cloud Service ◽  
Control Model ◽  
Hybrid Cloud ◽  
Access Control Model ◽  
Health Records ◽  
Fine Grained ◽  
Electronic Health ◽  
Records Access

State-of-the-art progress in cloud computing encouraged the healthcare organizations to outsource the management of electronic health records to cloud service providers using hybrid cloud. A hybrid cloud is an infrastructure consisting of a private cloud (managed by the organization) and a public cloud (managed by the cloud service provider). The use of hybrid cloud enables electronic health records to be exchanged between medical institutions and supports multipurpose usage of electronic health records. Along with the benefits, cloud-based electronic health records also raise the problems of security and privacy specifically in terms of electronic health records access. A comprehensive and exploratory analysis of privacy-preserving solutions revealed that most current systems do not support fine-grained access control or consider additional factors such as privacy preservation and relationship semantics. In this article, we investigated the need of a privacy-aware fine-grained access control model for the hybrid cloud. We propose a privacy-aware relationship semantics–based XACML access control model that performs hybrid relationship and attribute-based access control using extensible access control markup language. The proposed approach supports fine-grained relation-based access control with state-of-the-art privacy mechanism named Anatomy for enhanced multipurpose electronic health records usage. The proposed (privacy-aware relationship semantics–based XACML access control model) model provides and maintains an efficient privacy versus utility trade-off. We formally verify the proposed model (privacy-aware relationship semantics–based XACML access control model) and implemented to check its effectiveness in terms of privacy-aware electronic health records access and multipurpose utilization. Experimental results show that in the proposed (privacy-aware relationship semantics–based XACML access control model) model, access policies based on relationships and electronic health records anonymization can perform well in terms of access policy response time and space storage.

scholarly journals Secure Exchange of Medical Data Using a Novel Real-Time Biometric-Based Protection and Recognition Method

Electronics ◽  
2020 ◽  
Vol 9 (12) ◽  
pp. 2013
Author(s):  
Shams Ud Din ◽  
Zahoor Jan ◽  
Muhammad Sajjad ◽  
Maqbool Hussain ◽  
Rahman Ali ◽  
...  
Keyword(s):  
Electronic Health Records ◽  
Real Time ◽  
Signal To Noise Ratio ◽  
Security And Privacy ◽  
The Internet ◽  
Healthcare Organizations ◽  
Health Records ◽  
Clinical Notes ◽  
Electronic Health ◽  
Value Decomposition

Security and privacy are essential requirements, and their fulfillment is considered one of the most challenging tasks for healthcare organizations to manage patient data using electronic health records. Electronic health records (clinical notes, images, and documents) become more vulnerable to breaching patients’ privacy when shared with an external organization in the current arena of the internet of medical things (IoMT). Various watermarking techniques were introduced in the medical field to secure patients’ data. Most of the existing techniques focus on an image or document’s imperceptibility without considering the watermark(logo). In this research, a novel technique of watermarking is introduced, which supersedes the shortcomings of existing approaches. It guarantees the imperceptibility of the image/document and takes care of watermark(biometric), which is further passed through a process of recognition for claiming ownership. It extracts suitable frequencies from the transform domain using specialized filters to increase the robustness level. The extracted frequencies are modified by adding the biomedical information while considering the strength factor according to the human visual system. The watermarked frequencies are further decomposed through a singular value decomposition technique to increase payload capacity up to (256 × 256). Experimental results over a variety of medical and official images demonstrate the average peak signal-to-noise ratio (PSNR 54.43), and the normal correlation (N.C.) value is 1. PSNR and N.C. of the watermark were calculated after attacks. The proposed technique is working in real-time for embedding, extraction, and recognition of biometrics over the internet, and its uses can be realized in various platforms of IoMT technologies.

Sign in / Sign up

Export Citation Format

Share Document