nach oben

Erschienen in:

2014 | OriginalPaper | Buchkapitel

4. Ontology-Driven Authorization Policies on Personal Health Records for Sustainable Citizen-Centered Healthcare

verfasst von : Mikaela Poulymenopoulou, Flora Malamateniou, George Vassilacopoulos

Erschienen in: Concepts and Trends in Healthcare Information Systems

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The citizen-centered paradigm requires that citizens are active participants in their healthcare processes. Personal health records (PHRs) empower citizens and allow them to manage their health and wellness by collecting life-long cross-institutional information from various sources. A virtual PHR is defined here as a collaborative platform, which is enhanced by cloud computing and Internet of Things (IOT) technologies, for sharing citizens’ healthcare data typically stored in distributed, autonomous healthcare data sources as well as healthcare data stored by the citizen him/herself and assistive technology equipment; it can thus be considered as an entity on the network that, in addition to its own medical data, it can, be populated by relevant healthcare information on the fly at the moment of an attempted access. Although the requirement for integrating distributed, heterogeneous data sources for use by PHR services is challenging, pointing to the need for establishing a data sharing policy based on an interoperability platform, to resolve the heterogeneity among the data sources, new security challenges are induced due to the facts that citizens are the owners of their medical data and that various security policies are enforced on the various data sources. This chapter presents an authorization system for a virtual PHR, which is based on semantic technologies such as ontologies and is provided as a cloud service, to enable authorized access to integrated citizen information upon user requests. The system is based on the role and attribute based access control (RABAC) model and supports authorization policies of various granularity levels subject to area-wide constraints imposed by the health and social services involved.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Exploiting Ontology Based Search and EHR Interoperability to Facilitate Clinical Trial Design

Nächstes Kapitel Privacy-Preserving Access Control for PHR-Based Emergency Medical Systems

Baird A, Raghu T-S, Tulledge-Scheitel S (2012) The role of policy in the prevention of Personal Health Record (PHR) market failure. J Inf Technol Politics 9:117–132CrossRef

Bairs A, North F, Raghu T-S (2011) Personal health records (PHR) and the future of the physician-patient relationship, In the Proceedings of the 2011 iConference, New York, USA

Barua M, Liang X, Lu R, Shen X (2011) PEACE: an efficient and secure patient-centric access control scheme for eHealth care system. In the First International Workshop on Security in Computers, Networking and Communications, pp 987–992

Berwick D (2009) What ‘patient-centered’ should mean: confessions of an extremist. Health Aff 28(4):555–565CrossRef

Blobel B (2011) Ontology driven health information systems architectures enable pHealth for empowered patients. Int J Med Inform 80:e17–e25CrossRef

Calvillo J, Roman I, Roa L-M (2013) Empowering citizens with access control mechanisms to their personal health resources. Int J Med Inf 82:58–72CrossRef

Carrion I, Aleman J, Toval A (2011) Accessing the HIPAA standard in practice: PHR privacy policies. In the Proceedings of the 33rd Annual International Conference of the IEEE EMBS, Boston, Massachusetts, USA

Chen TS, Liu CH, Chen TL, Chen CS, Bau JG, Lin TC (2012) Secure dynamic access control scheme of PHR in cloud computing. J Med Syst 36(6):4005–4020CrossRef

Ciuciu I, Claerhout B, Schilders L, Meersman R (2011) Ontology-based matching of security attributes for personal data access in e-health. Lect Notes Comput Sci (On the move to meaningful Internet syst) 7045:605–616CrossRef

Cushman R, Froomkin M, Cava A, Abril P, Goodman K (2010) Ethical, legal and social issues for personal health records and applications. J Biomed Inf 43:S51–S55CrossRef

Gajanayake R, Iannella R, Sahama T (2011) Sharing with care: an information accountability perspective. IEEE Comput Soc 15(4):31–38CrossRef

Gearon C (2007) Perspectives on the future of personal health records. iHealthReports. California Healthcare Foundation. http://www.chcf.org/~/media/MEDIA%20LIBRARY%20Files/PDF/P/PDF%20PHRPerspectives.pdf. Accessed 12 Dec. 2013

Giusto D, Iera A, Morabito G, Atzori L (2010) The Internet of Things, 20th Tyrrhenian Workshop on Digital Communications

Heinze O, Birkle M, Köster L, Bergh B (2011) Architecture of a consent management suite and integration into IHE-based regional health information networks. BMC Med Inf Decis Mak 11(58). doi:10.1186/1472-6947-11-58

Jin X, Sandhu R, Krishman R (2012) RABAC: role-centric attribute-based access control. Lect Notes Comput Sci (Comput Netw Secur) 7531:84–96CrossRef

Kahn J, Aulakh V, Bosworth A (2009) What it takes: characteristics of the ideal personal health record, Health Aff 28(2):369–376

Kayes A-S-M, Han J, Colman A (2013) OntCAAC: an ontology-based approach to context-aware access control for software services. Technical Report, Melbourne, Australia. Swinburne University of Technology

Kim J, Jung H, Bates D (2011) History and trends of “Personal Health Record” research in PubMed. Health Inf Res 17(1):3–17CrossRef

King G, Donnell C, Boddy D, Smith F, Heaney D, Mair F (2012) Boundaries and e-health implementation in health and social care. BMC Med Inf Decis Mak 12(100). doi:10.1186/1472-6947-12-100

Kuhn D, Richard D (2010) Adding attributes to role-based access control. IEEE Comput Soc 43(6):79–81

Li M, Yu S, Ren K, Lou W (2010) Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings. Lect Notes Inst Comput Sci (Social Inf Telecom Eng) 50:89–106

Li M, Yu S, Zheng Y, Ren K, Lou W (2012) Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans Parallel Distrib Syst 24(1):131–143

Mahajan A, Patel Y (2012) Enhancing PHR services in cloud computing: patient-centric and fine grained data access using ABE. Int J Comput Sci Inf Technol Secur (IJCSITS) 2(6):1130–1135

Malamateniou F, Vassilacopoulos G, Tsanakas P (1998) A workflow-based approach to virtual patient record security. IEEE Trans Inf Technol Biomed 2(3)

Martino L, Ahuja S (2010) Privacy policies of personal health records: an evaluation of their effectiveness in protecting patient information, In the Proceedings of the 1st ACM International Heath Informatics Symposium, New York, USA

Mohan A, Bauer D, Blough D, Ahamad M, Bamba B, Krishnan R, Liu L, Mashima D, Palanisamy B (2009) A patient-centric, attribute-based, source-verifiable framework for health record sharing, In GIT CERCS Technical Report No. GIT-CERCS-09-11

Mori A, Mazzeo M, Mercurio G, Verbicaro R (2012) Holistic health: predicting our data future (from inter-operability among system to co-operability among people). Int J Med Inf 82(4):e14–28

Pirtle B, Chandra A (2011) An overview of consumers perceptions and acceptance as well as barriers and potential of electronic personal health records. Am J Health Sci 2(2):45–52

Poulymenopoulou M, Papakonstantinou D, Malamateniou F, Vassilacopoulos G (2012) Enhancing patient information sharing through social networks. In the Proceedings of the International Conference on Health Informatics—HEALTHINF, Vilamoura, Algarve, Portugal, pp 378–381

Rigbya M, Hill P, Kochc S, Keelingd D (2011) Social care informatics as an essential part of holistic health care: a call for action. Int J Med Inform 80:544–554CrossRef

Rostad L, Nytro O (2008) Personalized access control for a personally controlled health record. In the Proceedings of the 2nd ACM workshop on Computer security architectures, New York, USA, pp 9–16

Ruotsalainen P, Blobel B, Seppala A, Sorvari H, Nykanen P (2012) A conceptual framework and principles for trusted pervasive health. J Med Internet Res 14(2):e52CrossRef

Said O, Tolba A (2012) SEAIoT: scalable e-health architecture based on Internet of things. Int J Comput App 59(13):44–48

Shen H, Cheng U (2011) A semantic context-based model for mobile web services access control. Int J Comput Netw Inf Secur 1:18–25

Shine S-G (2012) A hybrid level access control mechanism for secure medical data sharing in cloud platform. International. J Adv Res Comput Sci Softw Eng 2(10):272–277

Steele R, Min K, Lo A (2012) Personal health record architectures: technology infrastructure implications and dependencies. J Am Soc Inf Sci Technol 63(6):1079–1091CrossRef

Sujansky W, Faus S, Stone E, Brennan P (2010) A method to implement fine-grained access control for personal health records through standard relational database queries. J Biomed Inform 43:46–50CrossRef

Trojer T, Katt B, Schabetsberger T, Breu R, Mair R (2012) Considering privacy and effectiveness of authorization policies for shared electronic health records. In Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium, New York, USA, pp 553–562

Weitzman E-R, Kaci L, Quinn M, Mandl K-D (2011) Helping high risk youth move through high-risk periods: personally controlled health records for improving social and health care transitions. J Diabetes Sci Technol 5(1):47–54CrossRef

Wickramasinghe N, Bali R, Kirn S, Suomi R (eds) (2012) Critical issues for the development of sustainable e-health solutions (Book) XXXIV:386p

Zhang R, Liu L (2010) Security models and requirements for healthcare application clouds. In Proceedings of 3rd International Conference on Cloud Computing, IEEE Cloud’10, Miami, Florida, USA, pp 268–275

Titel: Ontology-Driven Authorization Policies on Personal Health Records for Sustainable Citizen-Centered Healthcare
verfasst von: Mikaela Poulymenopoulou
Flora Malamateniou
George Vassilacopoulos
Verlag: Springer International Publishing
Buch: Concepts and Trends in Healthcare Information Systems
Print ISBN: 978-3-319-06843-5

Electronic ISBN: 978-3-319-06844-2

Copyright-Jahr: 2014
DOI: https://doi.org/10.1007/978-3-319-06844-2_4

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"