Attribute Based Access Control (ABAC) - the Best Cure for Sustainable eHealth Services
With the digitalization of health records effective sharing of patient data offers considerable benefits for patients and healthcare professionals alike. However, ensuring confidentiality of information and thereby patient integrity remains a security issue for many healthcare organizations. This paper discusses how, through XACML-based access control, security issues can be overcome.
Today a multitude of information assets can be combined into electronic health records with a rich set of analytic aids that assist a user to understand them. By making this information readily available to new audiences, collaboration between healthcare providers and other stakeholders can be taken to a completely new level. This of course offers enormous potential efficiency gains, but also poses integrity and confidentiality issues. Furthermore, in recent years legislation in most countries has strengthened patient privacy regulations.
This paper discusses fundamental issues regarding personally identifiable information and privacy concerns in the context of personal health information processing. It also looks at some examples of legislative frameworks and reviews the fundamental similarities and differences between them, while drawing some general high-level conclusions regarding the requirements on information security and authorization.
The paper goes on to discuss the capabilities of predominant standards for electronic health records related information processing and the access control models they can use in the perspective of these high-level requirements.
Some resources on this web site are available for registered users only. To access them, you need to login. If you do not have an account yet, use the registration form.
If you do not have an account yet,
click here to register.