Abstract
Legislation to create electronic healthcare records and provide electronic healthcare services requires the same level of privacy and disclosure regulations as are applicable to the current practices for paper based patient health records. Most of work in this area has been organization-oriented that deals with exchange of information among healthcare organizations (such as referrals). However, the requirements for ensuring security and privacy of information for online access and sharing of health records in a federated healthcare environment have not been adequately addressed. To address this problem, we have developed a context-aware content-based access control policy specification framework, known as Generalized Temporal Role Based Access Control model (X-GTRBAC). This framework has been prototyped using an XML-driven federated environment that is comprised of synthetic healthcare multimedia databases. Our system integrates both privacy and disclosure policies with well-known healthcare standards used in the industry in order to specify the precise requirements of a practical healthcare system. In particular, the prototype uses the Clinical Document Architecture (CDA) of the Health Level 7 (HL7) organization as the underlying information model, and provides a methodology for associating user and environmental context parameters, with HL7 Reference Information Model [1]. The X-GTRBAC specification language used in this prototype can be broadly applied to a wide range of distributed and disparate healthcare applications for fine grained and flexible context-aware control for HL7 objects.
Keywords
Information Security, Databases, HealthCare
Date of this Version
December 2007
Department
Electrical & Computer Engineering
Month of Graduation
December
Year of Graduation
2007
Degree
Master of Science in Electrical and Computer Engineering
Head of Graduate Program
MJT Smith
Advisor 1 or Chair of Committee
Arif Ghafoor
Committee Member 1
Y. C. Hu
Committee Member 2
Y. H. Lu