Legislation to create electronic healthcare records and provide electronic healthcare services requires the same level of privacy and disclosure regulations as are applicable to the current practices for paper based patient health records. Most of work in this area has been organization-oriented that deals with exchange of information among healthcare organizations (such as referrals). However, the requirements for ensuring security and privacy of information for online access and sharing of health records in a federated healthcare environment have not been adequately addressed. To address this problem, we have developed a context-aware content-based access control policy specification framework, known as Generalized Temporal Role Based Access Control model (X-GTRBAC). This framework has been prototyped using an XML-driven federated environment that is comprised of synthetic healthcare multimedia databases. Our system integrates both privacy and disclosure policies with well-known healthcare standards used in the industry in order to specify the precise requirements of a practical healthcare system. In particular, the prototype uses the Clinical Document Architecture (CDA) of the Health Level 7 (HL7) organization as the underlying information model, and provides a methodology for associating user and environmental context parameters, with HL7 Reference Information Model [1]. The X-GTRBAC specification language used in this prototype can be broadly applied to a wide range of distributed and disparate healthcare applications for fine grained and flexible context-aware control for HL7 objects.


Information Security, Databases, HealthCare

Date of this Version

December 2007


Electrical & Computer Engineering

Month of Graduation


Year of Graduation



Master of Science in Electrical and Computer Engineering

Head of Graduate Program

MJT Smith

Advisor 1 or Chair of Committee

Arif Ghafoor

Committee Member 1

Y. C. Hu

Committee Member 2

Y. H. Lu