-
Something wrong with this record ?
A flexible solution for privilege management and access control in EHR systems
G. Gazzarata, B. Blobel, M. Giacomini
Language English Country Czech Republic
- MeSH
- Electronic Health Records * standards organization & administration MeSH
- Health Level Seven MeSH
- Access to Information MeSH
- Computer Security MeSH
Background: Inter-organizational healthcare businesses are ruled by a huge set of policies: legal policies, organizational policies, medical policies, ethical policies, etc., which are quite static, patients policy and process, social and environmental conditions, which are highly dynamic. In the context of a business case, those diff erent policies must be harmonized to enable privilege management and access control decisions. Objectives: The authors off er a methodology to achieve interoperability through policies harmonization in a privilege management and access control solution for EHR systems, to be later on implemented in a cancer care network using HL7 specifications. Methods: To meet the objective, the authors make use of a system-theoretical, architecture-centric, ontology-based approach to formally representing the aforementioned polices for harmonization. Results: Because of its fl exibility and generality, a policydriven RBAC model is used to formally represent all the other access control models such as MAC, DAC, RBAC, ABAC, HL7 Data Segmentation and Labeling Services. All the policies deployed in the context of an inter-organizational collaboration for cancer care can be formalized and then harmonized. Conclusions: The authors provide an implementation independent methodology to enable policies harmonization in EHR systems. The methodology described in the paper is independent on the maturity of organizations’ privilege management and access control system. Furthermore, it does not hamper organizations progressing to more advanced solutions over the time. Even dynamic policies can be harmonized at run time, allowing advancement towards a patient-centered care.
1st Medical Faculty Charles University Prague Czech Republic
Department of Informatics Bioengineering Robotics and System Engineering University of Genoa Italy
eHealth Competence Center Bavaria Deggendorf Institute of Technology Germany
Institute of Social Medicine and Health Economy University of Magdeburg Germany
References provided by Crossref.org
Literatura
- 000
- 00000naa a2200000 a 4500
- 001
- bmc18006184
- 003
- CZ-PrNML
- 005
- 20220509145100.0
- 007
- cr|cn|
- 008
- 180228s2017 xr ad fs 000 0|eng||
- 009
- eAR
- 024 7_
- $a 10.24105/ejbi.2017.13.1.9 $2 doi
- 040 __
- $a ABA008 $d ABA008 $e AACR2 $b cze
- 041 0_
- $a eng
- 044 __
- $a xr
- 100 1_
- $a Gazzarata, G. $u Department of Informatics, Bioengineering, Robotics and System Engineering, University of Genoa, Italy; Institute of Social Medicine and Health Economy, University of Magdeburg, Germany
- 245 12
- $a A flexible solution for privilege management and access control in EHR systems / $c G. Gazzarata, B. Blobel, M. Giacomini
- 504 __
- $a Literatura
- 520 9_
- $a Background: Inter-organizational healthcare businesses are ruled by a huge set of policies: legal policies, organizational policies, medical policies, ethical policies, etc., which are quite static, patients policy and process, social and environmental conditions, which are highly dynamic. In the context of a business case, those diff erent policies must be harmonized to enable privilege management and access control decisions. Objectives: The authors off er a methodology to achieve interoperability through policies harmonization in a privilege management and access control solution for EHR systems, to be later on implemented in a cancer care network using HL7 specifications. Methods: To meet the objective, the authors make use of a system-theoretical, architecture-centric, ontology-based approach to formally representing the aforementioned polices for harmonization. Results: Because of its fl exibility and generality, a policydriven RBAC model is used to formally represent all the other access control models such as MAC, DAC, RBAC, ABAC, HL7 Data Segmentation and Labeling Services. All the policies deployed in the context of an inter-organizational collaboration for cancer care can be formalized and then harmonized. Conclusions: The authors provide an implementation independent methodology to enable policies harmonization in EHR systems. The methodology described in the paper is independent on the maturity of organizations’ privilege management and access control system. Furthermore, it does not hamper organizations progressing to more advanced solutions over the time. Even dynamic policies can be harmonized at run time, allowing advancement towards a patient-centered care.
- 650 12
- $a elektronické zdravotní záznamy $x normy $x organizace a řízení $7 D057286
- 650 _2
- $a zabezpečení počítačových systémů $7 D016494
- 650 _2
- $a přístup k informacím $7 D022126
- 650 _2
- $a Health Level Seven $7 D057208
- 700 1_
- $a Blobel, Bernd, $d 1947- $7 xx0111976 $u Medical Faculty, University of Regensburg, Germany; eHealth Competence Center Bavaria, Deggendorf Institute of Technology, Germany; First Medical Faculty, Charles University Prague, Czech Republic
- 700 1_
- $a Giacomini, M. $u Department of Informatics, Bioengineering, Robotics and System Engineering, University of Genoa, Italy; Healthropy s.r.l., Savona,Italy; 7 HL7 Italy
- 773 0_
- $t European journal for biomedical informatics $x 1801-5603 $g Roč. 13, č. 1 (2017), s. 59-66 $w MED00173462
- 856 41
- $u http://www.ejbi.org/ $y domovská stránka časopisu - plný text volně přístupný
- 910 __
- $a ABA008 $b online $y p $z 0
- 990 __
- $a 20180228064000 $b ABA008
- 991 __
- $a 20220509145058 $b ABA008
- 999 __
- $a ok $b bmc $g 1278889 $s 1002939
- BAS __
- $a 3 $a 4
- BMC __
- $a 2017 $b 13 $c 1 $d 59-66 $i 1801-5603 $m European Journal for Biomedical Informatics $n Eur. J. Biomed. Inform. (Praha) $x MED00173462
- LZP __
- $c NLK125 $d 20201214 $a NLK 2018-13/vt
