Skip to main content
Springer Nature Link
Log in

A Tag-Based Data Model for Privacy-Preserving Medical Applications

  • Conference paper
Current Trends in Database Technology – EDBT 2006 (EDBT 2006)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4254))

Included in the following conference series:

  • 662 Accesses

Abstract

In autonomous distributed healthcare environments, patients’ electronic medical records are controlled and managed by each healthcare facility. It is important to ensure that when records are accessed and transferred that it is done securely, while still respecting patients’ rights on privacy and confidentiality of their personal health information. We propose a new tag-based data model for representing patients’ electronic medical records as well as access and transfer policy statements. This model helps to categorize the patient information, as well as expressing patients’ consent for a variety of domains (individual, health care provider and facility). Unlike most existing data models used in healthcare information systems, our model supports patients’ consent expression in terms of healthcare facilities, healthcare providers, their roles, and categories of medical records or any combination of them within a single framework. Our model has been demonstrated by developing a prototype system using some trusted computing components.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. O’Keefe, C.M., Greenfield, P., Goodchild, A.: A Decentralised Approach to Electronic Consent and Health Information Access Control. Journal of Research and Practice in Information Technology 37(2), 161–178 (2005)

    Google Scholar 

  2. Chadwick, D., Mundy, D.: The secure electronic transfer of prescriptions. Healthcare Computing (2004)

    Google Scholar 

  3. Task Force on Medical Informatics: Safeguard Needed in Transfer of Patient Data. Pediatrics 98(5), 984–986 (1996)

    Google Scholar 

  4. Khayat, E.J., Abdallah, A.E.: A formal model for flat role-based access control. In: IEEE International Conference on Computer Systems and Applications, Tunisia (July 2003)

    Google Scholar 

  5. Evered, M., Bogeholz, S.: A case study in access control requirements for a health information system. In: Australasian Information Security Workshop 2004 (2004)

    Google Scholar 

  6. Reid, J., Cheong, I., Henricksen, M., Smith, J.: A Novel Use of RBAC to Protect Privacy in Distributed Health Care Information Systems. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 403–415. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  7. Stein, L.D.: The Electronic Medical Record: Promises and Threats. Web Journal 2(3) (1997)

    Google Scholar 

  8. Huston, T.: Security Issues for Implementation of E-medical Records. Communication of the ACM 44(9), 89–94 (2001)

    Article  Google Scholar 

  9. Choudhri, A., Kagal, L., Joshi, A., Finin, T., Yesha, Y.: PatientService: Electronic Patient Record Redaction and Delivery in Pervasive Environment. In: Fifth International Workshop on Enterprise Networking and Computing in Healthcare Industry (Healthcom 2003) (2003)

    Google Scholar 

  10. Motta, G.H.M.B., Furuie, S.S.: A Contextual Role-Based Access Control Authorization Model for Electronic Patient Record. IEEE Transactions on Information Technology in Biomedicine 7(3), 202–207 (2003)

    Article  Google Scholar 

  11. Crook, R., Ince, D., Nuseibeh, B.: Modelling access policies using roles in requirements engineering. Information and Software Technology 45, 979–991 (2003)

    Article  Google Scholar 

  12. OASIS. eXtensible Access Control Markup Language (XACML) Version 2.0 3 (2005), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf

  13. Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise Privacy Authorization Language (EPAL 1.1), IBM Technical Report (2003)

    Google Scholar 

  14. Messerges, T.S., Dabbish, E.A.: Digital rights management in a 3G mobile phone and beyond. In: Proceedings of the 2003 ACM Workshop on Digital Rights Management, DRM 2003, Washington, DC, USA, October 27, pp. 27–38. ACM Press, New York (2003), http://doi.acm.org/10.1145/947380.947385

    Chapter  Google Scholar 

  15. Open Mobile Alliance, DRM Architecture, version 2.0.6 (2004) OMA-DRM-ARCH-V2_0_6-20040820-C.zip at: http://www.openmobilealliance.org

Download references

Author information

Authors and Affiliations

  1. CSIRO ICT Centre, PO Box 76, Epping, NSW 1710, Australia

    Surya Nepal, John Zic, Frederic Jaccard & Gregoire Kraehenbuehl

Authors
  1. Surya Nepal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. John Zic
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Frederic Jaccard
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Gregoire Kraehenbuehl
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Technische Universität München, Germany

    Torsten Grust

  2. International University in Germany, Germany

    Hagen Höpfner

  3. University of the Basque Country,  

    Arantza Illarramendi

  4. University of Bayreuth, Bayreuth, Germany

    Stefan Jablonski

  5. Università di Milano, Italy

    Marco Mesiti

  6. University of Erlangen-Nurmberg, Germany

    Sascha Müller

  7. Institut für Informatik, Ludwig-Maximilians-Universität, Oettingenstr. 67, 80538, München, Germany

    Paula-Lavinia Patranjan

  8. Dept. of Computer Science and Automation, TU Ilmenau

    Kai-Uwe Sattler

  9. Faculty of Computer Science, Otto-von-Guericke-University Magdeburg, Germany

    Myra Spiliopoulou

  10. Université de Mons-Hainaut, Mons, Belgium

    Jef Wijsen

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Nepal, S., Zic, J., Jaccard, F., Kraehenbuehl, G. (2006). A Tag-Based Data Model for Privacy-Preserving Medical Applications. In: Grust, T., et al. Current Trends in Database Technology – EDBT 2006. EDBT 2006. Lecture Notes in Computer Science, vol 4254. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11896548_34

Download citation

  • DOI: https://doi.org/10.1007/11896548_34

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-46788-5

  • Online ISBN: 978-3-540-46790-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics