Secure and Customizable EHR Management Services with COASTmed

Baquero, Alegria; Taylor, Richard N.

doi:10.1007/978-3-319-63194-3_9

Alegria Baquero¹⁵ &
Richard N. Taylor¹⁵

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 9062))

Included in the following conference series:

573 Accesses

Abstract

The exchange of electronic health records (EHR) among multiple parties and for multiple purposes raises nontrivial concerns. Unfortunately, privacy and operational policies granting individual access privileges to parties are often artifacts foreign to healthcare systems, thus EHR security is all the more frail. Moreover, current web service technologies that constitute many EHR systems treat users uniformly, making it more difficult for information consumers to use this data for specific purposes. Therefore, there is a need for EHR systems that offer secure, policy compliant access to data services and enable users to obtain the required information according to their individual authority. We present COASTmed, a notional EHR system that simultaneously offers provider-controlled differential service access and user-controlled customization. Our prototype is founded on the architectural principles of the COAST style and leverages the Rei policy language.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
Figure 2 illustrates a partial view of the system, depicting only the service provider.

References

Rindfleisch, T.C.: Privacy, information technology, and health care. Commun. ACM 40(8), 92–100 (1997)
Article Google Scholar
Gorlick, M.M., Strasser, K., Taylor, R.N.: Coast: an architectural style for decentralized on-demand tailored services. In: Joint Working IEEE/IFIP Conference on Software Architecture and European Conference on Software Architecture, pp. 71–80 (2012)
Google Scholar
Alhaqbani, B., Fidge, C.: Access control requirements for processing electronic health records. In: Hofstede, A., Benatallah, B., Paik, H.-Y. (eds.) BPM 2007. LNCS, vol. 4928, pp. 371–382. Springer, Heidelberg (2008). doi:10.1007/978-3-540-78238-4_38
Chapter Google Scholar
Gorlick, M.M., Taylor, R.N.: Communication and capability URLs in COAST-based decentralized services. In: Pautasso, C., Wilde, E., Alarcon, R. (eds.) REST: Advanced Research Topics and Practical Applications, pp. 9–25. Springer, New York (2014). doi:10.1007/978-1-4614-9299-3_2
Chapter Google Scholar
Kagal, L., Finin, T., Joshi, A.: A policy based approach to security for the semantic web. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 402–418. Springer, Heidelberg (2003). doi:10.1007/978-3-540-39718-2_26
Chapter Google Scholar
Becker, M.Y., Sewell, P.: Cassandra: flexible trust management, applied to electronic health records. In: Proceedings of the 17th IEEE Computer Security Foundations Workshop, pp. 139–154 (2004)
Google Scholar
Haas, S., Wohlgemuth, S., Echizen, I., Sonehara, N., Mller, G.: Aspects of privacy for electronic health records. Int. J. Med. Inform. 80(2), e26–e31 (2011)
Article Google Scholar
Jin, J., Covington, M.J., Ahn, G., Hu, H., Zhang, X.: Patient-centric authorization framework for sharing electronic health records. In: ACM SACMAT, pp. 125–134 (2009)
Google Scholar
Eyers, D.M., Bacon, J., Moody, K.: OASIS role-based access control for electronic health records. IEE Proc. Softw. 153(1), 16–23 (2006)
Article Google Scholar
Chadwick, D., Mundy, D.: Policy based electronic transmission of prescriptions. In: Proceedings of the IEEE 4th International Workshop on Policies for Distributed Systems and Networks, POLICY 2003, pp. 197–206 (2003)
Google Scholar
Katt, B., Breu, R., Hafner, M., Schabetsberger, T., Mair, R., Wozak, F.: Privacy and access control for IHE-based systems. In: Weerasinghe, D. (ed.) eHealth 2008. LNICSSITE, vol. 0001, pp. 145–153. Springer, Heidelberg (2009). doi:10.1007/978-3-642-00413-1_18
Chapter Google Scholar
Rafe, V., Hajvali, M.: Designing an architectural style for pervasive healthcare systems. J. Med. Syst. 37(2), 1–13 (2013)
Article Google Scholar
Igure, V.M., Laughter, S.A., Williams, R.D.: Security issues in SCADA networks. Comput. Secur. 25(7), 498–506 (2006)
Article Google Scholar

Download references

Author information

Authors and Affiliations

Institute for Software Research, University of California, Irvine, USA
Alegria Baquero & Richard N. Taylor

Authors

Alegria Baquero
View author publications
You can also search for this author in PubMed Google Scholar
Richard N. Taylor
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alegria Baquero .

Editor information

Editors and Affiliations

TU Clausthal, Clausthal-Zellerfeld, Germany
Michaela Huhn
North Carolina State University, Raleigh, North Carolina, USA
Laurie Williams

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Baquero, A., Taylor, R.N. (2017). Secure and Customizable EHR Management Services with COASTmed. In: Huhn, M., Williams, L. (eds) Software Engineering in Health Care. SEHC FHIES 2014 2014. Lecture Notes in Computer Science(), vol 9062. Springer, Cham. https://doi.org/10.1007/978-3-319-63194-3_9

Download citation

DOI: https://doi.org/10.1007/978-3-319-63194-3_9
Published: 27 July 2017
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-63193-6
Online ISBN: 978-3-319-63194-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics