Skip to main content
Springer Nature Link
Log in

Privacy and Access Control for IHE-Based Systems

  • Conference paper
Electronic Healthcare (eHealth 2008)

Included in the following conference series:

  • 1054 Accesses

Abstract

Electronic Health Record (EHR) is the heart element of any e-health system, which aims at improving the quality and efficiency of healthcare through the use of information and communication technologies. The sensitivity of the data contained in the health record poses a great challenge to security. In this paper we propose a security architecture for EHR systems that are conform with IHE profiles. In this architecture we are tackling the problems of access control and privacy. Furthermore, a prototypical implementation of the proposed model is presented.

eHealth 2008, September 8th and 9th, 2008, City University, London EC1.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. [ACF]ITU-T Rec X.812 – ISO/IEC 10181-3:1996. Security frameworks for open systems: Access control framework. Technical report (1995)(1996)

    Google Scholar 

  2. OECD: Guidelines on the protection of privacy and transborder flows of personal data, http://www.oecd.org/document/18/03343en_2649_34255_1815186_1_1_1_1.00&&en-USS_01DBC.html

  3. Ferreira, L.A.A., Cruz-Correia, R., Chadwick, D.: Access control: How can it improve patients healthcare? (2007)

    Google Scholar 

  4. Anderson, A.: Multiple resource profile of xacml v2.0 (2005), http://docs.oasisopen.org/xacml/2.0/accesscontrol-xacml-2.0-mult-profile-spec-os.pdf

  5. Anderson, R.J.: Security in clinical systems (1996)

    Google Scholar 

  6. Blobel, B.: Authorization and access control for electronic health record systems. International Journal of Medical Informatics (2004)

    Google Scholar 

  7. Blobel, B., Roger-France, F.: A systematic approach for analysis and design of secure healthcare systems. International Journal of Medical Informatics (2001)

    Google Scholar 

  8. Hafner, M., Mair, R., Breu, R., Agreiter, B., Unterthiner, S., Schabetsberger, T.: Health@net. die verteilte elektronische gesundheitsakte- eine fallstudie in modell-getriebenem security engineering. IT-Sicherheitskongress des BSI (2007)

    Google Scholar 

  9. Hu, J., Weaver, A.C.: A dynamic, context-aware security infrastructure for distributed healthcare applications. In: Proceedings of the first workshop on pervasive privacy security, privacy, and trust (2004)

    Google Scholar 

  10. IHE Integrating the Healthcare Enterprise. It infrastructure technical framework- cross enterprise document sharing (xds). Technical report (2004)

    Google Scholar 

  11. IHE Integrating the Healthcare Enterprise. Changing the way healthcare connects.Technical report (2006)

    Google Scholar 

  12. IHE Integrating the Healthcare Enterprise. Ihe it infrastructure white paper- hie security and privacy through ihe. Technical report (2007)

    Google Scholar 

  13. IHE Integrating the Healthcare Enterprise. It infrastructure technical framework- basic patient privacy concents (bppc). Technical report (2007)

    Google Scholar 

  14. IHE Integrating the Healthcare Enterprise. It infrastructure technical framework vol.1 (iti tf-1) integration profiles. Technical report (2007)

    Google Scholar 

  15. Katt, B., Breu, R., Hafner, M.: Model-driven policy framework for usage controlbasedprivacy (to appear)

    Google Scholar 

  16. Katt, B., Zhang, X., Breu, R., Hafner, M., Seifert, J.-P.: A general obligation model and continuity enhanced policy enforcement engine for usage control. SACMAT (2008)

    Google Scholar 

  17. Moses, T.: Extensible access control markup language (xacml) version 2.0 (2005), http://docs.oasisopen.org/xacml/2.0/accesscontrol-xacml-2.0-core-spec-os.pdf

  18. Namli, T., Dogac, A.: Implementation experiences on ihe xua and bppc. Technical report, Software Research and Development Center Middle East Technical University (2006)

    Google Scholar 

  19. Namli, T., Dogac, A.: Using SAML and XACML for Web Service Security and Privacy, ch. 8, pp. 183–206. Idea Group Publishing (2008)

    Google Scholar 

  20. Sandhu, R.: Role based access control models. IEEE Computer 29(2), 38–47 (1996)

    Google Scholar 

  21. Yee, G., Korba, L., Song, R.: Ensuring privacy for e-health services. In: Proceedings of The First International Conference on Availability, Reliability and Security (ARES 2006) (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Innsbruck, Austria

    Basel Katt, Ruth Breu & Micahel Hafner

  2. Health@net (CEMIT), Austria

    Thomas Schabetsberger, Richard Mair & Florian Wozak

Authors
  1. Basel Katt
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ruth Breu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Micahel Hafner
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Thomas Schabetsberger
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Richard Mair
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Florian Wozak
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Engineering and Mathematical Sciences, City University, Northampton Square, EC1V 0HB, London, UK

    Dasun Weerasinghe

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Katt, B., Breu, R., Hafner, M., Schabetsberger, T., Mair, R., Wozak, F. (2009). Privacy and Access Control for IHE-Based Systems. In: Weerasinghe, D. (eds) Electronic Healthcare. eHealth 2008. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 0001. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00413-1_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-00413-1_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-00412-4

  • Online ISBN: 978-3-642-00413-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics