Abstract
The Electronic Health Record (EHR) or Electronic Patient Record is a collection of electronic health information about a patient, created to increase personal safety through more accurate evidence-based decision support. Healthcare organizations, especially in different regions/local governments, can have different architectural solutions and procedures, and thus different access control policies. The requirement of compliance with previously developed architectural solutions binds them to using a single Federated infrastructure model. Since data stored in the EHR Infrastructure concerns the health status of patients, they must be considered critical and their confidentiality and integrity must be protected by proper security support. In this paper we will present the analysis of federation and security aspects and issues for the management of the Electronic Health Record in Italy, suggesting a possible solution.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Eyers, D., Bacon, J., Moody, K.: OASIS Role-based Access Control For Electronic Health Records. In: IEEE Proceedings on Software, vol. 153(1), pp. 16–23. IEEE (2006)
The Italian Data Protection Authority, Linee guida in tema di Fascicolo Sanitario Elettronico (FSE) e di dossier sanitario – 16 luglio 2009 (G.U. n. 178 del 3 agosto 2009)
OASIS, eXtensible Access Control Markup Language (XACML) v.3.0 (April 16, 2009)
Bergmann, J., Bott, O., Pretschner, D., Haux, R.: An e-consent-based shared EHR system architecture for integrated healthcare networks. International Journal of Medical Informatics 76(2-3), 130–136 (1973) ISSN 1386-5056, doi:10.1016/j.ijmedinf.2006.07.013
Tsiknakis, M., Katehakis, D., Orphanoudakis, S.: An open, component-based information infrastructure for integrated health information networks. Int. Journal of Medical Informatics 68(1-3), 3–26, http://www.sciencedirect.com/science/article/pii/S1386505602000606
Anderson, R.: A Security Policy Model for Clinical Information Systems. In: IEEE Symposium on Security and Privacy, pp. 30–42 (1996)
Anderson, R.: Security in Clinical Information Systems, Computer Laboratory University of Cambridge (1996)
Win, K.: A review of security of electronic health records. Health Information Management 34(1), 13–18 (2005)
Acharya, D.: Security in Pervasive Health Care Networks: Current R&D and Future Challenges. In: Mobile Data Management, pp. 305–306 (2010)
Hewitt, B.: Exploring how security features affect the use of electronic health records. Healthcare Technology and Management 11(1/2), 31–49 (2010)
Sohr, K., Drouineaud, M., Ahn, G.: Formal specification of role-based security policies for clinical information systems. In: SAC: Security Track, pp. 332–339. ACM (2005)
Security Assertion Markup Language (SAML) V2.0 Technical Overview Committee Draft 02 (March 25, 2008)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)
OASIS, ebXML Registry Services and Protocols Version 3.0, OASIS (May 2, 2005)
OASIS, SAML 2.0 profile of XACML v2.0, OASIS Standard (February 1, 2005)
OASIS: Web Service Security: SOAP Message Security 1.1 (WS-Security 2004) OASIS Standard incorporating Approved Errata (November 1, 2006)
OASIS, XACML Profile for Role Based Access Control (RBAC) (February 13, 2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Buzzi, M.C., Donini, F., Gebrehiwot, A., Lunardelli, A., Lucchesi, C., Mori, P. (2012). Federation and Security Aspects for the Management of the EHR in Italy. In: Cipolla-Ficarra, F., Veltman, K., Verber, D., Cipolla-Ficarra, M., Kammüller, F. (eds) Advances in New Technologies, Interactive Interfaces and Communicability. ADNTIIC 2011. Lecture Notes in Computer Science, vol 7547. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34010-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-34010-9_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34009-3
Online ISBN: 978-3-642-34010-9
eBook Packages: Computer ScienceComputer Science (R0)