Skip to main content

Advertisement

SpringerLink
Log in

An Approach to Access Control in Electronic Health Record

  • Original Paper
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

OASIS is a non-for-profit consortium that drives the development convergence and adoption of open standards for the global information society. It involves more than 600 organizations and individuals as well as IT leaders Sun, Microsoft, IBM and Oracle. One of its standards is XACML which appeared a few years ago and now there are about 150,000 hits on Google. XACML (eXtensible Access Control Markup Language) is not technology related. Sun published in 2004 open source Sun XACML which is in compliance with XACML 1.0. specification and now works to make it comply with XACML 2.0. The heart of XACML are attributes values of defined type and name that is to be attached to a subject, a resource, an action and an environment in which a subject request action on resource. In that way XACML is to replace Role Based Access Control which dominated for years. The paper examines performances in CEN 13 606 and ISO 22 600 based healthcare system which uses XACML for access control.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Bussiness Wire. http://www.allbusiness.com/technology/software-services-applications-information/8943546-1.html. Accessed May 2008.

  2. Access Control, X.A.C.M.L.: Under Control, Sun Report. http://research.sun.com/spotlight/2005_11_01-XACML.html. Accessed October 2008.

  3. NEHTA recommendation. http://www.nehta.gov.au.

  4. CEN ENV 13 606 Extended Architecture. http://www.centc251.org/WGI/N-documents/WGI-N04-24-prEN_13606-1_(E)preENQ.pdf. Accessed June 2007.

  5. ISO 22 600. Access Control in Healthcare Information Systems.

  6. Anderson, A., A comparison of two privacy policy languages: EPAL and XACML. http://research.sun.com/techrep/2005/smli_tr2005-147.pdf.

  7. Sun’s XACML Implementation. http://sunxacml.sourceforge.net/.

  8. Artemis Project. http://www.srdc.metu.edu.tr/webpage/projects/.

  9. National Library of Medicine: Unified Medical Language System, Semantic Network. http://www.nlm.nih.gov/research/umls/meta3.html.

  10. National Library of Medicine: Unified Medical Language System, Metathesaurus. http://www.nlm.nih.gov/research/umls/meta2.html.

  11. Sucurovic, S., Implementing security in a distributed web based EHCR. Int. J. Med. Inform491–496, 2007. doi:10.1016/j.ijmedinf.2006.09.017.

  12. Sucurovic, S., and Jovanovic, Z., Java cryptography & attribute certificate management. Dr. Dobb’s Journal, October 2006.

Download references

Acknowledgement

The authors would like to thank Mr. Zoran Ivancajic for his overall support.

Author information

Authors and Affiliations

  1. Institute Mihajlo Pupin, Belgrade, Serbia

    Snezana Sucurovic

  2. Dejan Simic, Faculty of Organisational Sciences, Belgrade, Serbia

    Snezana Sucurovic

Authors
  1. Snezana Sucurovic
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Snezana Sucurovic.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Sucurovic, S. An Approach to Access Control in Electronic Health Record. J Med Syst 34, 659–666 (2010). https://doi.org/10.1007/s10916-009-9279-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10916-009-9279-4

Keywords

Search

Navigation