Welcome to the InfoSci Platform
Managing Privacy and Effectiveness of Patient-Administered Authorization Policies

Managing Privacy and Effectiveness of Patient-Administered Authorization Policies

Thomas Trojer, Basel Katt, Ruth Breu, Thomas Schabetsberger, Richard Mair
Copyright: © 2012 |Volume: 3 |Issue: 2 |Pages: 20
ISSN: 1947-3133|EISSN: 1947-3141|EISBN13: 9781466611221|DOI: 10.4018/jcmam.2012040103
Cite Article Cite Article

MLA

Trojer, Thomas, et al. "Managing Privacy and Effectiveness of Patient-Administered Authorization Policies." IJCMAM vol.3, no.2 2012: pp.43-62. http://doi.org/10.4018/jcmam.2012040103

APA

Trojer, T., Katt, B., Breu, R., Schabetsberger, T., & Mair, R. (2012). Managing Privacy and Effectiveness of Patient-Administered Authorization Policies. International Journal of Computational Models and Algorithms in Medicine (IJCMAM), 3(2), 43-62. http://doi.org/10.4018/jcmam.2012040103

Chicago

Trojer, Thomas, et al. "Managing Privacy and Effectiveness of Patient-Administered Authorization Policies," International Journal of Computational Models and Algorithms in Medicine (IJCMAM) 3, no.2: 43-62. http://doi.org/10.4018/jcmam.2012040103

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

A central building block of data privacy is the individual right of information self-determination. Following from that when dealing with shared electronic health records (SEHR), citizens, as the identified individuals of such records, have to be enabled to decide what medical data can be used in which way by medical professionals. In this context individual preferences of privacy have to be reflected by authorization policies to control access to personal health data. There are two potential challenges when enabling patient-controlled access control policy authoring: First, an ordinary citizen neither can be considered a security expert, nor does she or he have the expertise to fully understand typical activities and workflows within the health-care domain. Thus, a citizen is not necessarily aware of implications her or his access control settings have with regards to the protection of personal health data. Both privacy of citizen’s health-data and the overall effectiveness of a health-care information system are at risk if inadequate access control settings are in place. This paper refers to scenarios of a case study previously conducted and shows how privacy and information system effectiveness can be defined and evaluated in the context of SEHR. The paper describes an access control policy analysis method which evaluates a patient-administered access control policy by considering the mentioned evaluation criteria.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.