Accessing Patient Records in Virtual Healthcare Organisations

The ARTEMIS project is developing a semantic web service based P2P interoperability infrastructure for healthcare information systems that will allow healthcare providers to securely share patient records within virtual healthcare organisations. Authorisation decisions to access patient records across organisation boundaries can be very dynamic and must occur within a strict legislative framework. In ARTEMIS we are developing a dynamic authorisation mechanism called PBAC that provides a means of contextual and process oriented access control to enforce healthcare business processes. PBAC demonstrates how healthcare providers can dynamically share patient records for care pathways across organisation boundaries

Towards Authentication and Authorization – Electronic Medical Records

The Technological intervention in field of Computer Science and Information Technology has made it possible to access medical records of Individuals electronically. Electronic Health Records systems which are distributed and need to be interoperable too. Important Business drivers for such kind of high level of interoperability introduce unique citizen ID. Though citizen have access to data from central repository and they can directly communicate with health care providers, but when it comes to security and confidentiality, technology fails to meet the requirements. In this paper we suggest a framework for authentication and authorization of Electronic medical Records System in consideration .It will help to build An Secure-Privacy Protected Electronic medical Record System

A Survey of Access Control Models in Wireless Sensor Networks

Copyright 2014 by the authors; licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/3.0/)Wireless sensor networks (WSNs) have attracted considerable interest in the research community, because of their wide range of applications. However, due to the distributed nature of WSNs and their deployment in remote areas, these networks are vulnerable to numerous security threats that can adversely affect their proper functioning. Resource constraints in sensor nodes mean that security mechanisms with a large overhead of computation and communication are impractical to use in WSNs; security in sensor networks is, therefore, a challenge. Access control is a critical security service that offers the appropriate access privileges to legitimate users and prevents illegitimate users from unauthorized access. However, access control has not received much attention in the context of WSNs. This paper provides an overview of security threats and attacks, outlines the security requirements and presents a state-of-the-art survey on access control models, including a comparison and evaluation based on their characteristics in WSNs. Potential challenging issues for access control schemes in WSNs are also discussed.Peer reviewe

Context-Based Access for Infrequent Requests in Tanzania\u27s Health Care System

Access control is an important aspect of any information system. It is a way of ensuring that users can only access what they are authorised to and no more. This can be achieved by granting users access to resources based on pre-defined organisational and legislative rules. Although access control has been extensively studied, and as a result, a wide range of access control models, mechanisms and systems have been proposed, specific access control requirements for healthcare systems that needs to support the continuity of care in an accountable manner have not been addressed. This results in a gap between what is required by the application domain and what is actually practised, and thus access control solutions implemented for the domain become too restrictive. The continuity of care is defined as the delivery of seamless health care services to patients through integration, coordination and sharing of information between providers. This thesis, therefore, designs a context-based access control model that allows healthcare professionals to bypass access rules in an accountable manner in case of an infrequent access request involving an emergency situation. This research uses the Tanzania\u27s healthcare system as a case study domain

Patient Controlled, Privacy Preserving IoT Healthcare Data Sharing Framework

Healthcare data personally collected by individuals with wearable devices have become important sources of information for healthcare professionals and medical research worldwide. User-Generated Data (UGD) offers unique and sometimes fine-grained insight into the lived experiences and medical conditions of patients. The sensitive subject-matter of medical data can facilitate the exploitation and/or control of victims. Data collection in medical research therefore restricts access control over participant-data to the researchers. Therefore, cultivating trust with prospective participants concerned about the security of their medical data presents formidable challenges. Anonymization can allay such concerns, but at the cost of information loss. Moreover, such techniques cannot necessarily be applied on real-time streaming health data. In this paper, we aim to analyze the technical requirements to enable individuals to share their real-time wearable healthcare data with researchers without compromising privacy. An extension for delay-free anonymization techniques for real-time streaming health data is also proposed

Framework of Social Customer Relationship Management in E-Health Services

Healthcare organization is implementing Customer Relationship Management (CRM) as a strategy for managing interactions with patients involving technology to organize, automate, and coordinate business processes. Web-based CRM provides healthcare organization with the ability to broaden service beyond its usual practices in achieving a complex patient care goal, and this paper discusses and demonstrates how a new approach in CRM based on Web 2.0 or Social CRM helps healthcare organizations to improve their customer support, and at the same time avoiding possible conflicts, and promoting better healthcare to patients. A conceptual framework of the new approach will be proposed and highlighted. The framework includes some important features of Social CRM such as customer's empowerment, social interactivity between healthcare organization-patients, and patients-patients. The framework offers new perspective in building relationships between healthcare organizations and customers and among customers in e-health scenario. It is developed based on the latest development of CRM literatures and case studies analysis. In addition, customer service paradigm in social network's era, the important of online health education, and empowerment in healthcare organization will be taken into consideration.Comment: 15 pages. arXiv admin note: substantial text overlap with arXiv:1204.3689, arXiv:1203.3919, arXiv:1204.3685, arXiv:1203.4309, arXiv:1204.3691, arXiv:1203.392

On Using Encryption Techniques to Enhance Sticky Policies Enforcement

How to enforce privacy policies to protect sensitive personal data has become an urgent research topic for security researchers, as very little has been done in this field apart from some ad hoc research efforts. The sticky policy paradigm, proposed by Karjoth, Schunter, and Waidner, provides very useful inspiration on how we can protect sensitive personal data, but the enforcement is very weak. In this paper we provide an overview of the state of the art in enforcing sticky policies, especially the concept of sticky policy enforcement using encryption techniques including Public-Key Encryption (PKE), Identity-Based Encryption (IBE), Attribute-Based Encryption (ABE), and Proxy Re-Encryption (PRE). We provide detailed comparison results on the (dis)advantages of these enforcement mechanisms. As a result of the analysis, we provide a general framework for enhancing sticky policy enforcement using Type-based PRE (TPRE), which is an extension of general PRE