How to break access control in a controlled manner

The Electronic Medical Record (EMR) integrates heterogeneous information within a Healthcare Institution stressing the need for security and access control. The Biostatistics and Medical Informatics Department from Porto Faculty of Medicine has recently implemented a Virtual EMR (VEMR) in order to integrate patient information and clinical reports within a university hospital. With more than 500 medical doctors using the system on a daily basis, an access control policy and model were implemented. However, the healthcare environment has unanticipated situations (i.e. emergency situations) where access to information is essential. Most traditional policies do not allow for overriding. A policy that allows for Break-The-Glass (BTG) was implemented in order to override access control whilst providing for non-repudiation mechanisms for its usage. The policy was easily integrated within the model confirming its modularity and the fact that user intervention in defining security procedures is crucial to its successful implementation and use

XML data integrity based on concatenated hash function

Data integrity is the fundamental for data authentication. A major problem for XML data authentication is that signed XML data can be copied to another document but still keep signature valid. This is caused by XML data integrity protecting. Through investigation, the paper discovered that besides data content integrity, XML data integrity should also protect element location information, and context referential integrity under fine-grained security situation. The aim of this paper is to propose a model for XML data integrity considering XML data features. The paper presents an XML data integrity model named as CSR (content integrity, structure integrity, context referential integrity) based on a concatenated hash function. XML data content integrity is ensured using an iterative hash process, structure integrity is protected by hashing an absolute path string from root node, and context referential integrity is ensured by protecting context-related elements. Presented XML data integrity model can satisfy integrity requirements under situation of fine-grained security, and compatible with XML signature. Through evaluation, the integrity model presented has a higher efficiency on digest value-generation than the Merkle hash tree-based integrity model for XML data

Security Management in Health Care Information Systems- A Literature Review

acceptedVersionNivå

Ontological clarity and comprehension in health data models

Conceptual modeling forms an important part of systems analysis. If this is done incorrectly or incompletely, there can be serious implications for the resultant system, specifically in terms of rework and useability. One approach to improving the conceptual modelling process is to evaluate how well the model represents reality. Emergence of the Bunge-Wand-Weber (BWW) ontological model introduced a platform to classify and compare the grammar of conceptual modelling languages. This work applies the BWW theory to a real world example in the health arena. The general practice computing group data model was developed using the Barker Entity Relationship Modelling technique. We describe an experiment, grounded in ontological theory, which evaluates how well the GPCG data model is understood by domain experts. The results show that with the exception of the use of entities to represent events, the raw model is better understood by domain expert

Architecture of a consent management suite and integration into IHE-based regional health information networks

<p>Abstract</p> <p>Background</p> <p>The University Hospital Heidelberg is implementing a Regional Health Information Network (RHIN) in the Rhine-Neckar-Region in order to establish a shared-care environment, which is based on established Health IT standards and in particular Integrating the Healthcare Enterprise (IHE). Similar to all other Electronic Health Record (EHR) and Personal Health Record (PHR) approaches the chosen Personal Electronic Health Record (PEHR) architecture relies on the patient's consent in order to share documents and medical data with other care delivery organizations, with the additional requirement that the German legislation explicitly demands a patients' opt-in and does not allow opt-out solutions. This creates two issues: firstly the current IHE consent profile does not address this approach properly and secondly none of the employed intra- and inter-institutional information systems, like almost all systems on the market, offers consent management solutions at all. Hence, the objective of our work is to develop and introduce an extensible architecture for creating, managing and querying patient consents in an IHE-based environment.</p> <p>Methods</p> <p>Based on the features offered by the IHE profile Basic Patient Privacy Consent (BPPC) and literature, the functionalities and components to meet the requirements of a centralized opt-in consent management solution compliant with German legislation have been analyzed. Two services have been developed and integrated into the Heidelberg PEHR.</p> <p>Results</p> <p>The standard-based Consent Management Suite consists of two services. The Consent Management Service is able to receive and store consent documents. It can receive queries concerning a dedicated patient consent, process it and return an answer. It represents a centralized policy enforcement point. The Consent Creator Service allows patients to create their consents electronically. Interfaces to a Master Patient Index (MPI) and a provider index allow to dynamically generate XACML-based policies which are stored in a CDA document to be transferred to the first service. Three workflows have to be considered to integrate the suite into the PEHR: recording the consent, publishing documents and viewing documents.</p> <p>Conclusions</p> <p>Our approach solves the consent issue when using IHE profiles for regional health information networks. It is highly interoperable due to the use of international standards and can hence be used in any other region to leverage consent issues and substantially promote the use of IHE for regional health information networks in general.</p

Security Requirements for a Lifelong Electronic Health Record System: An Opinion

This article discusses the authors' views on the security requirements of a central, unique electronic health record. The requirements are based on the well-known principles of confidentiality and integrity and the less discussed principles of control and legal value. The article does not discuss any technical or legal solutions to the requirements proposed herein

Web-based Secure Access from Multiple Patient Reservoirs

Objective: For the ubiquity of medical service, when user who has proper authority want to access medical data, user accessability should be assured. And the security of the disclosed medical data is important. This paper presents single user access interface on multiple patient reservoirs and elaborate access control using the Role-Based Access Control(RBAC) system. Methods: Proposed system consists of 4-tier architecture that is client application, Access Control Central(ACC) agent, Local Access Control(LAC) agent and Hospital Information Systems(HIS). User requests medical data with client application. ACC notarizes user identity and controls access of user request and selectively encrypts medical data. LAC charges data conversion for communication between ACC and HIS. HIS has repositories of medical datum. System provides security service with digital certificate, X.509v3, of user. Results:User requests medical data of several HIS approaching single ACC not by each HIS. Through conversion process of LAC, data that is described XML and is used for communication inter system enables information exchange with single common data format that is independent to several HIS. ConclusionIn the proposed system, user accesses medical datum of several HIS regardless of location and has consistent access interface. And using independent format against each HIS makes easy information exchange between several HIS. Transferred data maintains security about significant datum by selective encryption and increases encryption efficiency. Unified access control about multiple patient reservoirs that are scattered in other places provides unified and precise diagnosis of patient information. And it functions the portal of collaborate treatment in inter-HIS.ope

Source Data for the Focus Area Maturity Model for Software Ecosystem Governance

We define a software ecosystem as a set of organizations collaboratively serving a market for software and services. Typically these ecosystems are underpinned by a common technology, such as an extendable software platform. This data set supports the article that describes the Software Ecosystem Governance Maturity Model (SEG−M2) [50]. The model has the goal to support software ecosystem orchestrators in the management and governance of the actors in their ecosystems in a structured way. Through a critical structured literature review, 168 practices have been collected. These practices have been evaluated through six case studies at software ecosystem orchestrators. The practices are described with a practice code, a practice name, a practice description, required success conditions, the person responsible for the practice, and the associated literature where the practice was identified