A Patient-centric, Attribute-based, Source-verifiable Framework for Health Record Sharing

The storage of health records in electronic format, and the wide-spread sharing of these records among different health care providers, have enormous potential benefits to the U.S. healthcare system. These benefits include both improving the quality of health care delivered to patients and reducing the costs of delivering that care. However, maintaining the security of electronic health record systems and the privacy of the information they contain is paramount to ensure that patients have confidence in the use of such systems. In this paper, we propose a framework for electronic health record sharing that is patient centric, i.e. it provides patients with substantial control over how their information is shared and with whom; provides for verifiability of original sources of health information and the integrity of the data; and permits fine-grained decisions about when data can be shared based on the use of attribute-based techniques for authorization and access control. We present the architecture of the framework, describe a prototype system we have built based on it, and demonstrate its use within a scenario involving emergency responders' access to health record information

A Consent-based Workflow System for Healthcare Systems

In this paper, we describe a new framework for healthcare systems where patients are able to control the disclosure of their medical data. In our framework, the patient's consent has a pivotal role in granting or removing access rights to subjects accessing patient's medical data. Depending on the context in which the access is being executed, different consent policies can be applied. Context is expressed in terms of workflows. The execution of a task in a given workflow carries the necessary information to infer whether the consent can be implicitly retrieved or should be explicitly requested from a patient. However, patients are always able to enforce their own decisions and withdraw consent if necessary. Additionally, the use of workflows enables us to apply the need-to-know principle. Even when the patient's consent is obtained, a subject should access medical data only if it is required by the actual situation. For example, if the subject is assigned to the execution of a medical diagnosis workflow requiring access to the patient's medical record. We also provide a complex medical case study to highlight the design principles behind our framework. Finally, the implementation of the framework is outlined

Secure and Trustable Electronic Medical Records Sharing using Blockchain

Electronic medical records (EMRs) are critical, highly sensitive private information in healthcare, and need to be frequently shared among peers. Blockchain provides a shared, immutable and transparent history of all the transactions to build applications with trust, accountability and transparency. This provides a unique opportunity to develop a secure and trustable EMR data management and sharing system using blockchain. In this paper, we present our perspectives on blockchain based healthcare data management, in particular, for EMR data sharing between healthcare providers and for research studies. We propose a framework on managing and sharing EMR data for cancer patient care. In collaboration with Stony Brook University Hospital, we implemented our framework in a prototype that ensures privacy, security, availability, and fine-grained access control over EMR data. The proposed work can significantly reduce the turnaround time for EMR sharing, improve decision making for medical care, and reduce the overall costComment: AMIA 2017 Annual Symposium Proceeding

Electronic health record standards

Objectives: This paper seeks to provide an overview of the initiatives that are proceeding internationally to develop standards for the exchange of electronic health record (EHR) information between EHR systems.Methods: The paper reviews the clinical and ethico-legal requirements and research background on the representation and communication of EHR data, which primarily originates from Europe through a series of EU funded Health Telematics projects over the post thirteen years. The major concept that underpin the information models and knowledge models are summarised. These provide the requirements and the best evidential basis from which HER communications standards should be developed.Results. The main focus of EHR communications standardisation is presently occurring at a European level, through the Committee for European Normalisation (CEN). The major constructs of the CEN 13606 model ate outlined. Complementary activity is taking place in ISO and in HL7, and some of these efforts are also summarised.Conclusior: There is a strong prospect that a generic EHR interoperability standard can be agreed at a European (and hopefully international) level. Parts of the challenge of EHR i interoperability cannot yet he standardised, because good solutions to the preservation of clinical meaning across heterogeneous systems remain to be explored. Further research and empirical projects are therefore also needed

An evaluation of break-the-glass access control model for medical data in wireless sensor networks

Wireless Sensor Networks (WSNs) have recently attracted a lot of attention in the research community because it is easy to deploy them in the physical environment and collect and disseminate environmental data from them. The collected data from sensor nodes can vary based on what kind of application is used for WSNs. Data confidentiality and access control to that collected data are the most challenging issues in WSNs because the users are able to access data from the different location via ad-hoc manner. Access control is one of the critical requirements to prevent unauthorised access from users. The current access control models in information systems cannot be applied straightforwardly because of some limitations namely limited energy, resource and memory, and low computation capability. Based on the requirements of WSNs, we proposed the Break-The-Glass Access Control (BTG-AC) model which is the modified and redesigned version of Break-The-Glass Role-Based Access Control (BTG-RBAC) model. The several changes within the access control engine are made in BTG-RBAC to apply and fit in WSNs. We developed the BTG-AC model in Ponder2 package. Also a medical scenario was developed to evaluate the BTG-AC model for medical data in WSNs. In this paper, detail design, implementation phase, evaluation result and policies evaluation for the BTG-AC model are presented. Based on the evaluation result, the BTG-AC model can be used in WSNs after several modifications have been made under Ponder2 Package