An Access Control Model to Facilitate Healthcare Information Access in Context of Team Collaboration

The delivery of healthcare relies on the sharing of patients information among a group of healthcare professionals (so-called multidisciplinary teams (MDTs)). At present, electronic health records (EHRs) are widely utilized system to create, manage and share patient healthcare information among MDTs. While it is necessary to provide healthcare professionals with privileges to access patient health information, providing too many privileges may backfire when healthcare professionals accidentally or intentionally abuse their privileges. Hence, finding a middle ground, where the necessary privileges are provided and malicious usage are avoided, is necessary. This thesis highlights the access control matters in collaborative healthcare domain. Focus is mainly on the collaborative activities that are best accomplished by organized MDTs within or among healthcare organizations with an objective of accomplishing a specific task (patient treatment). Initially, we investigate the importance and challenges of effective MDTs treatment, the sharing of patient healthcare records in healthcare delivery, patient data confidentiality and the need for flexible access of the MDTs corresponding to the requirements to fulfill their duties. Also, we discuss access control requirements in the collaborative environment with respect to EHRs and usage scenario of MDTs collaboration. Additionally, we provide summary of existing access control models along with their pros and cons pertaining to collaborative health systems. Second, we present a detailed description of the proposed access control model. In this model, the MDTs is classified based on Belbin’s team role theory to ensure that privileges are provided to the actual needs of healthcare professionals and to guarantee confidentiality as well as protect the privacy of sensitive patient information. Finally, evaluation indicates that our access control model has a number of advantages including flexibility in terms of permission management, since roles and team roles can be updated without updating privilege for every user. Moreover, the level of fine-grained control of access to patient EHRs that can be authorized to healthcare providers is managed and controlled based on the job required to meet the minimum necessary standard and need-to-know principle. Additionally, the model does not add significant administrative and performance overhead.publishedVersio

Quality framework for semantic interoperability in health informatics: definition and implementation

Aligned with the increased adoption of Electronic Health Record (EHR) systems, it is recognized that semantic interoperability provides benefits for promoting patient safety and continuity of care. This thesis proposes a framework of quality metrics and recommendations for developing semantic interoperability resources specially focused on clinical information models, which are defined as formal specifications of structure and semantics for representing EHR information for a specific domain or use case. This research started with an exploratory stage that performed a systematic literature review with an international survey about the clinical information modelling best practice and barriers. The results obtained were used to define a set of quality models that were validated through Delphi study methodologies and end user survey, and also compared with related quality standards in those areas that standardization bodies had a related work programme. According to the obtained research results, the defined framework is based in the following models: Development process quality model: evaluates the alignment with the best practice in clinical information modelling and defines metrics for evaluating the tools applied as part of this process. Product quality model: evaluates the semantic interoperability capabilities of clinical information models based on the defined meta-data, data elements and terminology bindings. Quality in use model: evaluates the suitability of adopting semantic interoperability resources by end users in their local projects and organisations. Finally, the quality in use model was implemented within the European Interoperability Asset register developed by the EXPAND project with the aim of applying this quality model in a broader scope to contain any relevant material for guiding the definition, development and implementation of interoperable eHealth systems in our continent. Several European projects already expressed interest in using the register, which will now be sustained by the European Institute for Innovation through Health Data