Accessing Patient Records in Virtual Healthcare Organisations

The ARTEMIS project is developing a semantic web service based P2P interoperability infrastructure for healthcare information systems that will allow healthcare providers to securely share patient records within virtual healthcare organisations. Authorisation decisions to access patient records across organisation boundaries can be very dynamic and must occur within a strict legislative framework. In ARTEMIS we are developing a dynamic authorisation mechanism called PBAC that provides a means of contextual and process oriented access control to enforce healthcare business processes. PBAC demonstrates how healthcare providers can dynamically share patient records for care pathways across organisation boundaries

Towards A Well-Secured Electronic Health Record in the Health Cloud

The major concerns for most cloud implementers particularly in the health care industry have remained data security and privacy. A prominent and major threat that constitutes a hurdle for practitioners within the health industry from exploiting and benefiting from the gains of cloud computing is the fear of theft of patients health data in the cloud. Investigations and surveys have revealed that most practitioners in the health care industry are concerned about the risk of health data mix-up amongst the various cloud providers, hacking to comprise the cloud platform and theft of vital patients’ health data.An overview of the diverse issues relating to health data privacy and overall security in the cloud are presented in this technical report. Based on identifed secure access requirements, an encryption-based eHR security model for securing and enforcing authorised access to electronic health data (records), eHR is also presented. It highlights three core functionalities for managing issues relating to health data privacy and security of eHR in health care cloud

Secure spontaneous emergency access to personal health record

We propose a system which enables access to the user's Personal Health Record (PHR) in the event of emergency. The access typically occurs in an ad-hoc and spontaneous manner and the user is usually unconscious, hence rendering the unavailability of the user's password to access the PHR. The proposed system includes a smart card carried by the user at all time and it is personalized with a pseudo secret, an URL to the PHR Server, a secret key shared with the PHR Server and a number of redemption tokens generated using a hash chain. In each emergency session, a one-time use redemption token is issued by the smart card, allowing the emergency doctor to retrieve the user's PHR upon successful authentication of his credentials and validation of the redemption token. The server returns the PHR encrypted with a one-time session key which can only be decrypted by the emergency doctor. The devised interaction protocol to facilitate emergency access to the user's PHR is secure and efficient

Security and confidentiality approach for the Clinical E-Science Framework (CLEF)

CLEF is an MRC sponsored project in the E-Science programme that aims to establish policies and infrastructure for the next generation of integrated clinical and bioscience research. One of the major goals of the project is to provide a pseudonymised repository of histories of cancer patients that can be accessed by researchers. Robust mechanisms and policies are needed to ensure that patient privacy and confidentiality are preserved while delivering a repository of such medically rich information for the purposes of scientific research. This paper summarises the overall approach adopted by CLEF to meet data protection requirements, including the data flows and pseudonymisation mechanisms that are currently being developed. Intended constraints and monitoring policies that will apply to research interrogation of the repository are also outlined. Once evaluated, it is hoped that the CLEF approach can serve as a model for other distributed electronic health record repositories to be accessed for research

Security and confidentiality approach for the Clinical E-Science Framework (CLEF)

Objectives: CLEF is an MRC sponsored project in the E-Science programme that aims to establish methodologies and a technical infrastructure for the next generation of integrated clinical and bioscience research. Methods: The heart of the CLEF approach to this challenge is to design and develop a pseudonymised repository of histories of cancer patients that can be accessed by researchers. Robust mechanisms and policies have been developed to ensure that patient privacy and confidentiality are preserved while delivering a repository of such medically rich information for the purposes of scientific research. Results: This paper summarises the overall approach adopted by CLEF to meet data protection requirements, including the data flows, pseudonymisation measures and additional monitoring policies that are currently being developed. Conclusion: Once evaluated, it is hoped that the CLEF approach can serve as a model for other distributed electronic health record repositories to be accessed for research