AUTHORIZATION IN CLOUD E-RADIOLOGY SERVICES

Vassiliki Koufi, Flora Malamateniou, George Vassilacopoulos

2010

Abstract

The confidentiality of healthcare information is extremely important in any healthcare system. This paper is concerned with the development of suitable authorization and access control framework for eRadiology seen as a cloud computing service offered to healthcare professionals and patients alike. While eRadiology is expected to improve many aspects of healthcare, these high expectations will be achieved only if provider organizations pay continuing attention to the features that would most improve patients’ safety and health and select systems that have such appropriate features, security being among the most prominent ones. In particular, although the eRadiology workflow varies with the context, giving rise to specific ordering of task executions, it is authorization that determines who can execute the various workflow tasks and what information can be accessed during task executions. The main objective of this paper is to embed context-aware access control into eRadiology workflows, operating in conjunction with a personal healthcare record (PHR) system which has been implemented in a cloud computing infrastructure. The proposed model enables authorization to be based not only on static rules and roles but also to be influenced by the workflow execution context ensuring precise and tight access control. The resultant security system has been incorporated into a prototype eRadiology workflow to enable authorized access to patient information when and where needed.

References

  1. Andriole, K.P., Khorasani R., 2010. Cloud Computing: What Is It and Could it Be Useful?. In Journal of American College of Radiology, Vol.7, No. 4, pp. 252- 254.
  2. Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R. H., Konwinski, A., Lee, G., Patterson, D.A., Rabkin, A., Stoica, I., Zaharia, M., 2009. Above the Clouds: A Berkely View of Cloud Computing. Technical Report No. UCB/EECS-2009-28, http://www.eecs. berkeley.edu/Pubs/TechRpts/2009/EECS-2009- 28.html.
  3. Ash, J., Berg, M., Coiera, E., 2004. Some Unintended Consequences of Information Technology in Health Care: The Nature of Patient Care Information System Related Errors. In Journal of the American Medical Informatics Association,Vol. 11, No. 2, pp. 104-112.
  4. Bell, D.S., Cretin, S., Marken, R.S., Landman, A.B., 2004. A Conceptual Framework for Evaluating Outpatient Electronic Prescribing Systems Based on Their Functional Capabilities. In Journal of the American Medical Informatics Association, Vol. 11, No. 1, pp. 60-70.
  5. Benjamin, M., Aradia, Y., Shreibera, R., 2010. From shared data to sharing workflow: Merging PACS and teleradiology. In European Journal of Radiology, Vol. 73, pp. 3-9.
  6. Bruening, P., Treacy, B, 2009. Cloud Computing: Privacy, Security Challenges. In The Bureau of National Affairs.
  7. Buyya, R., Yeo, C.S., Venugopal, S., Broberg, J., Brandic, I., 2009. Cloud computing and emerging IT platforms:Vision, hype, and reality for delivering computing as the 5th utility. In Future Generation Computer Systems, Vol 25, pp. 599-616.
  8. Cavoukian, A., 2008. Privacy in the clouds. In Identity in the Information Society, Vol. 1, No. 1, pp. 89-108.
  9. Collin, S., Reeves, B.C., Hendy, J., Fulop, N., Hutchings, A., Priedane, E., 2008. Implementation of computerised physician order entry (CPOE) and picture archiving and communication systems (PACS) in the NHS: quantitative before and after study. In British Medical Journal, 337:a939.
  10. Harvey, D., 2010. Record in the Clouds. In Radiology Today, Vol. 11, No. 2, p. 10.
  11. IBM Cloud computing White paper, 2009. IBM Point of View: Security and Cloud Computing, ftp://public.dhe.ibm.com/common/ssi/sa/wh/n/tiw1404 5usen/TIW14045USEN_HR.pdf.
  12. IBM Corporation, 2005. IBM Websphere Workflow - Getting Started with Buildtime V. 3.6.
  13. Information Technology in Healthcare, 2004. Report to the Congress: New Approaches in Medicare, http://www.medpac.gov/publications/congressional_re ports/June04_ch7.pdf.
  14. Kaelber, D.C., Shah, S., Vincent, A., Pan, E., Hook, J.M., Johnston, D., Bates, D.W., Middleton, B., 2008. The Value of Personal Health Records, By the Center for Information Technology Leadership (CITL), http://www.citl.org/publications/_pdf/CITL_PHR_Rep ort.pdf.
  15. Metfessel, B.A., 2007. Financial and Clinical Features of Hospital Information Systems. In Healthcare Organizations, Journal of Financial Management Strategies, Vol. 2, No. 3.
  16. Muttig I., Burton C., 2009. Cloud Security Technologies. In Information Security Technical Report, Vol. 14, pp. 1-6.
  17. Pearson, S., 2009. Taking Account of Privacy when Designing Cloud Computing Services. Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, Vancouver, Canada.
  18. Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S., 2002. A Community Authorization Service for Group Collaboration. Proceedings of the 3rd IEEE International Workshop on Policies for Distributed Systems and Networks, Monterey, USA.
  19. Polymenopoulou, M., Malamateniou, F., Vassilacopoulos, G., 2005. Emergency Healthcare Process Automation using Workflow Technology and Web Services. In International Journal of Medical Informatics, Vol. 28, No. 3, pp. 195-207.
  20. Reid, W., 2010. Managing the Flow of Radiology. In Imaging Economics, May 2010.
  21. Rosenthal, A., Mork, P. Li, M.H., Stanford, J., Koester, D., Reynolds, P., 2010. Cloud computing: A new business paradigm for biomedical information sharing. In Journal of Biomedical Informatics, Vol. 43, pp. 342-253.
  22. Shimrat, O., 2009. Cloud Computing and Healthcare, San Diego Physician.org.
  23. Steele, R., Lo, A., 2009. Future Personal Health Records as a Foundation for Computational Health, In Computational Science and Its Applications - ICCSA, Vol. 5593, pp. 719-733.
  24. Telemedicine Information Exchange-TIE Europe., 2005. How e-radiology can help?, http://tie.telemed.org/europe/toolkits/kitdom.asp?load =toc&name=telerad.
  25. Terry, M., 2008. Personal Health Records - Who are the key PHR providers and how are they handling laboratory results, Washington G2 Reports, http://www.g2reports.com/issues/advisory/advisory/m ark_terry/345-1.html.
  26. U.S. Department of Health and Human Services, Office of the Secretary, 2004. 45 CFR Part 162. Standard Unique Health Identifier for Health Care Providers. In Federal Register, Vol. 69, No. 15, pp. 3434-3469.
  27. van der Burg, S., Dolstra, E., 2009, Software Development in a Dynamic Cloud: From Device to Service Orientation in a Hospital Environment. Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, Vancouver, Canada.
Download


Paper Citation


in Harvard Style

Koufi V., Malamateniou F. and Vassilacopoulos G. (2010). AUTHORIZATION IN CLOUD E-RADIOLOGY SERVICES . In Proceedings of the International Conference on Knowledge Management and Information Sharing - Volume 1: KMIS, (IC3K 2010) ISBN 978-989-8425-30-0, pages 273-279. DOI: 10.5220/0003144402730279


in Bibtex Style

@conference{kmis10,
author={Vassiliki Koufi and Flora Malamateniou and George Vassilacopoulos},
title={AUTHORIZATION IN CLOUD E-RADIOLOGY SERVICES},
booktitle={Proceedings of the International Conference on Knowledge Management and Information Sharing - Volume 1: KMIS, (IC3K 2010)},
year={2010},
pages={273-279},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003144402730279},
isbn={978-989-8425-30-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Knowledge Management and Information Sharing - Volume 1: KMIS, (IC3K 2010)
TI - AUTHORIZATION IN CLOUD E-RADIOLOGY SERVICES
SN - 978-989-8425-30-0
AU - Koufi V.
AU - Malamateniou F.
AU - Vassilacopoulos G.
PY - 2010
SP - 273
EP - 279
DO - 10.5220/0003144402730279