Authors:
Vassiliki Koufi
;
Flora Malamateniou
and
George Vassilacopoulos
Affiliation:
University of Piraeus, Greece
Keyword(s):
Personal health records, Information availability, Access control, Emergency, Authorization propagation.
Related
Ontology
Subjects/Areas/Topics:
Biomedical Engineering
;
Cardiovascular Technologies
;
Computing and Telecommunications in Cardiology
;
Confidentiality and Data Security
;
Health Engineering and Technology Applications
;
Health Information Systems
;
Medical and Nursing Informatics
Abstract:
Traditionally patient records are generated, maintained and controlled by the individual health care providers where the patient has received care. This results in fragmented bits of data stored in diverse information systems which, in many cases, are not interoperable. Hence, a complete picture of a person’s healthcare record cannot be obtained when and where needed. A solution to this problem can be provided by personal health records (PHR), that is electronic health records (EHR) whose architectures are based on the fundamental assumptions that the complete records are centrally stored and that each patient retains authority over access to any portion of his/her record. This paper deals with a particular security issue arising in PHRs which is concerned with the process of granting (revoking) authorization to (from) healthcare professionals without the patient’s involvement. This security issue is particularly important in managing emergency cases. To deal with this problem, autho
rization propagation process is automated by means of context-aware technology, which is used to regulate user access to data via a fine-grained access control mechanism.
(More)