论文信息 - Addressing Privacy in a Federated Identity Management Network for EHealth

Addressing Privacy in a Federated Identity Management Network for EHealth

E-health networks can provide integrated services to patients and health care workers that are more broadly accessible by leveraging Internet technology and electronic health records. However, issues of security and privacy must be addressed. In particular, compliance with relevant privacy legislation must be established. Federated identity management can enable users and service providers to securely and systematically manage identities and user profiles in a single sign on framework that controls access to personal information. In this paper, we use a simple ePrescription scenario to analyze the business and technical issues that need to be addressed in a Liberty Alliance federated identity management framework. We look at the potential impact of privacy compliance on three existing components of the framework (Discovery Service, Identity Mapping Service, Interaction Service) as well as a fourth component (Audit Service) that has been proposed to address potential privacy breeches in Liberty Alliance.

L. Peyton | Chintan Doshi | Jun Hu | P. Seguin

[1] Liam Peyton,et al. Tracking privacy compliance in B2B networks , 2004, ICEC '04.

[2] Kathrin M. Möslein,et al. Identities Management for E-Commerce and Collaboration Applications , 2005, Int. J. Electron. Commer..

[3] Matthew Alexander Webster,et al. An aspect oriented performance analysis environment , 2003 .

[4] N. Paramesh,et al. Enforcing Business Rules and Information Security Policies through Compliance Audits; XISSF - A Compliance Specification Mechanism , 2006, 2006 IEEE/IFIP Business Driven IT Management.

[5] K. El Emam,et al. Evaluating Common De-Identification Heuristics for Personal Health Information , 2006, Journal of medical Internet research.

[6] Jianguo Zhang,et al. HIPPA's compliant Auditing System for Medical Imaging System , 2005, 2005 IEEE Engineering in Medicine and Biology 27th Annual Conference.

[7] Mark S. Ackerman,et al. Privacy in e-commerce: examining user scenarios and privacy preferences , 1999, EC '99.

[8] Gail-Joon Ahn,et al. Ensuring information assurance in federated identity management , 2004, IEEE International Conference on Performance, Computing, and Communications, 2004.

[9] Mansour Alsaleh,et al. Enhancing Consumer Privacy in the Liberty Alliance Identity Federation and Web Services Frameworks , 2006, Privacy Enhancing Technologies.

[10] Jacob Slonim,et al. Owner-controlled information , 2003, NSPW '03.

[11] Liam Peyton,et al. A Generative Framework for Managed Services , 2004, GPCE.