A Digital Rights Management Model for Healthcare

Electronic healthcare records promise to increase the efficiency and effectiveness of healthcare systems, but also introduce new risks to the security and privacy of healthcare information. In this paper, we outline how digital rights management can be used to protect health information transmitted throughout a distributed healthcare system. Our proposal allows for information to be disclosed on a need-to-know basis as defined by workflows, and in line with the wishes of patients.

[1]  John Zic,et al.  A Tag-Based Data Model for Privacy-Preserving Medical Applications , 2006, EDBT Workshops.

[2]  Stefan Katzenbeisser,et al.  Rights Management Technologies: A Good Choice for Securing Electronic Health Records? , 2007, ISSE.

[3]  Michael Waidner,et al.  Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data , 2002, Privacy Enhancing Technologies.

[4]  Reinhold Haux,et al.  An e-consent-based shared EHR system architecture for integrated healthcare networks , 2007, Int. J. Medical Informatics.

[5]  Paul Greenfield,et al.  A Decentralised Approach to Electronic Consent and Health Information Access Control , 2005, J. Res. Pract. Inf. Technol..

[6]  John Fulcher,et al.  Consent Mechanisms for Electronic Health Record Systems: A Simple Yet Unresolved Issue , 2007, Journal of Medical Systems.

[7]  Andrew Hutchison,et al.  Persistent access control: a formal model for drm , 2007, DRM '07.

[8]  Reihaneh Safavi-Naini,et al.  Digital Rights Management for Content Distribution , 2003, ACSW.

[9]  Marco Casassa Mont,et al.  A Systemic Approach to Automate Privacy Policy Enforcement in Enterprises , 2006, Privacy Enhancing Technologies.

[10]  Vijayalakshmi Atluri,et al.  An Authorization Model for Workflows , 1996, ESORICS.

[11]  Thomas S. Messerges,et al.  Digital rights management in a 3G mobile phone and beyond , 2003, DRM '03.

[12]  Larry Korba,et al.  Applying digital rights management systems to privacy rights management , 2002, Comput. Secur..

[13]  Mor Peleg,et al.  Introduction to the Third International Workshop on Process-Oriented Information Systems in Healthcare (ProHealth 2009) , 2009, Business Process Management Workshops.

[14]  Henning Schulzrinne,et al.  Application-layer mobility using SIP , 2000, MOCO.