Towards Self-Protecting Security for e-Health CDA Documents

To protect the security and privacy of electronic medical records, it is often necessary to employ a variety of security mechanisms such as encryption, integrity control, authentication, and access control. This paper proposes a framework that extends HL7 Clinical Document Architecture (CDA) documents with markups from XML based security standards, including eXtensible Access Control Markup Language, XML Encryption, and XML Signature. This integrated structure uses a CDA document as the container while access control policies, digital signatures and encrypted data are all embedded within the same CDA document in a fine-grained manner. This approach can be used to provide self-protecting security for CDA documents no matter where they reside: in transit within HL7 messages or in existence as independent persistent information objects outside messages.

[1]  Jens H. Weber,et al.  Protecting privacy during peer-to-peer exchange of medical documents , 2012, Inf. Syst. Frontiers.

[2]  David C. Yen,et al.  Design and Implementation of a Telecare Information Platform , 2012, Journal of Medical Systems.

[3]  Lisa M. Marvel,et al.  Using XACML for Embedded and Fine-Grained Access Control Policy , 2009, 2009 International Conference on Availability, Reliability and Security.

[4]  Edgar R. Weippl,et al.  XML security - A comparative literature review , 2008, J. Syst. Softw..

[5]  Elisa Bertino,et al.  Security for Web Services and Service-Oriented Architectures , 2009 .

[6]  Lisa M. Marvel,et al.  Integrated mandatory access control for digital data , 2008, SPIE Defense + Commercial Sensing.

[7]  George Hsieh,et al.  Supporting Secure Embedded Access Control Policy with XACML+XML Security , 2010, 2010 5th International Conference on Future Information Technology.

[8]  Hsiu-Hui Lee,et al.  Application of Portable CDA for Secure Clinical-document Exchange , 2010, Journal of Medical Systems.

[9]  P. V. Biron,et al.  The HL7 Clinical Document Architecture. , 2001, Journal of the American Medical Informatics Association : JAMIA.

[10]  George Hsieh,et al.  Towards an Integrated Embedded Fine-Grained Information Protection Framework , 2011, 2011 International Conference on Information Science and Applications.