论文信息 - A Patient-centric, Attribute-based, Source-verifiable Framework for Health Record Sharing

A Patient-centric, Attribute-based, Source-verifiable Framework for Health Record Sharing

The storage of health records in electronic format, and the wide-spread sharing of these records among different health care providers, have enormous potential benefits to the U.S. healthcare system. These benefits include both improving the quality of health care delivered to patients and reducing the costs of delivering that care. However, maintaining the security of electronic health record systems and the privacy of the information they contain is paramount to ensure that patients have confidence in the use of such systems. In this paper, we propose a framework for electronic health record sharing that is patient centric, i.e. it provides patients with substantial control over how their information is shared and with whom; provides for verifiability of original sources of health information and the integrity of the data; and permits fine-grained decisions about when data can be shared based on the use of attribute-based techniques for authorization and access control. We present the architecture of the framework, describe a prototype system we have built based on it, and demonstrate its use within a scenario involving emergency responders’ access to health record information.

[1] Emil C. Lupu,et al. Conflicts in Policy-Based Distributed Systems Management , 1999, IEEE Trans. Software Eng..

[2] Gail-Joon Ahn,et al. A role-based delegation framework for healthcare information systems , 2002, SACMAT '02.

[3] Peter Sewell,et al. Cassandra: flexible trust management, applied to electronic health records , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[4] Gail-Joon Ahn,et al. Role-based authorization in decentralized health care environments , 2003, SAC '03.

[5] Ravi S. Sandhu,et al. Role-Based Access Control Models , 1996, Computer.

[6] Elisa Bertino,et al. XACML Policy Integration Algorithms , 2008, TSEC.

[7] Tim Moses,et al. EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[8] David M. Eyers,et al. OASIS role-based access control for electronic health records , 2006, IEE Proc. Softw..

[9] Dawn Xiaodong Song,et al. Homomorphic Signature Schemes , 2002, CT-RSA.

[10] Rakesh Bobba,et al. Using Attribute-Based Access Control to Enable Attribute-Based Messaging , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[11] David Cash,et al. Minimal information disclosure with efficiently verifiable credentials , 2008, DIM '08.