Implementing Web-based e-Health Portal Systems

As an emerging form of enabling technology, Web-based e-Health portals provide patients easier accesses to their healthcare information and services. We design and implement such an e-Health portal which can integrate many backend medical services effectively. A major challenge in designing such a system is to meet critical security requirements, such as the confidentiality of patient data, the integrity of diagnosis results, and the availability of healthcare services. In this thesis I address the issue from the access control perspective. More specifically, I first propose a two-tier approach to access control for e-Health portals. The approach supplements existing Role Based Access Control (RBAC) capabilities with a rule-based access control module based on the classical Flexible Authorization Framework (FAF) model. I study conflict resolution and interaction between the two modules. I also address authentication for real-time services provided by remote service providers.

[1]  a. gokhale,et al.  Reinventing the Wheel ? CORBA vs . Web Services , 2006 .

[2]  Robert O. Rainer,et al.  An architecture for Naval telemedicine , 1997, IEEE Transactions on Information Technology in Biomedicine.

[3]  Constantinos S. Pattichis,et al.  Multipurpose health care telemedicine system , 2001, 2001 Conference Proceedings of the 23rd Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[4]  Lillian Røstad,et al.  A Study of Access Control Requirements for Healthcare Systems Based on Audit Trails from Access Logs , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[5]  Qian Liu,et al.  Preserving Privacy in E-health Systems Using Hippocratic Databases , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.

[6]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[7]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[8]  Marios S. Pattichis,et al.  Wireless telemedicine systems: an overview , 2002 .

[9]  Francesco Beltrame,et al.  Adopting telemedicine services in the airline framework , 2001, IEEE Transactions on Information Technology in Biomedicine.

[10]  D.M. Brennan,et al.  An interactive telemedicine system for remote speech-language pathology treatment , 2004, The 26th Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[11]  Gurjit Kaur,et al.  E-health: A new perspective on global health , 2006 .

[12]  Jean-Raoul Scherrer,et al.  Healthcare information system architecture (HISA) and its middleware models , 1999, AMIA.

[13]  Lingyu Wang,et al.  A Hierarchical Approach to the Specification of Privacy Preferences , 2007, 2007 Innovations in Information Technologies (IIT).

[14]  Qian Liu,et al.  Securing Telehealth Applications in a Web-Based e-Health Portal , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[15]  Marios S. Pattichis,et al.  Mobile health systems: a brief overview , 2002, SPIE Defense + Commercial Sensing.

[16]  Sushil Jajodia,et al.  Creating Objects in the Flexible Authorization Framework , 2006, DBSec.

[17]  Mark Evered,et al.  A Case Study in Access Control Requirements for a Health Information System , 2004, ACSW.

[18]  Ernest Friedman-Hill,et al.  Jess in action : rule-based systems in Java , 2003 .

[19]  A. Taleb-Bendiab,et al.  E-health support services based on service-oriented architecture , 2006, IT Professional.

[20]  John M. Long,et al.  Computer-Based Medical Systems , 1994, Adv. Comput..

[21]  Seong Ki Mun,et al.  Telemedicine in neurosurgery: peri-operative management , 1998, Proceedings Pacific Medical Technology Symposium-PACMEDTek. Transcending Time, Distance and Structural Barriers (Cat. No.98EX211).

[22]  E. Jovanov Wireless Technology and System Integration in Body Area Networks for m-Health Applications , 2005, 2005 IEEE Engineering in Medicine and Biology 27th Annual Conference.

[23]  Aura Ganz,et al.  A mobile teletrauma system using 3G networks , 2004, IEEE Transactions on Information Technology in Biomedicine.

[24]  P. Rubel,et al.  Towards new integrated information and communication infrastructures in e-health. Examples from cardiology , 2003, Computers in Cardiology, 2003.

[25]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[26]  C.Y. Ryu,et al.  Realization of an e-Health System to Perceive Emergency Situations , 2004, The 26th Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[27]  Emil Jovanov,et al.  Guest Editorial Introduction to the Special Section on M-Health: Beyond Seamless Mobility and Global Wireless Health-Care Connectivity , 2004, IEEE Transactions on Information Technology in Biomedicine.