Emerging Trends in Health Care Delivery: Towards Collaborative Security for NIST RBAC

In the next 10 years there will be rapid adoption of health information technology - electronic medical records by providers and personal health records by patients - linked via health information exchange. There is an emergent need to provide secure access to information spread across multiple repositories for health care providers (e.g., physicians, nurses, home health aides, etc.) who collaborate with one another across cyberspace to deliver patient care. Are available security models capable of supporting collaborative access where providers are simultaneously modifying a patient's medical record? To address this question, this paper details collaborative security extensions to NIST RBAC.

[1]  Yan Xiao,et al.  Artifacts and collaborative work in healthcare: methodological, theoretical, and technological implications of the tangible , 2005, J. Biomed. Informatics.

[2]  Shannon A. Sims,et al.  Surveillance of methadone-related adverse drug events using multiple public health data sources , 2007, J. Biomed. Informatics.

[3]  Ravi S. Sandhu,et al.  A general design towards secure ad-hoc collaboration , 2006, ASIACCS '06.

[4]  S. M. Shah,et al.  Information technology and health care. , 1998, JPMA. The Journal of the Pakistan Medical Association.

[5]  Richard O. Sinnott,et al.  Dynamic trust negotiation for flexible e-health collaborations , 2008, Mardi Gras Conference.

[6]  Hong Chen,et al.  Constraint generation for separation of duty , 2006, SACMAT '06.

[7]  Thomas C. Rindfleisch,et al.  Privacy, information technology, and health care , 1997, CACM.

[8]  T. C. Ting Application Information Security Semantics: A Case of Mental Health Delivery , 1989, DBSec.

[9]  T. C. Ting A User-Role Based Data Security Approach , 1988, Database Security.

[10]  Gail-Joon Ahn,et al.  Role-based authorization constraints specification , 2000, TSEC.

[11]  Uday O. Ali Pabrai Getting started with HIPAA , 2003 .

[12]  Albert A. Rizzo,et al.  Virtual humans for assisted health care , 2008, PETRA '08.

[13]  Madhu C. Reddy,et al.  Moving patients around: a field study of coordination between clinical and non-clinical staff in hospitals , 2008, CSCW.

[14]  Joon S. Park,et al.  A Secure Workflow System for Dynamic Collaboration , 2001, SEC.

[15]  Leticia San Martín-Rodríguez,et al.  A model and typology of collaboration between professionals in healthcare organizations , 2008, BMC health services research.

[16]  Rakesh Agrawal,et al.  Enabling the 21st century health care information technology revolution , 2007, CACM.

[17]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[18]  Seng-Phil Hong,et al.  Access control in collaborative systems , 2005, CSUR.

[19]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[20]  Joachim Biskup,et al.  Protection of Privacy and Confidentiality in Medical Information Systems: Problems and Guidelines , 1989, DBSec.