Research Issues of Privacy Access Control Model for Mobile Ad Hoc Healthcare Applications with XACML

Information privacy is usually concerned with the confidentiality of protected health information (PHI) such as electronic medical records (EMR). To meet the needs of highly mobile patients in healthcare scenarios, mobile devices such as personal digital assistants (PDAs) are being used for storing entire patient histories and physicals, research data collection forms, the physician's reference desk, current care plans, and drug orders. Thus, the information access control mechanism for mobile ad hoc healthcare applications must be embedded with privacy- enhancing technologies. This paper presents the research issues of developing a privacy access control model for supporting mobile ad hoc healthcare applications. This paper also shows how extensible Access Control Markup Language (XACML) can protect confidential EMR in such a setting.

[1]  P. Mazzuca Access Control in a Distributed Decentralized Network: An XML Approach to Network Security , 2004 .

[2]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[3]  Panos Periorellis Authorization-Authentication Using XACML and SAML , 2005 .

[4]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[5]  Upkar Varshney,et al.  Using Wireless Networks for Enhanced Monitoring of Patients , 2004, AMCIS.

[6]  Simone Fischer-Hübner,et al.  IT-Security and Privacy , 2001, Lecture Notes in Computer Science.

[7]  H. Leino‐Kilpi,et al.  Privacy: a review of the literature. , 2001, International journal of nursing studies.

[8]  Chris McDonald,et al.  Establishing Trust In Pure Ad-hoc Networks , 2004, ACSC.

[9]  Jean Jacques Moreau,et al.  SOAP Version 1. 2 Part 1: Messaging Framework , 2003 .

[10]  Michael A. Menlowe,et al.  Philosophical Dimensions of Privacy: An Anthology , 2009 .

[11]  Giac Security Essentials An Introduction to XACML , 2003 .

[12]  Patrick C. K. Hung,et al.  Health Insurance Portability and Accountability Act (HIPPA) Compliant Access Control Model for Web Services , 2006, Int. J. Heal. Inf. Syst. Informatics.

[13]  Matthias Schunter,et al.  Privacy promises, access control, and privacy management. Enforcing privacy throughout an enterprise by extending access control , 2002, Proceedings. Third International Symposium on Electronic Commerce,.

[14]  Marc Langheinrich,et al.  The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .

[15]  Roch Guérin,et al.  A Framework for Policy-based Admission Control , 2000, RFC.

[16]  Benoît Garbinato,et al.  From ad hoc networks to ad hoc applications , 2003, Proceedings of the 7th International Conference on Telecommunications, 2003. ConTEL 2003..

[17]  Marie Khair,et al.  Access Control based on Attribute Certificates for Medical Intranet Applications , 2001, Journal of medical Internet research.

[18]  Chris McDonald,et al.  Trust Establishment In Pure Ad-hoc Networks , 2006, Wirel. Pers. Commun..

[19]  Janine Rogalski,et al.  Cooperation in healthcare - theoretical and methodological issues: a study of two situations: hospital and home care , 2005 .

[20]  Boaz Gelbord,et al.  Access Control Based on Attribute Certificates , 2002, ICWI.

[21]  Ian Goldberg,et al.  Privacy-Enhancing Technologies for the Internet, II: Five Years Later , 2002, Privacy Enhancing Technologies.

[22]  Lorrie Faith Cranor,et al.  The platform for privacy preferences , 1999, CACM.