Trust negotiation for authentication and authorization in healthcare information systems

The expanding availability of health information in an electronic format is strategic for industry-wide efforts to improve the quality and reduce the cost of health care. The implementation of electronic medical record systems has been hindered by inadequate security provisions. This paper describes the use of trust negotiation as a framework for providing authentication and access control services in healthcare information systems. Trust negotiation enables two parties with no preexisting relationship to establish the trust necessary to perform sensitive transactions via the mutual disclosure of attributes contained within digital credentials. An extension of this system, surrogate trust negotiation is introduced as a way to meet the security requirements of healthcare delivery systems based on mobile computing devices and wireless communication technologies. These innovative technologies have enormous potential to improve the current state of security in healthcare information systems.

[1]  Chin-Ming Hsu,et al.  A secure identification access control scheme for accessing healthcare information systems , 2003, 4th International IEEE EMBS Special Topic Conference on Information Technology Applications in Biomedicine, 2003..

[2]  K.E. Seamons,et al.  Automated trust negotiation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[3]  C. Safran,et al.  Internet based repository of medical records that retains patient confidentiality , 2000, BMJ : British Medical Journal.

[4]  J. van der Lei Closing the Loop between Clinical Practice, Research, and Education: The Potential of Electronic Patient Records , 2002, Methods of Information in Medicine.

[5]  G. Barnett,et al.  Maintaining the Confidentiality of Medical Records Shared over the Internet and the World Wide Web , 1997, Annals of Internal Medicine.

[6]  A. Elixhauser,et al.  The case for national health data standards. , 1997, Health Affairs.

[7]  Meletis A. Belsis,et al.  Towards a practical healthcare information security model for healthcare institutions , 2003, 4th International IEEE EMBS Special Topic Conference on Information Technology Applications in Biomedicine, 2003..

[8]  J. Lei Closing the loop between clinical practice, research, and education: the potential of electronic patient records. , 2002 .

[9]  C Safran,et al.  Using HL7 and the World Wide Web for unifying patient data from remote databases. , 1996, Proceedings : a conference of the American Medical Informatics Association. AMIA Fall Symposium.

[10]  William A Yasnoff,et al.  Building the National Health Information Infrastructure. , 2004, Journal of AHIMA.

[11]  P. Clayton,et al.  Privacy, confidentiality, and electronic medical records. , 1996, Journal of the American Medical Informatics Association : JAMIA.

[12]  Terry L. Huston,et al.  Security issues for implementation of e-medical records , 2001, CACM.

[13]  E. B. Steen,et al.  The Computer-Based Patient Record: An Essential Technology for Health Care , 1992, Annals of Internal Medicine.

[14]  Thomas C. Rindfleisch,et al.  Privacy, information technology, and health care , 1997, CACM.

[15]  I S Kohane,et al.  Building national electronic medical record systems via the World Wide Web. , 1996, Journal of the American Medical Informatics Association : JAMIA.

[16]  Marianne Winslett,et al.  Negotiating Trust on the Web , 2002, IEEE Internet Comput..

[17]  Jin H. Im,et al.  Privacy , 2002, Encyclopedia of Information Systems.

[18]  I. Kohane,et al.  Public standards and patients' control: how to keep electronic medical records accessible but private. , 2001, BMJ : British Medical Journal.