Jorge Calvillo-Arbizu, Isabel Roman-Martinez, Laura M. Roa-Romero
{"title":"用于保护基于ISO 13606的电子健康记录系统的标准化访问控制机制","authors":"Jorge Calvillo-Arbizu, Isabel Roman-Martinez, Laura M. Roa-Romero","doi":"10.1109/BHI.2014.6864421","DOIUrl":null,"url":null,"abstract":"EHR systems have acquired a primary role in the technological revolution of healthcare services and the improvement of quality and efficiency of care. Although EHR application is more and more extended, the protection of EHR data against unauthorized intruders continues being a major concern. EHR standards provide authorization requirements flexible enough to be addressed for different technological implementations, and so EHR solutions often develop ad-hoc access control schemes. Although there are wide-known general-purpose mechanisms to enforce access control policies, their application rate to the access control of EHR systems (by satisfying standard requirements) is low. In this work an XACML-based access control mechanism is presented that includes mandatory principles of the ISO 13606 family of standards. This makes use of semantic technologies to boost interoperability by defining attributes as ontology classes and policies as rules. The decision making process is automatically performed by an inference engine based on policies and sensitivity level of EHR extracts from ISO 13606-4. Finally, this work discusses the potential of combining security requirements of EHR standards with wide-known access control schemas.","PeriodicalId":177948,"journal":{"name":"IEEE-EMBS International Conference on Biomedical and Health Informatics (BHI)","volume":"153 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Standardized access control mechanisms for protecting ISO 13606-based electronic health record systems\",\"authors\":\"Jorge Calvillo-Arbizu, Isabel Roman-Martinez, Laura M. Roa-Romero\",\"doi\":\"10.1109/BHI.2014.6864421\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"EHR systems have acquired a primary role in the technological revolution of healthcare services and the improvement of quality and efficiency of care. Although EHR application is more and more extended, the protection of EHR data against unauthorized intruders continues being a major concern. EHR standards provide authorization requirements flexible enough to be addressed for different technological implementations, and so EHR solutions often develop ad-hoc access control schemes. Although there are wide-known general-purpose mechanisms to enforce access control policies, their application rate to the access control of EHR systems (by satisfying standard requirements) is low. In this work an XACML-based access control mechanism is presented that includes mandatory principles of the ISO 13606 family of standards. This makes use of semantic technologies to boost interoperability by defining attributes as ontology classes and policies as rules. The decision making process is automatically performed by an inference engine based on policies and sensitivity level of EHR extracts from ISO 13606-4. Finally, this work discusses the potential of combining security requirements of EHR standards with wide-known access control schemas.\",\"PeriodicalId\":177948,\"journal\":{\"name\":\"IEEE-EMBS International Conference on Biomedical and Health Informatics (BHI)\",\"volume\":\"153 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE-EMBS International Conference on Biomedical and Health Informatics (BHI)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/BHI.2014.6864421\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE-EMBS International Conference on Biomedical and Health Informatics (BHI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/BHI.2014.6864421","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Standardized access control mechanisms for protecting ISO 13606-based electronic health record systems
EHR systems have acquired a primary role in the technological revolution of healthcare services and the improvement of quality and efficiency of care. Although EHR application is more and more extended, the protection of EHR data against unauthorized intruders continues being a major concern. EHR standards provide authorization requirements flexible enough to be addressed for different technological implementations, and so EHR solutions often develop ad-hoc access control schemes. Although there are wide-known general-purpose mechanisms to enforce access control policies, their application rate to the access control of EHR systems (by satisfying standard requirements) is low. In this work an XACML-based access control mechanism is presented that includes mandatory principles of the ISO 13606 family of standards. This makes use of semantic technologies to boost interoperability by defining attributes as ontology classes and policies as rules. The decision making process is automatically performed by an inference engine based on policies and sensitivity level of EHR extracts from ISO 13606-4. Finally, this work discusses the potential of combining security requirements of EHR standards with wide-known access control schemas.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
