{"title":"一个访问控制模型,便于在EHR系统中管理患者隐私","authors":"M. Sicuranza, A. Esposito","doi":"10.1109/ICITST.2013.6750243","DOIUrl":null,"url":null,"abstract":"In EHR systems most of the data are confidential concerning the health of a patient, so it is necessary to provide a mechanism for access control. This has to ensure not only the confidentiality and integrity of the data, but also to allow the definition of security policies which reflect the need for privacy of the health care organization that manages the data; of the patient, who the documents refer to; and finally of international and national directives and norms. In literature there are several access control models, each of which responds just partially to the need for patient privacy. In this paper an innovative access control model is defined. It meets the main features that have to be satisfied by an EHR. Our proposal is an advanced access control model that combines several access control models known in the literature. It adds the characteristics of modularity and easiness in the management of access policies, focusing attention on privacy and patient's consent (patient privacy centric). The model provides the ability to define and to realize fine-grained access policies, which can be defined independently by both healthcare organizations and by patients. Our model is Attribute-based, multi-level, modular and with a dynamic and temporal management of the users' lists.","PeriodicalId":246884,"journal":{"name":"8th International Conference for Internet Technology and Secured Transactions (ICITST-2013)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":"{\"title\":\"An access control model for easy management of patient privacy in EHR systems\",\"authors\":\"M. Sicuranza, A. Esposito\",\"doi\":\"10.1109/ICITST.2013.6750243\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In EHR systems most of the data are confidential concerning the health of a patient, so it is necessary to provide a mechanism for access control. This has to ensure not only the confidentiality and integrity of the data, but also to allow the definition of security policies which reflect the need for privacy of the health care organization that manages the data; of the patient, who the documents refer to; and finally of international and national directives and norms. In literature there are several access control models, each of which responds just partially to the need for patient privacy. In this paper an innovative access control model is defined. It meets the main features that have to be satisfied by an EHR. Our proposal is an advanced access control model that combines several access control models known in the literature. It adds the characteristics of modularity and easiness in the management of access policies, focusing attention on privacy and patient's consent (patient privacy centric). The model provides the ability to define and to realize fine-grained access policies, which can be defined independently by both healthcare organizations and by patients. Our model is Attribute-based, multi-level, modular and with a dynamic and temporal management of the users' lists.\",\"PeriodicalId\":246884,\"journal\":{\"name\":\"8th International Conference for Internet Technology and Secured Transactions (ICITST-2013)\",\"volume\":\"9 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"15\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"8th International Conference for Internet Technology and Secured Transactions (ICITST-2013)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICITST.2013.6750243\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"8th International Conference for Internet Technology and Secured Transactions (ICITST-2013)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICITST.2013.6750243","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An access control model for easy management of patient privacy in EHR systems
In EHR systems most of the data are confidential concerning the health of a patient, so it is necessary to provide a mechanism for access control. This has to ensure not only the confidentiality and integrity of the data, but also to allow the definition of security policies which reflect the need for privacy of the health care organization that manages the data; of the patient, who the documents refer to; and finally of international and national directives and norms. In literature there are several access control models, each of which responds just partially to the need for patient privacy. In this paper an innovative access control model is defined. It meets the main features that have to be satisfied by an EHR. Our proposal is an advanced access control model that combines several access control models known in the literature. It adds the characteristics of modularity and easiness in the management of access policies, focusing attention on privacy and patient's consent (patient privacy centric). The model provides the ability to define and to realize fine-grained access policies, which can be defined independently by both healthcare organizations and by patients. Our model is Attribute-based, multi-level, modular and with a dynamic and temporal management of the users' lists.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
