Yaira K. Rivera Sánchez, S. Demurjian, Mohammed S. Baihan
{"title":"使用FHIR在移动应用的RESTful api上实现RBAC","authors":"Yaira K. Rivera Sánchez, S. Demurjian, Mohammed S. Baihan","doi":"10.1109/MobileCloud.2017.22","DOIUrl":null,"url":null,"abstract":"Health Information Exchange (HIE) provides a morecomplete health record of an individual that improves patientcare with relevant data gathered from multiple healthinformation technology (HIT) systems. In support of HIE, theHealth Level Seven (HL7) XML standard was developed tomanage, exchange, integrate, and retrieve electronic healthinformation. In 2011, HL7 began drafting a next-generationstandard, Fast Healthcare Interoperable Resources (FHIR), tofacilitate the development and interaction of mobile health(mHealth) apps, HIT data sharing, and common format forinformation modeling. FHIR is based on RESTful APIs andsupported by a FHIR server infrastructure that facilitates theexchange in a cloud computing setting. FHIR while possessing asecurity specification, has yet to define and identify actualsecurity mechanisms for secure data exchange via RESTful APIcalls. In this paper, we incorporate role-based access control(RBAC) into FHIR to support the ability to control access ofwho can call which services of FHIR RESTful APIs that managesensitive healthcare data. The work is demonstrated utilizing amHealth application that communicates with the OpenEMRelectronic health record via the HAPI FHIR server.","PeriodicalId":106143,"journal":{"name":"2017 5th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-04-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":"{\"title\":\"Achieving RBAC on RESTful APIs for Mobile Apps Using FHIR\",\"authors\":\"Yaira K. Rivera Sánchez, S. Demurjian, Mohammed S. Baihan\",\"doi\":\"10.1109/MobileCloud.2017.22\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Health Information Exchange (HIE) provides a morecomplete health record of an individual that improves patientcare with relevant data gathered from multiple healthinformation technology (HIT) systems. In support of HIE, theHealth Level Seven (HL7) XML standard was developed tomanage, exchange, integrate, and retrieve electronic healthinformation. In 2011, HL7 began drafting a next-generationstandard, Fast Healthcare Interoperable Resources (FHIR), tofacilitate the development and interaction of mobile health(mHealth) apps, HIT data sharing, and common format forinformation modeling. FHIR is based on RESTful APIs andsupported by a FHIR server infrastructure that facilitates theexchange in a cloud computing setting. FHIR while possessing asecurity specification, has yet to define and identify actualsecurity mechanisms for secure data exchange via RESTful APIcalls. In this paper, we incorporate role-based access control(RBAC) into FHIR to support the ability to control access ofwho can call which services of FHIR RESTful APIs that managesensitive healthcare data. The work is demonstrated utilizing amHealth application that communicates with the OpenEMRelectronic health record via the HAPI FHIR server.\",\"PeriodicalId\":106143,\"journal\":{\"name\":\"2017 5th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-04-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"15\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 5th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MobileCloud.2017.22\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 5th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MobileCloud.2017.22","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Achieving RBAC on RESTful APIs for Mobile Apps Using FHIR
Health Information Exchange (HIE) provides a morecomplete health record of an individual that improves patientcare with relevant data gathered from multiple healthinformation technology (HIT) systems. In support of HIE, theHealth Level Seven (HL7) XML standard was developed tomanage, exchange, integrate, and retrieve electronic healthinformation. In 2011, HL7 began drafting a next-generationstandard, Fast Healthcare Interoperable Resources (FHIR), tofacilitate the development and interaction of mobile health(mHealth) apps, HIT data sharing, and common format forinformation modeling. FHIR is based on RESTful APIs andsupported by a FHIR server infrastructure that facilitates theexchange in a cloud computing setting. FHIR while possessing asecurity specification, has yet to define and identify actualsecurity mechanisms for secure data exchange via RESTful APIcalls. In this paper, we incorporate role-based access control(RBAC) into FHIR to support the ability to control access ofwho can call which services of FHIR RESTful APIs that managesensitive healthcare data. The work is demonstrated utilizing amHealth application that communicates with the OpenEMRelectronic health record via the HAPI FHIR server.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
