打破医疗保健中的障碍：实现无缝访问的安全身份框架

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Standards & Interfaces Pub Date : 2025-06-19 DOI:10.1016/j.csi.2025.104020

Antonio López Martínez , Montassar Naghmouchi , Maryline Laurent , Joaquín García Alfaro , Manuel Gil Pérez , Antonio Ruiz Martínez

{"title":"打破医疗保健中的障碍：实现无缝访问的安全身份框架","authors":"Antonio López Martínez , Montassar Naghmouchi , Maryline Laurent , Joaquín García Alfaro , Manuel Gil Pérez , Antonio Ruiz Martínez","doi":"10.1016/j.csi.2025.104020","DOIUrl":null,"url":null,"abstract":"<div><div>The digitization of healthcare data has heightened concerns about security, privacy, and interoperability. Traditional centralized systems are vulnerable to cyberattacks and data breaches, risking the exposure of sensitive patient information and decreasing trust in digital healthcare services. In addition, healthcare stakeholders use various standards and formats, creating challenges for data sharing and seamless communication. To address these points, this article identifies all the healthcare stakeholders and translates each useful element of a patient’s electronic health record (EHR) into Fast Healthcare Interoperability Resources (FHIR), to propose a complete role-based access control model that specifies which FHIR resources an actor is allowed to access. To validate this role model, three new use cases are defined, in which the various stakeholders interact and access the FHIR resources. Moreover, specific smart contracts are detailed to implement the role model in an automated way and provide a robust access control mechanism within healthcare organizations. The feasibility of the proposed access control mechanism is demonstrated through proof-of-concept and test performance measurements. Finally, the solution is validated as a realistic solution adapted to the scale of a country based on health statistics.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104020"},"PeriodicalIF":4.1000,"publicationDate":"2025-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Breaking barriers in healthcare: A secure identity framework for seamless access\",\"authors\":\"Antonio López Martínez , Montassar Naghmouchi , Maryline Laurent , Joaquín García Alfaro , Manuel Gil Pérez , Antonio Ruiz Martínez\",\"doi\":\"10.1016/j.csi.2025.104020\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>The digitization of healthcare data has heightened concerns about security, privacy, and interoperability. Traditional centralized systems are vulnerable to cyberattacks and data breaches, risking the exposure of sensitive patient information and decreasing trust in digital healthcare services. In addition, healthcare stakeholders use various standards and formats, creating challenges for data sharing and seamless communication. To address these points, this article identifies all the healthcare stakeholders and translates each useful element of a patient’s electronic health record (EHR) into Fast Healthcare Interoperability Resources (FHIR), to propose a complete role-based access control model that specifies which FHIR resources an actor is allowed to access. To validate this role model, three new use cases are defined, in which the various stakeholders interact and access the FHIR resources. Moreover, specific smart contracts are detailed to implement the role model in an automated way and provide a robust access control mechanism within healthcare organizations. The feasibility of the proposed access control mechanism is demonstrated through proof-of-concept and test performance measurements. Finally, the solution is validated as a realistic solution adapted to the scale of a country based on health statistics.</div></div>\",\"PeriodicalId\":50635,\"journal\":{\"name\":\"Computer Standards & Interfaces\",\"volume\":\"95 \",\"pages\":\"Article 104020\"},\"PeriodicalIF\":4.1000,\"publicationDate\":\"2025-06-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Standards & Interfaces\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0920548925000492\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Standards & Interfaces","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0920548925000492","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

医疗保健数据的数字化加剧了人们对安全性、隐私性和互操作性的担忧。传统的集中式系统容易受到网络攻击和数据泄露，可能会暴露敏感的患者信息，并降低对数字医疗保健服务的信任。此外，医疗保健利益相关者使用各种标准和格式，这给数据共享和无缝通信带来了挑战。为了解决这些问题，本文确定了所有医疗保健涉众，并将患者电子健康记录（EHR）的每个有用元素转换为快速医疗保健互操作性资源（FHIR），以提出一个完整的基于角色的访问控制模型，该模型指定参与者可以访问哪些FHIR资源。为了验证这个角色模型，定义了三个新的用例，在这些用例中，各种涉众进行交互并访问FHIR资源。此外，还详细介绍了以自动化方式实现角色模型的特定智能合约，并在医疗保健组织内提供健壮的访问控制机制。通过概念验证和测试性能测量证明了所提出的访问控制机制的可行性。最后，根据卫生统计，验证该解决方案是适合一个国家规模的现实解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Breaking barriers in healthcare: A secure identity framework for seamless access

The digitization of healthcare data has heightened concerns about security, privacy, and interoperability. Traditional centralized systems are vulnerable to cyberattacks and data breaches, risking the exposure of sensitive patient information and decreasing trust in digital healthcare services. In addition, healthcare stakeholders use various standards and formats, creating challenges for data sharing and seamless communication. To address these points, this article identifies all the healthcare stakeholders and translates each useful element of a patient’s electronic health record (EHR) into Fast Healthcare Interoperability Resources (FHIR), to propose a complete role-based access control model that specifies which FHIR resources an actor is allowed to access. To validate this role model, three new use cases are defined, in which the various stakeholders interact and access the FHIR resources. Moreover, specific smart contracts are detailed to implement the role model in an automated way and provide a robust access control mechanism within healthcare organizations. The feasibility of the proposed access control mechanism is demonstrated through proof-of-concept and test performance measurements. Finally, the solution is validated as a realistic solution adapted to the scale of a country based on health statistics.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computer Standards & Interfaces 工程技术-计算机：软件工程

CiteScore

11.90

自引率

16.00%

发文量

审稿时长

6 months

期刊介绍： The quality of software, well-defined interfaces (hardware and software), the process of digitalisation, and accepted standards in these fields are essential for building and exploiting complex computing, communication, multimedia and measuring systems. Standards can simplify the design and construction of individual hardware and software components and help to ensure satisfactory interworking. Computer Standards & Interfaces is an international journal dealing specifically with these topics. The journal • Provides information about activities and progress on the definition of computer standards, software quality, interfaces and methods, at national, European and international levels • Publishes critical comments on standards and standards activities • Disseminates user''s experiences and case studies in the application and exploitation of established or emerging standards, interfaces and methods • Offers a forum for discussion on actual projects, standards, interfaces and methods by recognised experts • Stimulates relevant research by providing a specialised refereed medium.