Tags

Type your tag names separated by a space and hit enter

Distributed clinical data sharing via dynamic access-control policy transformation.
Int J Med Inform. 2016 May; 89:25-31.IJ

Abstract

BACKGROUND

Data sharing in electronic health record (EHR) systems is important for improving the quality of healthcare delivery. Data sharing, however, has raised some security and privacy concerns because healthcare data could be potentially accessible by a variety of users, which could lead to privacy exposure of patients. Without addressing this issue, large-scale adoption and sharing of EHR data are impractical. The traditional solution to the problem is via encryption. Although encryption can be applied to access control, it is not applicable for complex EHR systems that require multiple domains (e.g. public and private clouds) with various access requirements.

OBJECTIVES

This study was carried out to address the security and privacy issues of EHR data sharing with our novel access-control mechanism, which captures the scenario of the hybrid clouds and need of access-control policy transformation, to provide secure and privacy-preserving data sharing among different healthcare enterprises.

METHODS

We introduce an access-control mechanism with some cryptographic building blocks and present a novel approach for secure EHR data sharing and access-control policy transformation in EHR systems for hybrid clouds.

RESULTS

We propose a useful data sharing system for healthcare providers to handle various EHR users who have various access privileges in different cloud environments. A systematic study has been conducted on data sharing in EHR systems to provide a solution to the security and privacy issues.

CONCLUSIONS

In conclusion, we introduce an access-control method for privacy protection of EHRs and EHR policy transformation that allows an EHR access-control policy to be transformed from a private cloud to a public cloud. This method has never been studied previously in the literature. Furthermore, we provide a protocol to demonstrate policy transformation as an application scenario.

Authors+Show Affiliations

Centre for Computer and Information Security Research, School of Computing and Information Technology, University of Wollongong, NSW, Australia. Electronic address: fr683@uowmail.edu.au.Centre for Computer and Information Security Research, School of Computing and Information Technology, University of Wollongong, NSW, Australia.

Pub Type(s)

Journal Article

Language

eng

PubMed ID

26980356

Citation

Rezaeibagha, Fatemeh, and Yi Mu. "Distributed Clinical Data Sharing Via Dynamic Access-control Policy Transformation." International Journal of Medical Informatics, vol. 89, 2016, pp. 25-31.
Rezaeibagha F, Mu Y. Distributed clinical data sharing via dynamic access-control policy transformation. Int J Med Inform. 2016;89:25-31.
Rezaeibagha, F., & Mu, Y. (2016). Distributed clinical data sharing via dynamic access-control policy transformation. International Journal of Medical Informatics, 89, 25-31. https://doi.org/10.1016/j.ijmedinf.2016.02.002
Rezaeibagha F, Mu Y. Distributed Clinical Data Sharing Via Dynamic Access-control Policy Transformation. Int J Med Inform. 2016;89:25-31. PubMed PMID: 26980356.
* Article titles in AMA citation format should be in sentence-case
TY - JOUR T1 - Distributed clinical data sharing via dynamic access-control policy transformation. AU - Rezaeibagha,Fatemeh, AU - Mu,Yi, Y1 - 2016/02/12/ PY - 2015/06/16/received PY - 2016/02/10/revised PY - 2016/02/10/accepted PY - 2016/3/17/entrez PY - 2016/3/17/pubmed PY - 2016/12/15/medline KW - Access control KW - Data sharing KW - EHR KW - Encryption KW - Privacy KW - Security SP - 25 EP - 31 JF - International journal of medical informatics JO - Int J Med Inform VL - 89 N2 - BACKGROUND: Data sharing in electronic health record (EHR) systems is important for improving the quality of healthcare delivery. Data sharing, however, has raised some security and privacy concerns because healthcare data could be potentially accessible by a variety of users, which could lead to privacy exposure of patients. Without addressing this issue, large-scale adoption and sharing of EHR data are impractical. The traditional solution to the problem is via encryption. Although encryption can be applied to access control, it is not applicable for complex EHR systems that require multiple domains (e.g. public and private clouds) with various access requirements. OBJECTIVES: This study was carried out to address the security and privacy issues of EHR data sharing with our novel access-control mechanism, which captures the scenario of the hybrid clouds and need of access-control policy transformation, to provide secure and privacy-preserving data sharing among different healthcare enterprises. METHODS: We introduce an access-control mechanism with some cryptographic building blocks and present a novel approach for secure EHR data sharing and access-control policy transformation in EHR systems for hybrid clouds. RESULTS: We propose a useful data sharing system for healthcare providers to handle various EHR users who have various access privileges in different cloud environments. A systematic study has been conducted on data sharing in EHR systems to provide a solution to the security and privacy issues. CONCLUSIONS: In conclusion, we introduce an access-control method for privacy protection of EHRs and EHR policy transformation that allows an EHR access-control policy to be transformed from a private cloud to a public cloud. This method has never been studied previously in the literature. Furthermore, we provide a protocol to demonstrate policy transformation as an application scenario. SN - 1872-8243 UR - https://www.unboundmedicine.com/medline/citation/26980356/Distributed_clinical_data_sharing_via_dynamic_access_control_policy_transformation_ L2 - https://linkinghub.elsevier.com/retrieve/pii/S1386-5056(16)30022-3 DB - PRIME DP - Unbound Medicine ER -