Skip to main content
SpringerLink
Log in

Securing Electronic Medical Record and Electronic Health Record Systems Through an Improved Access Control

  • Conference paper
  • First Online:
Health Information Science (HIS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 9085))

Included in the following conference series:

Abstract

During the last two decades, modern technology is increasingly being used in the healthcare sector in order to enhance the quality and the cost efficiency of the healthcare services. In this process, Electronic Medical Record (EMR) has been introduced to collect, store and communicate patient’s medical information. The EMR systems enable efficient collection of meaningful, accurate and complete data to assist improved clinical administration through the development, implementation and optimisation of clinical pathways. While its cost and time savings are encouraging for transition, it does not come without inherent challenges. Inadequate policy development in the areas of data security and privacy of health information appear to be the major weakness. In this paper, we present a secure access control model for the EMR and Electronic Health Record (EHR) to provide acceptable protection for health sensitive data retained at healthcare organisations. We systematically analyse four existing access control mechanisms that have been proposed in the past, and present a combined more secure model for the EMR and EHR for healthcare provider organisations in Australia.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Pearce, C.: Electronic medical records - where to from here?. Professional Practice, Melbourne (2009)

    Google Scholar 

  2. McInnes, D.K., Slatman, D.C., Kidd, M.R.: General practitioners’ use of computers for prescribing and electronic health records: results from a national survey, Australia (2011) http://www.clinfowiki.org/wiki/index.php/General_practitioners%27_use_of_computers_for_prescribing_and_electronic_health_records:_results_from_a_national_survey (accessed September 12, 2014)

  3. Department of Health Aging , Get your personal eHealth record now, Canberra: Department of Health Aging (2013) www.ehealth.gov.au (accessed June 28, 2013)

  4. Bosch, M., Faber, M.J., Cruijsberg, J., Voerman, G.E., Leatherman, S., Grol, R.P., Hulscher, M., Wensing, M.: Review article: Effectiveness of patient care teams and the role of clinical expertiseand coordination: A literature review. Med. Care Res. and Rev. (2009)

    Google Scholar 

  5. Kannampallil, T.G., Schauer, G.F., Cohen, T., Patel, V.L.: Considering complexity in healthcare systems. J.Biomed. Informatics (2011)

    Google Scholar 

  6. Malin, B., Nyemba, S., Paulett, J.: Learning relational policies from electronic health record accesslogs. J. Biomed. Informatics (2011)

    Google Scholar 

  7. Motta, G.H.M.B., Furuie, S.S.: A contextual role-based access control authorization model for electronic patient record. IEEE Transactions on Information Technology in Biomedicine

    Google Scholar 

  8. Symantec Corporation, Strengthening Database Security (2006) http://www.federalnewsradio.com/pdfs/StrengtheningDataBaseSecurityWP.pdf (accessed June 30, 2013)

  9. Barua, M., Liang, X., Lu, R., Shen, X.: An efficient and secure patient-centric access control scheme for eHealth care system. In: IEEE Conference on Computer Communications Workshops (2011)

    Google Scholar 

  10. Santos-Pereira, C., Augusto, A.B., Cruz-Correia, R.: A secure RBAC mobile agent access control model for healthcare institutions. In: IEEE 26th International Symposium on Computer-Based Medical Systems (CBMS) (2013)

    Google Scholar 

  11. Gajanayake, R., Iannella, R., Sahama, T.: Privacy oriented access control for electronic health records. Presented in Data Usage Management on the Web Workshop at the Worldwide Web Conference. ACM, Lyon Convention Center, Lyon, France (2012)

    Google Scholar 

  12. Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-based access control, 2nd edition. Artech house (2003); Bauer, F.L.: Decrypted Secrets, 2nd edition. Springer (2000)

    Google Scholar 

  13. Sandhu, R.S., Samarati, P.: Access control: principle and practice. IEEE Communications Magazine (1994)

    Google Scholar 

  14. Motta, G.H.M.B., Furuie, S.S.: A contextual role-based access control authorization model for electronic patient records. IEEE Information Technology in Biomedicine (2003)

    Google Scholar 

  15. Evered, M., Bögeholz, S.: A case study in access control requirements for a health information system. In: Proceedings of the second Australian Information Security Workshop, AISW 2004, Dunedin, New Zealand (2004)

    Google Scholar 

  16. Byun, J.-W., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, New York, USA (2005)

    Google Scholar 

  17. Naikuo, Y., Howard, B., Ning, Z.: A purpose-based access control model. Journal of Information Assurance and Security (2007)

    Google Scholar 

  18. Al-Fedaghi, S. S.: Beyond purpose-based privacy access control. In: Proceedings of the Eighteenth Conference on Australasian Database, vol. 63. Australian Computer Society, Inc, Ballarat, Victoria, Australia (2007)

    Google Scholar 

  19. Schulman, A.: Top 10 database attacks, U. K (2007). http://www.bcs.org/server.php?show=ConWebDoc.8852

  20. NoWires Research Group, University of Bergin , Introduction to Database Security, Bergin, July 2007. http://www.kjhole.com/WebSec/PDF/Database.pdf

  21. Espiner, T.: Security Threats Toolkit: Security expertscrticise government database plans, U.K, January 2007. http://news.zdnet.co.uk/security/0,1000000189,39285536,00.htm

  22. Wang, H., Cao, J., Zhang, Y.: A Flexible Payment Scheme and Its Role-Based Access Control. IEEE Transactions on Knowledge & Data Engineering 17(3), 425–436 (2005)

    Article  Google Scholar 

  23. Wang, H., Zhang, Y., Cao, J.: Access control management for ubiquitous computing. Future Generation Computer Systems 24(8), 870–878 (2008)

    Article  Google Scholar 

  24. Kabir, E., Wang, H., Bertino, E.: A conditional purpose-based access control model with dynamic roles. Expert Systems with Applications 38(3), 1482–1489 (2011)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Centre for Applied Informatics, College of Engineering and Science, Victoria University, Melbourne, Australia

    Pasupathy Vimalachandran, Hua Wang & Yanchun Zhang

Authors
  1. Pasupathy Vimalachandran
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hua Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yanchun Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pasupathy Vimalachandran .

Editor information

Editors and Affiliations

  1. Victoria University, Melbourne, Australia

    Xiaoxia Yin

  2. Faculty of Medicine, University of British Columbia, Vancouver, British Columbia, Canada

    Kendall Ho

  3. University of Arizona, Tucson, Arizona, USA

    Daniel Zeng

  4. University of Nottingham, Nottingham, United Kingdom

    Uwe Aickelin

  5. Victoria University, Melbourne, Australia

    Rui Zhou

  6. Victoria University, Melbourne, Australia

    Hua Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Vimalachandran, P., Wang, H., Zhang, Y. (2015). Securing Electronic Medical Record and Electronic Health Record Systems Through an Improved Access Control. In: Yin, X., Ho, K., Zeng, D., Aickelin, U., Zhou, R., Wang, H. (eds) Health Information Science. HIS 2015. Lecture Notes in Computer Science(), vol 9085. Springer, Cham. https://doi.org/10.1007/978-3-319-19156-0_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-19156-0_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-19155-3

  • Online ISBN: 978-3-319-19156-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation