Abstract
During the last two decades, modern technology is increasingly being used in the healthcare sector in order to enhance the quality and the cost efficiency of the healthcare services. In this process, Electronic Medical Record (EMR) has been introduced to collect, store and communicate patient’s medical information. The EMR systems enable efficient collection of meaningful, accurate and complete data to assist improved clinical administration through the development, implementation and optimisation of clinical pathways. While its cost and time savings are encouraging for transition, it does not come without inherent challenges. Inadequate policy development in the areas of data security and privacy of health information appear to be the major weakness. In this paper, we present a secure access control model for the EMR and Electronic Health Record (EHR) to provide acceptable protection for health sensitive data retained at healthcare organisations. We systematically analyse four existing access control mechanisms that have been proposed in the past, and present a combined more secure model for the EMR and EHR for healthcare provider organisations in Australia.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Pearce, C.: Electronic medical records - where to from here?. Professional Practice, Melbourne (2009)
McInnes, D.K., Slatman, D.C., Kidd, M.R.: General practitioners’ use of computers for prescribing and electronic health records: results from a national survey, Australia (2011) http://www.clinfowiki.org/wiki/index.php/General_practitioners%27_use_of_computers_for_prescribing_and_electronic_health_records:_results_from_a_national_survey (accessed September 12, 2014)
Department of Health Aging , Get your personal eHealth record now, Canberra: Department of Health Aging (2013) www.ehealth.gov.au (accessed June 28, 2013)
Bosch, M., Faber, M.J., Cruijsberg, J., Voerman, G.E., Leatherman, S., Grol, R.P., Hulscher, M., Wensing, M.: Review article: Effectiveness of patient care teams and the role of clinical expertiseand coordination: A literature review. Med. Care Res. and Rev. (2009)
Kannampallil, T.G., Schauer, G.F., Cohen, T., Patel, V.L.: Considering complexity in healthcare systems. J.Biomed. Informatics (2011)
Malin, B., Nyemba, S., Paulett, J.: Learning relational policies from electronic health record accesslogs. J. Biomed. Informatics (2011)
Motta, G.H.M.B., Furuie, S.S.: A contextual role-based access control authorization model for electronic patient record. IEEE Transactions on Information Technology in Biomedicine
Symantec Corporation, Strengthening Database Security (2006) http://www.federalnewsradio.com/pdfs/StrengtheningDataBaseSecurityWP.pdf (accessed June 30, 2013)
Barua, M., Liang, X., Lu, R., Shen, X.: An efficient and secure patient-centric access control scheme for eHealth care system. In: IEEE Conference on Computer Communications Workshops (2011)
Santos-Pereira, C., Augusto, A.B., Cruz-Correia, R.: A secure RBAC mobile agent access control model for healthcare institutions. In: IEEE 26th International Symposium on Computer-Based Medical Systems (CBMS) (2013)
Gajanayake, R., Iannella, R., Sahama, T.: Privacy oriented access control for electronic health records. Presented in Data Usage Management on the Web Workshop at the Worldwide Web Conference. ACM, Lyon Convention Center, Lyon, France (2012)
Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-based access control, 2nd edition. Artech house (2003); Bauer, F.L.: Decrypted Secrets, 2nd edition. Springer (2000)
Sandhu, R.S., Samarati, P.: Access control: principle and practice. IEEE Communications Magazine (1994)
Motta, G.H.M.B., Furuie, S.S.: A contextual role-based access control authorization model for electronic patient records. IEEE Information Technology in Biomedicine (2003)
Evered, M., Bögeholz, S.: A case study in access control requirements for a health information system. In: Proceedings of the second Australian Information Security Workshop, AISW 2004, Dunedin, New Zealand (2004)
Byun, J.-W., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, New York, USA (2005)
Naikuo, Y., Howard, B., Ning, Z.: A purpose-based access control model. Journal of Information Assurance and Security (2007)
Al-Fedaghi, S. S.: Beyond purpose-based privacy access control. In: Proceedings of the Eighteenth Conference on Australasian Database, vol. 63. Australian Computer Society, Inc, Ballarat, Victoria, Australia (2007)
Schulman, A.: Top 10 database attacks, U. K (2007). http://www.bcs.org/server.php?show=ConWebDoc.8852
NoWires Research Group, University of Bergin , Introduction to Database Security, Bergin, July 2007. http://www.kjhole.com/WebSec/PDF/Database.pdf
Espiner, T.: Security Threats Toolkit: Security expertscrticise government database plans, U.K, January 2007. http://news.zdnet.co.uk/security/0,1000000189,39285536,00.htm
Wang, H., Cao, J., Zhang, Y.: A Flexible Payment Scheme and Its Role-Based Access Control. IEEE Transactions on Knowledge & Data Engineering 17(3), 425–436 (2005)
Wang, H., Zhang, Y., Cao, J.: Access control management for ubiquitous computing. Future Generation Computer Systems 24(8), 870–878 (2008)
Kabir, E., Wang, H., Bertino, E.: A conditional purpose-based access control model with dynamic roles. Expert Systems with Applications 38(3), 1482–1489 (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Vimalachandran, P., Wang, H., Zhang, Y. (2015). Securing Electronic Medical Record and Electronic Health Record Systems Through an Improved Access Control. In: Yin, X., Ho, K., Zeng, D., Aickelin, U., Zhou, R., Wang, H. (eds) Health Information Science. HIS 2015. Lecture Notes in Computer Science(), vol 9085. Springer, Cham. https://doi.org/10.1007/978-3-319-19156-0_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-19156-0_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-19155-3
Online ISBN: 978-3-319-19156-0
eBook Packages: Computer ScienceComputer Science (R0)