Abstract
The exchange of electronic health records (EHR) among multiple parties and for multiple purposes raises nontrivial concerns. Unfortunately, privacy and operational policies granting individual access privileges to parties are often artifacts foreign to healthcare systems, thus EHR security is all the more frail. Moreover, current web service technologies that constitute many EHR systems treat users uniformly, making it more difficult for information consumers to use this data for specific purposes. Therefore, there is a need for EHR systems that offer secure, policy compliant access to data services and enable users to obtain the required information according to their individual authority. We present COASTmed, a notional EHR system that simultaneously offers provider-controlled differential service access and user-controlled customization. Our prototype is founded on the architectural principles of the COAST style and leverages the Rei policy language.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Figure 2 illustrates a partial view of the system, depicting only the service provider.
References
Rindfleisch, T.C.: Privacy, information technology, and health care. Commun. ACM 40(8), 92–100 (1997)
Gorlick, M.M., Strasser, K., Taylor, R.N.: Coast: an architectural style for decentralized on-demand tailored services. In: Joint Working IEEE/IFIP Conference on Software Architecture and European Conference on Software Architecture, pp. 71–80 (2012)
Alhaqbani, B., Fidge, C.: Access control requirements for processing electronic health records. In: Hofstede, A., Benatallah, B., Paik, H.-Y. (eds.) BPM 2007. LNCS, vol. 4928, pp. 371–382. Springer, Heidelberg (2008). doi:10.1007/978-3-540-78238-4_38
Gorlick, M.M., Taylor, R.N.: Communication and capability URLs in COAST-based decentralized services. In: Pautasso, C., Wilde, E., Alarcon, R. (eds.) REST: Advanced Research Topics and Practical Applications, pp. 9–25. Springer, New York (2014). doi:10.1007/978-1-4614-9299-3_2
Kagal, L., Finin, T., Joshi, A.: A policy based approach to security for the semantic web. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 402–418. Springer, Heidelberg (2003). doi:10.1007/978-3-540-39718-2_26
Becker, M.Y., Sewell, P.: Cassandra: flexible trust management, applied to electronic health records. In: Proceedings of the 17th IEEE Computer Security Foundations Workshop, pp. 139–154 (2004)
Haas, S., Wohlgemuth, S., Echizen, I., Sonehara, N., Mller, G.: Aspects of privacy for electronic health records. Int. J. Med. Inform. 80(2), e26–e31 (2011)
Jin, J., Covington, M.J., Ahn, G., Hu, H., Zhang, X.: Patient-centric authorization framework for sharing electronic health records. In: ACM SACMAT, pp. 125–134 (2009)
Eyers, D.M., Bacon, J., Moody, K.: OASIS role-based access control for electronic health records. IEE Proc. Softw. 153(1), 16–23 (2006)
Chadwick, D., Mundy, D.: Policy based electronic transmission of prescriptions. In: Proceedings of the IEEE 4th International Workshop on Policies for Distributed Systems and Networks, POLICY 2003, pp. 197–206 (2003)
Katt, B., Breu, R., Hafner, M., Schabetsberger, T., Mair, R., Wozak, F.: Privacy and access control for IHE-based systems. In: Weerasinghe, D. (ed.) eHealth 2008. LNICSSITE, vol. 0001, pp. 145–153. Springer, Heidelberg (2009). doi:10.1007/978-3-642-00413-1_18
Rafe, V., Hajvali, M.: Designing an architectural style for pervasive healthcare systems. J. Med. Syst. 37(2), 1–13 (2013)
Igure, V.M., Laughter, S.A., Williams, R.D.: Security issues in SCADA networks. Comput. Secur. 25(7), 498–506 (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Baquero, A., Taylor, R.N. (2017). Secure and Customizable EHR Management Services with COASTmed. In: Huhn, M., Williams, L. (eds) Software Engineering in Health Care. SEHC FHIES 2014 2014. Lecture Notes in Computer Science(), vol 9062. Springer, Cham. https://doi.org/10.1007/978-3-319-63194-3_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-63194-3_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-63193-6
Online ISBN: 978-3-319-63194-3
eBook Packages: Computer ScienceComputer Science (R0)