Hierarchy Similarity Analyser-An Approach to Securely Share Electronic Health Records

Hierarchy Similarity Analyser-An Approach to Securely Share Electronic Health Records

Shalini Bhartiya (IITM, New Delhi, India), Deepti Mehrotra (Amity University, Uttar Pradesh, Noida, India) and Anup Girdhar (Sedulity Groups, New Delhi, India)
Copyright: © 2016 |Pages: 16
DOI: 10.4018/IJEHMC.2016040102
OnDemand PDF Download:
$37.50

Abstract

Health professionals need an access to various dimensions of Electronic Health Records (EHR). Depending on technical constraints, each organization defines its own access control schema exhibiting heterogeneity in organizational rules and policies. Achieving interoperability between such schemas often result in contradictory rules thereby exposing data to undue disclosures. Permitting interoperable sharing of EHRs and simultaneously restricting unauthorized access is the major objective of this paper. An Extensible Access Control Markup Language (XACML)-based framework, Hierarchy Similarity Analyser (HSA), is proposed which fine-grains access control policies of disparate healthcare organizations to achieve interoperable and secured sharing of EHR under set authorizations. The proposed framework is implemented and verified using automated Access Control Policy Testing (ACPT) tool developed by NIST. Experimental results identify the users receive secured and restricted access as per their authorizations and role hierarchy in the organization.
Article Preview

1. Introduction

The inclusion of electronic media in healthcare domain resulted in transformation of paper-based health records into Electronic Health Records (EHRs). These records are accessed from medical to non-medical users at the same time across multiple hospitals and other related organizations. These records possess a high level of sensitivity where the patient demands utmost care allowing only relevant and authorized access of the records. Rules and policies are defined with respect to the roles and responsibilities of health providers. It may differ from hospital to hospital. With the heterogeneity involved in the organizational structure and access policies, sharing EHR increases the chance of confidentiality leakages and security breaches. Organizations, hospitals in this context, experience various challenges and security issues (Bhartiya & Mehrotra, 2014; Bai et al., 2014) in making the data available to the intended users.

In spite of similar roles of the users, the two hospitals may exhibit dissimilarity in their organizational hierarchies. Hence, to enable cross- organizational sharing of data, well-defined standards or mechanisms should be developed. The objective is to logically identify similarities between user’s roles and authorities and make two disparate organizations interoperable. For ex. comparing two doctors, one in government hospital and the other in private hospital, their work distribution may not be the same and hence, the set of access rules must differ in both cases. A possibility exists where an access to the resource should be permitted to one and denied to other. The case reflects a huge challenge in determining and setting their access rights and privileges for secured sharing of sensitive EHR in-spite of wide gap in their services.

Basically, sharing of EHR is dependent on how best the two systems can achieve interoperability. HL7 has been addressing interoperability problems in sharing or exchanging EHRs for over two decades now. It (HL7 Standards, 2015; HL7 Evolution, 2010) provides a framework for exchange and sharing of EHRs for seamless integration between disparate healthcare organizations. The Standard is broadly divided into two categories – Version 2 (V2) and Version 3 (V3). Fast Healthcare Interoperability Resources Specification (FHIR), Release 1 (HL7 FHIR, 2015) combines the best features of HL7’s V2, V3 and CDA product lines. It is a standard for exchanging healthcare data electronically. It simplifies implementation without compromising information integrity. Integrity is complemented with confidentiality and availability of data.

Interoperable sharing of EHRs exhibits another challenge -maintaining the confidentiality and privacy of sensitive health information without compromising its availability to the health providers. NIST (NIST 800-53, 2013) in collaboration with the Office of the Director of National Intelligence (ODNI), the Department of Defense (DoD), and the Committee on National Security Systems (CNSS) is establishing a unified information security framework for the federal government. This framework is said to provide a strong base for mutual acceptance of authorization decisions and facilitate information sharing between disparate organizations.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing