Managing Privacy and Effectiveness of Patient-Administered Authorization Policies

Managing Privacy and Effectiveness of Patient-Administered Authorization Policies

Thomas Trojer (University of Innsbruck, Austria), Basel Katt (University of Innsbruck, Austria), Ruth Breu (University of Innsbruck, Austria), Thomas Schabetsberger (ITH-icoserve Technology for Healthcare, Austria) and Richard Mair (ITH-icoserve Technology for Healthcare, Austria)
DOI: 10.4018/jcmam.2012040103
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

A central building block of data privacy is the individual right of information self-determination. Following from that when dealing with shared electronic health records (SEHR), citizens, as the identified individuals of such records, have to be enabled to decide what medical data can be used in which way by medical professionals. In this context individual preferences of privacy have to be reflected by authorization policies to control access to personal health data. There are two potential challenges when enabling patient-controlled access control policy authoring: First, an ordinary citizen neither can be considered a security expert, nor does she or he have the expertise to fully understand typical activities and workflows within the health-care domain. Thus, a citizen is not necessarily aware of implications her or his access control settings have with regards to the protection of personal health data. Both privacy of citizen’s health-data and the overall effectiveness of a health-care information system are at risk if inadequate access control settings are in place. This paper refers to scenarios of a case study previously conducted and shows how privacy and information system effectiveness can be defined and evaluated in the context of SEHR. The paper describes an access control policy analysis method which evaluates a patient-administered access control policy by considering the mentioned evaluation criteria.
Article Preview

Introduction

Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others (Westin, 1967). Therefore data privacy defines itself as a protection mechanism to mitigate personal damage when data can be brought into the context of individual persons. A central building block of privacy is the individual right to decide which data about oneself might be collected and stored and how data is supposed to be processed (OECD, 1980). Since 1983 this right, entitled informational self-determination is a fundamental right in German law1 (law of the German federal constitution (BVerfGE) 65, 1) and further is a substantial part of the European Data Protection Directive 95/46/EC (European Commission, 1995) established all over the European Union (EU) through corresponding national laws.

Despite the right of individual users to participate in activities to control privacy-sensitive information, its implementation is difficult and poses at least the following challenges: An ordinary user is typically not considered a security expert and the actual definition or selection of appropriate authorization preferences requires the user to translate her/his mental conception of privacy into enforceable security configurations. Another issue comes with the impact user-defined settings of authorization may have to the user’s privacy or the resulting effectiveness of the health-care information system. Users, as the sole authors of access control statements, have to be made aware about the consequences there settings imply. Although issues regarding the authoring of access control settings have been well discussed in literature, e.g., by suggesting usable authoring tools, like the line of work done by Karat, Karat, Brodie, and Feng (2006) and Reeder, Karat, Karat, and Brodie (2007) proposes, little attention has been paid to the analysis of impact of access control policies to a specific type of information system. In this work we discuss the interrelationship between two specific criteria which can be used to evaluate access control settings enforced by a health-care information system. Further we derive resolution strategies which are proposed to a citizen to support her/him with resolving inadequate security.

Complete Article List

Search this Journal:
Reset
Volume 4: 2 Issues (2014)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing