Article Preview
TopIntroduction
Health Information Technology (health IT) holds many promises for the healthcare industry. For example, it promises to provide better care for the patients with lower costs by avoiding unnecessary treatments and promises to allow real time access and sharing of a patient’s records for coordinated care. The major push in health IT is to use EHR (Electronic Health Records) systems that clinical doctors and other healthcare providers can access and retrieve patient records electronically. EHR adoption and diffusion among healthcare providers are currently relatively low, but federal legislations such as the HITECH Act and the HIPAA Act are attempting to accelerate not only the EHR implementation but also the meaningful use of patient data for sharing and for decision support analytics across healthcare providers’ organizational boundaries, urging the use of Health Information Exchange (HIE) standards and an interoperable framework.
One of the many major challenges to overcome for EHR systems to be widely adopted for sharing of patient information across different EHR systems in the HIE environment is ensuring patient privacy. With the use of EHR systems, doctors, other healthcare providers, insurance companies, governments, as well as patients could easily access patient information that is stored in various locations. The patient’s privacy should be a paramount priority. Typically, a patient leaves medical records in various providers’ EHR systems. A general practitioner can enter initial checkup notes and his recommendations on his own EHR system. Then a specialist can also record some patient information in his own EHR system, and so do pharmacists, X-ray technicians, etc. In this distributed environment, it is difficult to ensure the consistent privacy control for different health information of the patient.
Currently, a patient at the initial visit to a doctor’s office fills out a paper-based form regarding the health information privacy on how his or her own heath information may be shared. It is difficult to ensure that privacy is controlled in the manner the patient desires or to ensure that the healthcare providers honor the privacy specifications of the patient about sharing and using his or her own health data. The patient simply relies that the organization’s policy is executed in good faith, but has no control over who can access what and how her own data can be shared and used.
In this paper, we first present the patient controlled privacy framework, where a patient can specify and manage her own privacy policies on her own data that are stored in different locations (e.g., doctor’s offices) to maximize the control on the privacy of her own data. In addition, the framework has a privacy policy enforcement component that can control and keep track of the provenance of access, release, sharing and advanced analytics of their medical data such that the patient’s privacy policies are properly adhered to.
However, the basic patient controlled privacy framework may fail in case of a health emergency since the patient’s own policy may not list all the possible emergency situations and non-typical roles may be involved such as the first responders or volunteers who are not in the “regular” healthcare network of the patient. In the absence of pre-specified patient controlled privacy policy in an emergency situation, the system should still be able to provide privacy control, instead of revealing all the medical records unconditionally. To achieve this, we present an approach called Situation-Role based Privacy Control Framework, where a medical emergency situation is modeled with a typical sequence of activities that are associated with handling the medical emergency situation, and a set of default roles for each activity in the situation, called situation roles is defined.
In this framework, the authentication process involves two levels: First, the system should verify the authenticity of the emergency situation. This process is called authentication of situation. Secondly, it should authenticate a person (user) for each activity in the mitigation process such that the person can assume the default situation role for the activity based on the person’s credentials. This process is called situation role activation.