Healthcare is an increasingly collaborative enterprise involving many individuals and organizations that coordinate their efforts toward promoting quality and efficient delivery of healthcare through the use of pervasive healthcare information systems. The latter can provide seamless access to well-informed, high-quality healthcare services anywhere, anytime by removing temporal, spatial and other constraints imposed by the technological heterogeneity of existing healthcare information systems. In such environments, concerns over the privacy and security of health information arise. Hence, it is essential to provide an effective access control mechanism that meets the requirements imposed by the least privilege principle by adjusting user permissions continuously in order to adapt to the current situation. This chapter presents a pervasive grid-based healthcare information system architecture that facilitates authorized access to healthcare processes via wireless devices. Context-aware technologies are used to both automate healthcare processes and regulate access to services and data via a fine-grained access control mechanism.
TopIntroduction
Healthcare delivery is a highly complex process involving a broad range of healthcare services (e.g. in-patient, out-patient, emergency), typically performed by a number of geographically distributed and organizationally disparate healthcare providers requiring increased collaboration and coordination of their activities in order to provide shared and integrated care when and where needed (Koufi & Vassilacopoulos, 2008). As healthcare providers are mostly hosting diverse information systems, promoting quality and efficient delivery of healthcare, requires the use of interoperable healthcare information systems (HIS).With the advent of pervasive and ubiquitous computing technologies, the requirements for information technology to healthcare process alignment can be met with the least possible intervention from the participating parties. For example, an HIS architecture that places emphasis on supporting collaboration and coordination among various healthcare services can also fulfill the requirements to support mobility of healthcare professionals that may lead to a pervasive computing infrastructure. Thus, patient information which is scattered around disparate and geographically dispersed systems can be readily accessed in a pervasive manner by authorized users at the point of care.
This chapter will present a grid-enabled HIS architecture that facilitates seamless and pervasive access to integrated healthcare services by utilizing both wireless and agent technologies. This architecture utilizes the Business Process Execution Language (BPEL) for modeling healthcare processes, Grid middleware technology for resolving data integration issues and Radio Frequency Identification (RFID) technology for user identification. Thus, healthcare processes performed within the boundaries of a health district are modeled as flows of Grid database services which provide an integrated or even derived view of data retrieved by multiple distributed data resources, such as relational and XML databases (Open Grid Services Architecture - Data Access and Integration, n.d.). In addition, agent technology is used for implementing a context-aware authorization mechanism to conveniently and effectively regulate user access to patient information while providing confidence that security policies are faithfully and consistently enforced. The system functionality is delivered to the healthcare professionals’ personal digital assistants (PDAs) via a customized Grid portal application that complies with the restrictions imposed by PDA technology (e.g. limited display size).
One important consideration in the development of such an HIS is to secure personal information against unauthorized access, collection, use, disclosure or disposal by ensuring a tight matching of permissions to actual usage and need. To this end, the least privilege principle should be enforced which, in turn, requires continuous adjustments of the sets of user permissions to ensure that, at any time, users assume the minimum sets of permissions required for the execution of each task of a healthcare process. The system architecture presented here implements a dynamic, context-aware access control mechanism that incorporates the advantages of broad, role-based permission assignment and administration across object types, as in role-based access control (RBAC) (National Institute of Standards and Technology (NIST), n.d.), and yet provides the flexibility for adjusting role permissions on individual objects during a BPEL process enactment according to the current context. During the execution of a process instance, changes in contextual information are sensed to adapt user permissions to the minimum required for completing a job. Relevant access control policies are enforced at both the BPEL task level and the Grid database service level.