Abstract
Background: Inter-organizational healthcare businesses are ruled by a huge set of policies: legal policies, organizational policies, medical policies, ethical policies, etc., which are quite static, patients policy and process, social and environmental conditions, which are highly dynamic. In the context of a business case, those diff erent policies must be harmonized to enable privilege management and access control decisions. Objectives: The authors off er a methodology to achieve interoperability through policies harmonization in a privilege management and access control solution for EHR systems, to be later on implemented in a cancer care network using HL7 specifications. Methods: To meet the objective, the authors make use of a system-theoretical, architecture-centric, ontology-based approach to formally representing the aforementioned polices for harmonization. Results: Because of its fl exibility and generality, a policydriven RBAC model is used to formally represent all the other access control models such as MAC, DAC, RBAC, ABAC, HL7 Data Segmentation and Labeling Services. All the policies deployed in the context of an inter-organizational collaboration for cancer care can be formalized and then harmonized. Conclusions: The authors provide an implementation independent methodology to enable policies harmonization in EHR systems. The methodology described in the paper is independent on the maturity of organizations’ privilege management and access control system. Furthermore, it does not hamper organizations progressing to more advanced solutions over the time. Even dynamic policies can be harmonized at run time, allowing advancement towards a patient-centered care.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.