Abstract
Integrating the Healthcare Enterprise (IHE)’s Cross-Enterprise Document Sharing (XDS) profile is an open standards-based architecture specification for EHR systems. In EHR systems, it is necessary to provide a mechanism for access control to protect security and privacy of patient data. On the basis of related studies, this paper addresses the issue of access control and privacy protection of privacy data in XDS-based EHR systems, aiming to identify a suitable, privacy-aware role-based access control model based on specific access requirements for IHE-XDS. Privacy-aware role-based access control model is an extension model of RBAC model. It not just has the benefits of RBAC, but additionally adds restrictions on the permission assignment for the roles by using the purpose enforcement and privacy-aware access control enforcement. The proposed model could further protect privacy data, while decreasing the complexity of the role assignment.
Highlights
The XDS (Cross-enterprise Document Sharing) integration specification proposed by the Integrating the Healthcare Enterprise (IHE) (Integrating Healthcare Enterprise) is used to solve the problem of cross-system information sharing
The main consideration of the Role-Based Access Control (RBAC) model is the protecting security of the system, but it is not intended to enhance the privacy policy because of the lack of three important elements of the privacy policy that described in the OECD (Organization for Economic Co-operation and Development) Guidelines, such as purpose binding, conditions and obligations
This paper elaborated on the idea of designing a Privacy-Aware RBAC model in IHE-XDS, presenting important elements of the model, such as conditions and purposes, and XACML policy execution
Summary
The XDS (Cross-enterprise Document Sharing) integration specification proposed by the IHE (Integrating Healthcare Enterprise) is used to solve the problem of cross-system information sharing. One of the important improvements of the Privacy-Aware RBAC model [9] that has mentioned above is that it changes the description of permissions and introduces elements such as purpose, condition, and obligation. Satisfy the requirements of IHE-XDS, but due to lack of component of privacy-aware access control policies enforcement, cannot ensure the purpose and condition of access. The model designed in this paper is the comprehensive model that based on the advantages of the two last models that mentioned above and it has the features of the role hierarchy of general RBAC, and can provide the conditions, purposes and other fine-grained modules that required by privacy protection. This paper elaborated on the idea of designing a Privacy-Aware RBAC model in IHE-XDS, presenting important elements of the model, such as conditions and purposes, and XACML policy execution
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
