Abstract
The Cross-Enterprise Document Sharing (XDS) profile of Integrating the Healthcare Enterprise (IHE) is one of guiding principles for the implementation of Healthcare Information Exchange. The IHE Basic Patient Privacy Consents (BPPC) profile complements XDS by providing a mechanism to protect the privacy in documents stored in each Document Repository. However, the BPPC profile pays little attention to the sensitive information in document metadata stored in the Document Registry. This paper proposes a privacy framework for the protection of privacy in the document metadata stored in the Document Registry. It introduces Privacy View, Privacy Policy and Privacy Monitor into XDS. Privacy View specifies the sensitive document metadata in Document Registry. Privacy Policy defines on what conditions Privacy View can be accessed or to whom Privacy View is granted. Privacy Monitor is responsible for deciding whether an access request is permitted according to Privacy View and Privacy Policy. The experiment results show that the privacy framework could ensure the effective prevention of the sensitive document metadata specified by Privacy Views from exposure to unauthorized individuals in accordance with Privacy Policies.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call