nach oben

Journal of Medical Systems

Erschienen in:

01.10.2012 | ORIGINAL PAPER

RBAC-Matrix-Based EMR Right Management System to Improve HIPAA Compliance

verfasst von: Hung-Chang Lee, Shih-Hsin Chang

Erschienen in: Journal of Medical Systems | Ausgabe 5/2012

Einloggen, um Zugang zu erhalten

Abstract

Security control of Electronic Medical Record (EMR) is a mechanism used to manage electronic medical records files and protect sensitive medical records document from information leakage. Researches proposed the Role-Based Access Control(RBAC). However, with the increasing scale of medical institutions, the access control behavior is difficult to have a detailed declaration among roles in RBAC. Furthermore, with the stringent specifications such as the U.S. HIPAA and Canada PIPEDA etc., patients are encouraged to have the right in regulating the access control of his EMR. In response to these problems, we propose an EMR digital rights management system, which is a RBAC-based extension to a matrix organization of medical institutions, known as RBAC-Matrix. With the aim of authorizing the EMR among roles in the organization, RBAC-Matrix also allow patients to be involved in defining access rights of his records. RBAC-Matrix authorizes access control declaration among matrix organizations of medical institutions by using XrML file in association with each EMR. It processes XrML rights declaration file-based authorization of behavior in the two-stage design, called master & servant stage, thus makes the associated EMR to be better protected. RBAC-Matrix will also make medical record file and its associated XrML declaration to two different EMRA(EMR Authorization)roles, namely, the medical records Document Creator (DC) and the medical records Document Right Setting (DRS). Access right setting, determined by the DRS, is cosigned by the patient, thus make the declaration of rights and the use of EMR to comply with HIPAA specifications.

Apple Daily, Selina’s bedside birthday, Chang Gung medical records of any translation, http://tw.nextmedia.com/applenews/article/art_id/32926156/IssueID/20101031, accessed 2010/11/02.

Win, K. T., Susilo, W., and Mu, Y., Personal health record systems and their security protection. J. Med. Syst. 30(4):309–315, 2006.CrossRef

Ferraiolo, D. F., and Kuhn, R. Role-Based Access Control, Proceedings of the 15th National Computer Security Conference, 1992.

National Institutes of Health, Health Services Research and the HIPAA Privacy Rule, http://privacyruleandresearch.nih.gov, accessed Aug. 2010.

Office of the Privacy Commissioner of Canada, The Personal Information Protection and Electronic Documents Act (PIPEDA), http://www.priv,gc.ca, accessed Aug. 2010.

Condric, L., Dech, D., and Galic, D. The importance of project office in matrix organization. 8th International Conference on Telecommunications - ConTEL 2005, Zagreb, 2005.

ContentGuard, XrML: eXtensible rights Markup Language. http://www.xrml.org/index.asp, accessed Dec. 2010.

Yang, J. -T., The research of XrML-based multimedia digital rights management system. Master’s thesis, National Chung Cheng University, 2005.

Fan, J. -S., The XrML-based enterprise digital rights management system for access control. Master’s thesis, Tatung University, 2010.

10.

Sandhu, R., et al., Role-based access control models. IEEE Comput. 29(2):38–47, 1996.CrossRef

11.

Ferraiolo, D. F., et al., Proposed NIST standard for role-based access control. ACM Trans. On Information and System Security. 4(3), 2001.

12.

National Institute of Standards and Technology (NIST), security requirements for cryptographic modules, FIPS PUB 140–2, 2001.

13.

Sauders, G., Hitchens, M., and Varadharajan, V., Role-based access control and the access control matrix. ACM Operating Systems Review, Oct. 2001.

14.

Lee, W. -B., Lee, C. -D., A cryptographic key management solution for HIPAA privacy/security regulations. Master’s thesis, Feng Chia University, 2008.

15.

Office of the NSW Privacy Commissioner, “Health Records and Information Privacy Act 2002,” http://www.ipc.nsw.gov.au, accessed Sep. 2010.

16.

Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y. F., A secure authentication scheme for telecare medicine information systems. J. Med. Syst., 2010. doi:10.1007/s10916-010-9614-9.

17.

National Institute of Standards and Technology (NIST), Advanced Encryption Standard (AES), FIPS PUB 197, 2001.

18.

Chen, J.-L., A enterprise digital rights management system based on group-oriented authorization. Electron. Commer. Res. 7(2):133–150, 2009.

Titel: RBAC-Matrix-Based EMR Right Management System to Improve HIPAA Compliance
verfasst von: Hung-Chang Lee
Shih-Hsin Chang
Publikationsdatum: 01.10.2012
Verlag: Springer US
Erschienen in: Journal of Medical Systems / Ausgabe 5/2012
Print ISSN: 0148-5598
Elektronische ISSN: 1573-689X
DOI: https://doi.org/10.1007/s10916-011-9776-0

Live-Webinar "Chronische Unterbauch- und Viszeralschmerzen in der Praxis managen"

Springer Medizin

RBAC-Matrix-Based EMR Right Management System to Improve HIPAA Compliance

Abstract

Live-Webinar "Chronische Unterbauch- und Viszeralschmerzen in der Praxis managen"

Springer Medizin

Abstract

Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten

Weitere Artikel der Ausgabe 5/2012

Comparing Four Softwares Based on ISO 9241 Part 10

Manual Refinement System for Graph-Based Segmentation Results in the Medical Domain

Computer-Assisted Diagnosis of Tuberculosis: A First Order Statistical Approach to Chest Radiograph

A Mobile Agent Approach for Secure Integrated Medical Information Systems

The Effect of Artificial Neural Network Model Combined with Six Tumor Markers in Auxiliary Diagnosis of Lung Cancer

A Swarm Optimized Neural Network System for Classification of Microcalcification in Mammograms