Design and Implementation of a Privacy Aware Framework for Sharing Electronic Health Records

Prevalent EHRs (Electronic Health Records) present an opportunity to provide a safer, efficient and patient-centered care environment, but this may also cause the disclosure of patient privacy information without the patient authorization, in particular, when sharing of EHRs across healthcare providers or hospitals. Although, IHE (Integrating the Healthcare Enterprise) provides a widely used EHRs integrating and sharing profile (Cross-Enterprise Document Sharing, XDS.b profile) and a patient privacy protecting profile (Basic Patient Privacy Consents, BPPC profile), there are still a small number of implementation cases that demonstrate the efficiency of using these two profiles for protection of patients' privacy while exchange or sharing of their EHRs in an affinity domain. In this research, we developed a patient privacy aware framework to achieve EHRs interoperability based on these XDS.b and BPPC profiles. In this framework, each EHR is classified with a privacy level based on its sensitivity. For each EHR category, a patient specifies the roles that can access that EHR category, i.e., The privacy policies, in the patient's consent form. We then set up a centralized patient privacy matrix to represent the patient's privacy policies for access control management during sharing of his/her EHRs in an affinity domain. As such, patients can benefit from the sharing of EHRs across hospitals while their privacy is guaranteed by the specified consent policies.