TY - GEN
T1 - Design and Implementation of a Privacy Aware Framework for Sharing Electronic Health Records
AU - Yang, Cheng Yi
AU - Liu, Chien Tsai
AU - Tseng, Tzu Wei
N1 - Publisher Copyright:
© 2015 IEEE.
PY - 2015/12/8
Y1 - 2015/12/8
N2 - Prevalent EHRs (Electronic Health Records) present an opportunity to provide a safer, efficient and patient-centered care environment, but this may also cause the disclosure of patient privacy information without the patient authorization, in particular, when sharing of EHRs across healthcare providers or hospitals. Although, IHE (Integrating the Healthcare Enterprise) provides a widely used EHRs integrating and sharing profile (Cross-Enterprise Document Sharing, XDS.b profile) and a patient privacy protecting profile (Basic Patient Privacy Consents, BPPC profile), there are still a small number of implementation cases that demonstrate the efficiency of using these two profiles for protection of patients' privacy while exchange or sharing of their EHRs in an affinity domain. In this research, we developed a patient privacy aware framework to achieve EHRs interoperability based on these XDS.b and BPPC profiles. In this framework, each EHR is classified with a privacy level based on its sensitivity. For each EHR category, a patient specifies the roles that can access that EHR category, i.e., The privacy policies, in the patient's consent form. We then set up a centralized patient privacy matrix to represent the patient's privacy policies for access control management during sharing of his/her EHRs in an affinity domain. As such, patients can benefit from the sharing of EHRs across hospitals while their privacy is guaranteed by the specified consent policies.
AB - Prevalent EHRs (Electronic Health Records) present an opportunity to provide a safer, efficient and patient-centered care environment, but this may also cause the disclosure of patient privacy information without the patient authorization, in particular, when sharing of EHRs across healthcare providers or hospitals. Although, IHE (Integrating the Healthcare Enterprise) provides a widely used EHRs integrating and sharing profile (Cross-Enterprise Document Sharing, XDS.b profile) and a patient privacy protecting profile (Basic Patient Privacy Consents, BPPC profile), there are still a small number of implementation cases that demonstrate the efficiency of using these two profiles for protection of patients' privacy while exchange or sharing of their EHRs in an affinity domain. In this research, we developed a patient privacy aware framework to achieve EHRs interoperability based on these XDS.b and BPPC profiles. In this framework, each EHR is classified with a privacy level based on its sensitivity. For each EHR category, a patient specifies the roles that can access that EHR category, i.e., The privacy policies, in the patient's consent form. We then set up a centralized patient privacy matrix to represent the patient's privacy policies for access control management during sharing of his/her EHRs in an affinity domain. As such, patients can benefit from the sharing of EHRs across hospitals while their privacy is guaranteed by the specified consent policies.
KW - Electronic Health Record
KW - IHE BPPC
KW - IHE XDS
KW - patient privacy
UR - http://www.scopus.com/inward/record.url?scp=84966393681&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84966393681&partnerID=8YFLogxK
U2 - 10.1109/ICHI.2015.92
DO - 10.1109/ICHI.2015.92
M3 - Conference contribution
AN - SCOPUS:84966393681
T3 - Proceedings - 2015 IEEE International Conference on Healthcare Informatics, ICHI 2015
SP - 504
EP - 508
BT - Proceedings - 2015 IEEE International Conference on Healthcare Informatics, ICHI 2015
A2 - Fu, Wai-Tat
A2 - Balakrishnan, Prabhakaran
A2 - Harabagiu, Sanda
A2 - Wang, Fei
A2 - Srivatsava, Jaideep
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 3rd IEEE International Conference on Healthcare Informatics, ICHI 2015
Y2 - 21 October 2015 through 23 October 2015
ER -