Protecting privacy while sharing medical data between regional healthcare entities.

Economies of scale, corporate partnerships and a need to increase the efficiency of Information Technology in the Healthcare sector are leading to the construction of Regional Health Information Organizations (RHIOs) across the United States. RHIOs are normally aligned by service provision given by particular healthcare payers (e.g. Blue Cross-Blue Shield, PacifiCare etc.) in particular geographies. Globalization has created a transient workforce that may require their healthcare provider access their patient data across several sovereign RHIOs. The barrier to enabling RHIO to RHIO collaboration lies in the need to respect the data disclosure policy of each RHIO, to adhere to the geography-specific healthcare legislation and also to not violate the express privacy wishes of the patient(s) involved. In this paper, we propose a data-level control called Sticky Policy Enforcement which allows sharing to occur across RHIOs, while adhering to the concerns mentioned.