Poulymenopoulou Mikaela, Papakonstantinou Despina, Malamateniou Flora, Prentza Andriana, Vassilacopoulos George
Department of Digital Systems, University of Piraeus, Piraeus, Greece.
Stud Health Technol Inform. 2013;190:129-31.
Electronic personal health record (PHR) is a citizen-centric information tool that allows citizens to control their personal information. However, an ideal PHR should also allow citizens to connect with their formal and informal caregivers (e.g. a family member, a caregiver) and together manage citizen health and social information. This introduces specific challenges in terms of security since multiple parties make entries and require access to PHR data. Since citizens are typically non-security and non-domain experts is considered impossible to control all this information. To this end, this paper presents a conceptual security framework for the employment of an attribute-based PHR access control policy that is continually updated according to providers' local security policies and individual professionals and citizen sharing preferences.
电子个人健康记录(PHR)是以公民为中心的信息工具,使公民能够控制自己的个人信息。然而,理想的PHR还应允许公民与其正式和非正式护理人员(如家庭成员、护理人员)建立联系,并共同管理公民的健康和社会信息。由于多方进行录入并需要访问PHR数据,这在安全方面带来了特定挑战。鉴于公民通常并非安全和领域专家,认为不可能控制所有这些信息。为此,本文提出了一个概念性安全框架,用于采用基于属性的PHR访问控制策略,该策略会根据提供者的本地安全策略以及个人专业人员和公民的共享偏好不断更新。
