Browse Prior Art Database

A System and method for Disclosure of PHR Data in a Hybrid System composed of XACML and DRM system, based on Context Information & Policy

IP.com Disclosure Number: IPCOM000184804D
Publication Date: 2009-Jun-30

Publishing Venue

The IP.com Prior Art Database

Abstract

ID673835

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 13% of the total text.

Page 1 of 11

A System and method for Disclosure of PHR Data in a Hybrid System composed of XACML and DRM system, based on Context Information & Policy

Background

With the advances of medical information technology, patients and physicians can now benefit from different services. For example, Electronic Patient Record (EPR) is a repository for electronically stored data related to patient's health status and health care. An EPR System can provide functions to improve the quality and the efficiency of health-care delivery. Examples of EPR's functionality are providing reminders and alerts, offering access to multiple clinicians at the same time, or linking knowledge sources to patient's data. Traditional paper-based medical records lack such functions. Next to that, there is an increasing demand for personal healthcare services such as remote patient monitoring. Therefore, a number of standardization activities are aiming at this area such as Continua [3], HITSP [2] (Healthcare Information Technology Standards Panel) etc. Some of the advantages of communicating health related problems electronically include not having to leave the house (which may be an issue for disabled people), asking delicate questions anonymously, or obtaining answers from individuals who one would not have met otherwise. Although, these technologies bring in a number of advantages along, however, at the same time, a number of security and privacy issues arise. Health-related data is generally considered as very private, which justifies the existence of extensive legislation and well-established ethical principles such as Hippocratic Oath. The European Directive 94/46, the Health Insurance Portability and Accountability Act (HIPAA) in the US as well as for example Health Information Protection Act (HIPA) [1][4] legislate rights of individuals and obligations of the "trustees" (e.g. doctors, nurses etc) in the health system with respect to personal health information. These acts apply to personal health information in the health system in any form, including traditional paper records and electronic records.

Modern healthcare communication architectures tend to be open, interconnected environments: Sensitive patient records no longer reside on mainframes physically isolated within a healthcare provider, where physical security measures can be taken to defend the data and the system. Patient files are rather kept in an environment where data is outsourced to or processed on partially untrusted servers in order to allow de-centralized access for family doctors, medical specialists and even non-medical care providers. People collect their health data and store it using a number of personal health record (PHR) services such as Microsoft Health Vault, Google Health, WebMD. The currently employed server-centric protection model, which locks the data in a databas...