Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Policy-Based Security Mechanism for Distributed Health Networks

Published byDwain Cook Modified over 5 years ago

Similar presentations

Presentation on theme: "A Policy-Based Security Mechanism for Distributed Health Networks"— Presentation transcript:

1 A Policy-Based Security Mechanism for Distributed Health Networks
A. Onabajo, C. Obry and J. H. Jahnke netlab Research Group1 Dept of Computer Science University of Victoria, Victoria, BC, Canada

2 Outline Motivation Background Policy-Based Security Mechanism
A Scenario Future work

3 Motivation Knowledge valuable asset of organizations
Trend towards Distributed/Integrated Health Information Sensitive patient information has to be protected Facilitate secured information exchange Flexible and adaptable approach Regulations and individual consents Patient care should still be paramount

4 Background Research into middleware solution for integrated medical information systems Based on domain and technological standards HL7 Standards e.g. RIM and CDA Policy-Based Systems Offer adaptability and easier system modification Encryption Public Key Infrastructure (PKI)

5 Policy-Based Security Mechanism
Policies Provide the rules for information handling and exchange Types Patient Organizational Document Type Encoding eXtensible Access Control Markup Language (XACML)2 OASIS standard Provides languages for defining policies and requests

6 Policy-Based Mechanism (cont’d)
Policy Evaluation Approach Match policies to document Evaluate the rule(s) of policies Apply effects (deny or permit) of rules Rule combination Conflict resolution Precedence by specificity3

7 Policy-Based Mechanism (cont’d)
Encryption Applied after policy evaluation and before transmission Non-authorized sections are not transmitted Document will be encrypted with a symmetric key Encrypted document and symmetric key will be encrypted with recipients public key

8 A Scenario

9 Future Work Currently at initial stage of development
Integration of a Role-based access mechanism Further refinement of conflict resolution of policies

10 Resources www.netlab.uvic.ca
OASIS eXtensible Access Control Markup Language. Available online at Lupu E.C.and Sloman M., Conflicts in Policy-Based Distributed Systems Management IEEE Transactions on Software Engineering, 1999;25(6) C. Obry, J.H. Jahnke, A. Onabajo and W Schafer “Enabling Privacy in Cross-Organisational Information Mediation – An Application in Health Care”. Proceedings 2003 Software Technology and Engineering Practice, Workshop on e-health, software, systems and networks. Amsterdam, The Netherlands. Sept , 2003

Download ppt "A Policy-Based Security Mechanism for Distributed Health Networks"

Similar presentations

September, 2005What IHE Delivers 1 Basic Patient Privacy Consents (BPPC) IHE Vendors Workshop 2006 IHE Patient Care Coordination Education

September, 2005What IHE Delivers 1 Basic Patient Privacy Consents (BPPC) IHE Vendors Workshop 2006 IHE Patient Care Coordination Education
NRL Security Architecture: A Web Services-Based Solution

NRL Security Architecture: A Web Services-Based Solution
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
Engineering Medical Information Systems

Engineering Medical Information Systems
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.

Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
Enforceable Specification of Privacy Peter Mork Jean Stanford CEM IR&D.

Enforceable Specification of Privacy Peter Mork Jean Stanford CEM IR&D.
Data Segmentation Model 17 Jan 2012 John (Mike) Davis HL7 Security Co-Chair.

Data Segmentation Model 17 Jan 2012 John (Mike) Davis HL7 Security Co-Chair.
“...creating knowledge.” Enabling Digital Content Protection on Super-Distribution Models - Carlos Serrão ISCTE – Intituto Superior.

“...creating knowledge.” Enabling Digital Content Protection on Super-Distribution Models - Carlos Serrão ISCTE – Intituto Superior.
Open Workshop on e-Infrastructures, Helsinki October 4 – 5, 2006 Roadmap Parallel Session on last chapter of e-IRG Roadmap: Crossing the Boundaries of.

Open Workshop on e-Infrastructures, Helsinki October 4 – 5, 2006 Roadmap Parallel Session on last chapter of e-IRG Roadmap: Crossing the Boundaries of.
XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.

XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.
Identity Federation in Healthcare Networks Xiaohui Chen Department of Computer Science University of Virginia.

Identity Federation in Healthcare Networks Xiaohui Chen Department of Computer Science University of Virginia.
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
Elisa Bertino Dept. of Computer Science University of Milano Page 1 Author-X Secure and selective access and flexible distribution mechanisms for XML documents.

Elisa Bertino Dept. of Computer Science University of Milano Page 1 Author-X Secure and selective access and flexible distribution mechanisms for XML documents.
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure.

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure.
Audumbar. Access control and privacy Who can access what, under what conditions, and for what purpose.

Audumbar. Access control and privacy Who can access what, under what conditions, and for what purpose.
XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.

XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

Similar presentations

Ads by Google