Abstract
Privacy is an important aspect of interoperable medical information systems. Governments and health care organizations have established privacy policies to prevent abuse of personal health data. These policies often require organizations to obtain patient consent prior to exchanging personal information with other interoperable systems. The consents are defined in form of so-called disclosure directives. However, policies are often not precise enough to address all possible eventualities and exceptions. Unanticipated priorities and other care contexts may cause conflicts between a patient’s disclosure directives and the need to receive treatments from informed caregivers. It is commonly agreed that in these situations patient safety takes precedence over information privacy. Therefore, caregivers are typically given the ability to override the patient’s disclosure directives to protect patient safety. These overrides must be logged and are subject to privacy audits to prevent abuse. Centralized “shared health record” (SHR) infrastructures include consent management systems that enact the above functionality. However, consent management mechanisms do not extend to information systems that exchange clinical information on a peer-to-peer basis, e.g., by secure messaging. Our article addresses this gap by presenting a consent management mechanism for peer-to-peer interoperable systems. The mechanism restricts access to sensitive, medical data based on defined consent directives, but also allows overriding the policies when needed. The overriding process is monitored and audited in order to prevent misuse. The mechanism has been implemented in an open source project called CDAShip and has been made available on SourceForge.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
At this point, CDAShip does not prescribe an order how peers are selected, i.e., their selection is non-deterministic.
For example: Wolf Medical, Osler Systems, CliniCare.
These peers can be selected automatically from the sender’s address book
References
Booth, N. (2003). Sharing patient information electronically throughout the NHS. British Medical Journal, 327(7407), 114.
Allas, A. (2006). Canada health infoway: EHRS blueprint. Health Canada Infoway.
NEHTA (2010). NEHTA Blueprint v. 1.0. National eHealth Transition Authority. http://www.nehta.gov.au/about-us/nehta-blueprint
Bishop, M. (2002). Computer security: Art and science. Addison-Wesley.
Dolin, R. H., Alschuler, L., Beebe, C., Biron, P. V., Boyer, S. L., Essin, D., et al. (2001). The HL7 clinical document architecture. Journal of the American Medical Informatics Association, 8(6), 552.
OASIS (2005). XACML eXtensible Access Control Markup Language (XACML) Version 2.0, OASIS Standard. http://docs.oasis-open.org/xacml/
Gerck, E. (2000). Overview of certification systems: X. 509, PKIX, CA, PGP& SKIP. The Bell, 1(3), 8.
Shamir, A. (1979). How to share a secret. Communications of the ACM, 22(11), 612–613.
Ferreira, A., Cruz-Correia, R., Antunes, L., Farinha,P., Oliveira-Palhares, E., Chadwick, D. W., et al. (2006). How to break access control in a controlled manner. 19th IEEE Intl Symposium on Computer-Based Medical Systems, pp. 847–851, IEEE CS.
Povey, D. (2000). Optimistic security: A new access control paradigm. In WNSP: New Security Paradigms Workshop. ACM Press.
Firozabadi, B. S., Rissanen, E., & Sergo, M. (2006). Towards a mechanism for discretionary overriding of access control. In Christianson et al. (eds). Security Protocols, LNCS 3957, pp. 312–319, Springer.
Hwang, G., & Chang, T.-K. (2004). An operational model and language support for securing XML documents. Computers & Security, 23(6), 498–529.
Ferrari, E., & Bertino, E. (2002). Secure and selective dissemination of XML documents. ACM Transactions on Information and System Security, 5(3), 290–331.
Blakley, G. R. (1979). Safeguarding cryptographic keys. Proc. of National Computer Conference, pp. 313–317.
Benaloh, J. C. (1987). Secret sharing homomorphisms: keeping shares of a secret secret. In Proc. on Advances in cryptology—CRYPTO ’86, pp. 251–260, London, UK. Springer.
Feldman, P. (1987). A practical scheme for non-interactive verifiable secret sharing.Proc. of 28th Annual Symposium on the Foundations of Computer Science, pp. 427–437, IEEE.
Herzberg, A., Jarecki, S., Krawczyk, H., & Yung, M. (1995). Proactive secret sharing, or: How to cope with perpetual leakage. Proc. of the 15th Annual Intl Cryptology Conference on Advances in Cryptology,pp. 339–352, Springer.
Kaiser, F., Angus, J., & Stevens, H. (2005). e-MS Clinical Document Architecture Implementation Guide.261 pages, Vancouver Island Health Authority, available online at: http://simbioses.ca/cda_implementation_guide.pdf
Hu, J., Chen, H. H., & Hou, T. W. (2010). A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations. Computer Standards & Interfaces, 32(5–6), 274–280. Elsevier.
Anciaux, N., Benzine, M., Bouganim, L., Jacquemin, K., Pucheral, P., & Yin, S. Restoring the patient control over her medical history (2008) 21st IEEE Intl Symposium on Computer-Based Medical Systems, pp.132–137, IEEE CS.
Mell, P., Scarfone, K., & Romanosky, S. (2007). CVSS—A complete guide to the common vulnerability scoring system version 2.0. Forum of Incident Response and Security Teams (FIRST). http://www.first.org/cvss
Ming, Z., Zhigang, T., Cochran, J. J., Cox, L. A., Keskinocak, P., Kharoufeh, P., et al. (2010). k-out-of-n Systems. John Wiley & Sons.
Head, B., & Kuhn, K. (2005). e-MS Exchange Protocol (e-MSEP), Version 1.0. 171 pages, Vancouver Island Health Authority, available online at: http://simbioses.ca/e_ms_exchange_protocol.pdf
Coiera, E., & Clarke, R. (2004). e-Consent: the design and implementation of consumer consent mechanisms in an electronic environment. J Am Med Inform Assoc.v.11(2).
Stepien, B., Felty, A., & Matwin, S. (2009) A non-technical user-oriented display notation for XACML conditions. E-Technologies: Innovation in an Open World, pp. 53–64. Springer.
Blobel, B., & Holena, M. (1997). Comparing middleware concepts for advanced healthcare system architectures. Pp. 69–85, Intl. J. of Medical Informatics, v. 46(2), Springer.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Weber-Jahnke, J.H., Obry, C. Protecting privacy during peer-to-peer exchange of medical documents. Inf Syst Front 14, 87–104 (2012). https://doi.org/10.1007/s10796-011-9304-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10796-011-9304-2