By Topic

A security framework for XML schemas and documents for healthcare

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
De la Rosa Algarin, A. ; Dept. of Comput. Sci. & Eng., Univ. of Connecticut, Storrs, CT, USA ; Demurjian, S.A. ; Berhe, S. ; Pavlich-Mariscal, J.A.

The extensible Markup Language (XML) has wide usage in healthcare to facilitate health information exchange via the Continuity of Care Record (CCR) for storing/managing patient data, diagnoses, medical notes, tests, scans, etc. Health IT products like electronic health record (EHR, e.g., GE Centricity) and personal health record (PHR, e.g., MS Health Vault) use CCR for data representation. To manage patient data in CCR, security as governed by HTPAA must be attained when using XML and its technologies (XACML, XSLT, etc.). Our objective is to have an XML document (CCR instance) appear differently to authorized users at different times based on a user's role, constraints, separation of duty, delegation of authority, etc. In this paper, we propose a security framework that targets XML schémas and documents, in general, and CCR schémas and documents, in particular with control capabilities that achieve customizable access to an XML document's elements by applying secure software engineering methodologies and defining new UML XML-focused diagrams for schémas and permissions. This allows us to generate XACML policies, and enforce security at the runtime level on XML instances to insure that correct and required patient data is securely delivered. In a market of rapidly emerging mobile healthcare applications to allow patients to manage their own data (PHRs) and for self-management of chronic diseases, the need for secure access to information and its authorization and transmission to providers (and EHRs) will be critical.

Published in:

Bioinformatics and Biomedicine Workshops (BIBMW), 2012 IEEE International Conference on

Date of Conference:

4-7 Oct. 2012