A security framework for XML schemas and documents for healthcare

Alberto De La Rosa Algarin, Steven A. Demurjian, Solomon Berhe, Jaime A. Pavlich-Mariscal

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

24 Scopus citations

Abstract

The extensible Markup Language (XML) has wide usage in healthcare to facilitate health information exchange via the Continuity of Care Record (CCR) for storing/managing patient data, diagnoses, medical notes, tests, scans, etc. Health IT products like electronic health record (EHR, e.g., GE Centricity) and personal health record (PHR, e.g., MS Health Vault) use CCR for data representation. To manage patient data in CCR, security as governed by HTPAA must be attained when using XML and its technologies (XACML, XSLT, etc.). Our objective is to have an XML document (CCR instance) appear differently to authorized users at different times based on a user's role, constraints, separation of duty, delegation of authority, etc. In this paper, we propose a security framework that targets XML schémas and documents, in general, and CCR schémas and documents, in particular with control capabilities that achieve customizable access to an XML document's elements by applying secure software engineering methodologies and defining new UML XML-focused diagrams for schémas and permissions. This allows us to generate XACML policies, and enforce security at the runtime level on XML instances to insure that correct and required patient data is securely delivered. In a market of rapidly emerging mobile healthcare applications to allow patients to manage their own data (PHRs) and for self-management of chronic diseases, the need for secure access to information and its authorization and transmission to providers (and EHRs) will be critical.

Original languageEnglish
Title of host publicationProceedings - 2012 IEEE International Conference on Bioinformatics and Biomedicine Workshops, BIBMW 2012
Pages782-789
Number of pages8
DOIs
StatePublished - 2012
Event2012 IEEE International Conference on Bioinformatics and Biomedicine Workshops, BIBMW 2012 - Philadelphia, PA, United States
Duration: 04 Oct 201207 Oct 2012

Publication series

NameProceedings - 2012 IEEE International Conference on Bioinformatics and Biomedicine Workshops, BIBMW 2012

Conference

Conference2012 IEEE International Conference on Bioinformatics and Biomedicine Workshops, BIBMW 2012
Country/TerritoryUnited States
CityPhiladelphia, PA
Period04/10/1207/10/12

Keywords

  • Continuity of care record
  • Role-based access control
  • XML schemas
  • security policies and enforcement

Fingerprint

Dive into the research topics of 'A security framework for XML schemas and documents for healthcare'. Together they form a unique fingerprint.

Cite this