TY - GEN
T1 - A security framework for XML schemas and documents for healthcare
AU - Algarin, Alberto De La Rosa
AU - Demurjian, Steven A.
AU - Berhe, Solomon
AU - Pavlich-Mariscal, Jaime A.
PY - 2012
Y1 - 2012
N2 - The extensible Markup Language (XML) has wide usage in healthcare to facilitate health information exchange via the Continuity of Care Record (CCR) for storing/managing patient data, diagnoses, medical notes, tests, scans, etc. Health IT products like electronic health record (EHR, e.g., GE Centricity) and personal health record (PHR, e.g., MS Health Vault) use CCR for data representation. To manage patient data in CCR, security as governed by HTPAA must be attained when using XML and its technologies (XACML, XSLT, etc.). Our objective is to have an XML document (CCR instance) appear differently to authorized users at different times based on a user's role, constraints, separation of duty, delegation of authority, etc. In this paper, we propose a security framework that targets XML schémas and documents, in general, and CCR schémas and documents, in particular with control capabilities that achieve customizable access to an XML document's elements by applying secure software engineering methodologies and defining new UML XML-focused diagrams for schémas and permissions. This allows us to generate XACML policies, and enforce security at the runtime level on XML instances to insure that correct and required patient data is securely delivered. In a market of rapidly emerging mobile healthcare applications to allow patients to manage their own data (PHRs) and for self-management of chronic diseases, the need for secure access to information and its authorization and transmission to providers (and EHRs) will be critical.
AB - The extensible Markup Language (XML) has wide usage in healthcare to facilitate health information exchange via the Continuity of Care Record (CCR) for storing/managing patient data, diagnoses, medical notes, tests, scans, etc. Health IT products like electronic health record (EHR, e.g., GE Centricity) and personal health record (PHR, e.g., MS Health Vault) use CCR for data representation. To manage patient data in CCR, security as governed by HTPAA must be attained when using XML and its technologies (XACML, XSLT, etc.). Our objective is to have an XML document (CCR instance) appear differently to authorized users at different times based on a user's role, constraints, separation of duty, delegation of authority, etc. In this paper, we propose a security framework that targets XML schémas and documents, in general, and CCR schémas and documents, in particular with control capabilities that achieve customizable access to an XML document's elements by applying secure software engineering methodologies and defining new UML XML-focused diagrams for schémas and permissions. This allows us to generate XACML policies, and enforce security at the runtime level on XML instances to insure that correct and required patient data is securely delivered. In a market of rapidly emerging mobile healthcare applications to allow patients to manage their own data (PHRs) and for self-management of chronic diseases, the need for secure access to information and its authorization and transmission to providers (and EHRs) will be critical.
KW - Continuity of care record
KW - Role-based access control
KW - XML schemas
KW - security policies and enforcement
UR - http://www.scopus.com/inward/record.url?scp=84875626470&partnerID=8YFLogxK
U2 - 10.1109/BIBMW.2012.6470239
DO - 10.1109/BIBMW.2012.6470239
M3 - Conference contribution
AN - SCOPUS:84875626470
SN - 9781467327466
T3 - Proceedings - 2012 IEEE International Conference on Bioinformatics and Biomedicine Workshops, BIBMW 2012
SP - 782
EP - 789
BT - Proceedings - 2012 IEEE International Conference on Bioinformatics and Biomedicine Workshops, BIBMW 2012
T2 - 2012 IEEE International Conference on Bioinformatics and Biomedicine Workshops, BIBMW 2012
Y2 - 4 October 2012 through 7 October 2012
ER -