Design and Implementation of a Privacy Aware Framework for Sharing Electronic Health Records

Cheng Yi Yang, Chien Tsai Liu, Tzu Wei Tseng

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Prevalent EHRs (Electronic Health Records) present an opportunity to provide a safer, efficient and patient-centered care environment, but this may also cause the disclosure of patient privacy information without the patient authorization, in particular, when sharing of EHRs across healthcare providers or hospitals. Although, IHE (Integrating the Healthcare Enterprise) provides a widely used EHRs integrating and sharing profile (Cross-Enterprise Document Sharing, XDS.b profile) and a patient privacy protecting profile (Basic Patient Privacy Consents, BPPC profile), there are still a small number of implementation cases that demonstrate the efficiency of using these two profiles for protection of patients' privacy while exchange or sharing of their EHRs in an affinity domain. In this research, we developed a patient privacy aware framework to achieve EHRs interoperability based on these XDS.b and BPPC profiles. In this framework, each EHR is classified with a privacy level based on its sensitivity. For each EHR category, a patient specifies the roles that can access that EHR category, i.e., The privacy policies, in the patient's consent form. We then set up a centralized patient privacy matrix to represent the patient's privacy policies for access control management during sharing of his/her EHRs in an affinity domain. As such, patients can benefit from the sharing of EHRs across hospitals while their privacy is guaranteed by the specified consent policies.

Original languageEnglish
Title of host publicationProceedings - 2015 IEEE International Conference on Healthcare Informatics, ICHI 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages504-508
Number of pages5
ISBN (Print)9781467395489
DOIs
Publication statusPublished - Dec 8 2015
Event3rd IEEE International Conference on Healthcare Informatics, ICHI 2015 - Dallas, United States
Duration: Oct 21 2015Oct 23 2015

Other

Other3rd IEEE International Conference on Healthcare Informatics, ICHI 2015
CountryUnited States
CityDallas
Period10/21/1510/23/15

Fingerprint

Electronic Health Records
Privacy
Consent Forms
Patient-Centered Care
Disclosure
Health Personnel
Delivery of Health Care

Keywords

  • Electronic Health Record
  • IHE BPPC
  • IHE XDS
  • patient privacy

ASJC Scopus subject areas

  • Health Informatics

Cite this

Yang, C. Y., Liu, C. T., & Tseng, T. W. (2015). Design and Implementation of a Privacy Aware Framework for Sharing Electronic Health Records. In Proceedings - 2015 IEEE International Conference on Healthcare Informatics, ICHI 2015 (pp. 504-508). [7349754] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICHI.2015.92

Design and Implementation of a Privacy Aware Framework for Sharing Electronic Health Records. / Yang, Cheng Yi; Liu, Chien Tsai; Tseng, Tzu Wei.

Proceedings - 2015 IEEE International Conference on Healthcare Informatics, ICHI 2015. Institute of Electrical and Electronics Engineers Inc., 2015. p. 504-508 7349754.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Yang, CY, Liu, CT & Tseng, TW 2015, Design and Implementation of a Privacy Aware Framework for Sharing Electronic Health Records. in Proceedings - 2015 IEEE International Conference on Healthcare Informatics, ICHI 2015., 7349754, Institute of Electrical and Electronics Engineers Inc., pp. 504-508, 3rd IEEE International Conference on Healthcare Informatics, ICHI 2015, Dallas, United States, 10/21/15. https://doi.org/10.1109/ICHI.2015.92
Yang CY, Liu CT, Tseng TW. Design and Implementation of a Privacy Aware Framework for Sharing Electronic Health Records. In Proceedings - 2015 IEEE International Conference on Healthcare Informatics, ICHI 2015. Institute of Electrical and Electronics Engineers Inc. 2015. p. 504-508. 7349754 https://doi.org/10.1109/ICHI.2015.92
Yang, Cheng Yi ; Liu, Chien Tsai ; Tseng, Tzu Wei. / Design and Implementation of a Privacy Aware Framework for Sharing Electronic Health Records. Proceedings - 2015 IEEE International Conference on Healthcare Informatics, ICHI 2015. Institute of Electrical and Electronics Engineers Inc., 2015. pp. 504-508
@inproceedings{02ad58d56b094e938989dbb60bf5dc1c,
title = "Design and Implementation of a Privacy Aware Framework for Sharing Electronic Health Records",
abstract = "Prevalent EHRs (Electronic Health Records) present an opportunity to provide a safer, efficient and patient-centered care environment, but this may also cause the disclosure of patient privacy information without the patient authorization, in particular, when sharing of EHRs across healthcare providers or hospitals. Although, IHE (Integrating the Healthcare Enterprise) provides a widely used EHRs integrating and sharing profile (Cross-Enterprise Document Sharing, XDS.b profile) and a patient privacy protecting profile (Basic Patient Privacy Consents, BPPC profile), there are still a small number of implementation cases that demonstrate the efficiency of using these two profiles for protection of patients' privacy while exchange or sharing of their EHRs in an affinity domain. In this research, we developed a patient privacy aware framework to achieve EHRs interoperability based on these XDS.b and BPPC profiles. In this framework, each EHR is classified with a privacy level based on its sensitivity. For each EHR category, a patient specifies the roles that can access that EHR category, i.e., The privacy policies, in the patient's consent form. We then set up a centralized patient privacy matrix to represent the patient's privacy policies for access control management during sharing of his/her EHRs in an affinity domain. As such, patients can benefit from the sharing of EHRs across hospitals while their privacy is guaranteed by the specified consent policies.",
keywords = "Electronic Health Record, IHE BPPC, IHE XDS, patient privacy",
author = "Yang, {Cheng Yi} and Liu, {Chien Tsai} and Tseng, {Tzu Wei}",
year = "2015",
month = "12",
day = "8",
doi = "10.1109/ICHI.2015.92",
language = "English",
isbn = "9781467395489",
pages = "504--508",
booktitle = "Proceedings - 2015 IEEE International Conference on Healthcare Informatics, ICHI 2015",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Design and Implementation of a Privacy Aware Framework for Sharing Electronic Health Records

AU - Yang, Cheng Yi

AU - Liu, Chien Tsai

AU - Tseng, Tzu Wei

PY - 2015/12/8

Y1 - 2015/12/8

N2 - Prevalent EHRs (Electronic Health Records) present an opportunity to provide a safer, efficient and patient-centered care environment, but this may also cause the disclosure of patient privacy information without the patient authorization, in particular, when sharing of EHRs across healthcare providers or hospitals. Although, IHE (Integrating the Healthcare Enterprise) provides a widely used EHRs integrating and sharing profile (Cross-Enterprise Document Sharing, XDS.b profile) and a patient privacy protecting profile (Basic Patient Privacy Consents, BPPC profile), there are still a small number of implementation cases that demonstrate the efficiency of using these two profiles for protection of patients' privacy while exchange or sharing of their EHRs in an affinity domain. In this research, we developed a patient privacy aware framework to achieve EHRs interoperability based on these XDS.b and BPPC profiles. In this framework, each EHR is classified with a privacy level based on its sensitivity. For each EHR category, a patient specifies the roles that can access that EHR category, i.e., The privacy policies, in the patient's consent form. We then set up a centralized patient privacy matrix to represent the patient's privacy policies for access control management during sharing of his/her EHRs in an affinity domain. As such, patients can benefit from the sharing of EHRs across hospitals while their privacy is guaranteed by the specified consent policies.

AB - Prevalent EHRs (Electronic Health Records) present an opportunity to provide a safer, efficient and patient-centered care environment, but this may also cause the disclosure of patient privacy information without the patient authorization, in particular, when sharing of EHRs across healthcare providers or hospitals. Although, IHE (Integrating the Healthcare Enterprise) provides a widely used EHRs integrating and sharing profile (Cross-Enterprise Document Sharing, XDS.b profile) and a patient privacy protecting profile (Basic Patient Privacy Consents, BPPC profile), there are still a small number of implementation cases that demonstrate the efficiency of using these two profiles for protection of patients' privacy while exchange or sharing of their EHRs in an affinity domain. In this research, we developed a patient privacy aware framework to achieve EHRs interoperability based on these XDS.b and BPPC profiles. In this framework, each EHR is classified with a privacy level based on its sensitivity. For each EHR category, a patient specifies the roles that can access that EHR category, i.e., The privacy policies, in the patient's consent form. We then set up a centralized patient privacy matrix to represent the patient's privacy policies for access control management during sharing of his/her EHRs in an affinity domain. As such, patients can benefit from the sharing of EHRs across hospitals while their privacy is guaranteed by the specified consent policies.

KW - Electronic Health Record

KW - IHE BPPC

KW - IHE XDS

KW - patient privacy

UR - http://www.scopus.com/inward/record.url?scp=84966393681&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84966393681&partnerID=8YFLogxK

U2 - 10.1109/ICHI.2015.92

DO - 10.1109/ICHI.2015.92

M3 - Conference contribution

AN - SCOPUS:84966393681

SN - 9781467395489

SP - 504

EP - 508

BT - Proceedings - 2015 IEEE International Conference on Healthcare Informatics, ICHI 2015

PB - Institute of Electrical and Electronics Engineers Inc.

ER -