Authorization in cross-border eHealth systems

Daisy Daiqin He*, Jian Yang, Michael Compton, Kerry Taylor

*Corresponding author for this work

Research output: Contribution to journalArticle

5 Citations (Scopus)

Abstract

Modern eHealth systems require collaborations between individual social entities such as hospitals, medical centers, emergency services and community services. Security and privacy are critical issues in this interoperability challenge. In an eHealth system that crosses different administrative domains, individual organisations usually define their authorization control policies independently. When a collaboration opportunity arises a number of issues may be raised. For example, is the collaboration possible given the authorization policies of collaboration participants? How can policy inconsistencies among collaboration participants be identified and resolved? What kind of authorization control support is needed as the collaboration proceeds? In this paper, we analyze different types of collaborations and provide insights into authorization control in individual organisations as well as in collaboration activities. We propose a model to capture the necessary elements for specifying authorization policy for cross-border collaboration. Based on the model, various inconsistencies between authorization policies from different business units are discussed and handling strategies are suggested according to the intended collaboration types. We also briefly discuss how a description logic reasoner can be used to test whether two set of policies are suitable for collaboration. This work lays a foundation for policy development, negotiation and enforcement for cross-border collaboration.

Original languageEnglish
Pages (from-to)43-55
Number of pages13
JournalInformation Systems Frontiers
Volume14
Issue number1
DOIs
Publication statusPublished - Mar 2012

Fingerprint Dive into the research topics of 'Authorization in cross-border eHealth systems'. Together they form a unique fingerprint.

  • Cite this