Abstract
More and more coordination of health care relies on the electronic transmission of confidential information about patients between different health care services. Since the patient data is confidential, patients should be able to delegate, give or withhold e-consent to those who wish to access their electronic health information. Therefore the problem of how to represent and evaluate e-consent becomes quite important in secure health information processing. This paper presents an authorization model for e-consent requirement in a health care application. The model supports well controlled consent delegation, both explicit and implicit consent and denial, individual based or role based consent model, and consent inheritance and exception. A system architecture for e-consent is also presented.
Chapter PDF
Similar content being viewed by others
References
Bertino, E., Buccafurri, F., Ferrari, E., Rullo, P.: A logical framework for reasoning on data access control policies. In: Proc. of the 12th IEEE Computer Society Foundations Workshop, pp. 175–189. IEEE Computer Society Press, Los Alamitos (1999)
Castano, S., Fugini, M., Martella, G., Samarati, P.: Database Security. Addison-Wesley Publishing Company, Reading (1995)
Coiera, E.: Consumer consent in electronic health data exchange. Report, the University of New South Wales, Australia (2001)
Crampton, J., Loizou, G., O’Shea, G.: A logic of access control. The Computer Journal 44, 54–66 (2001)
Jajodia, S., Samarati, P., Subrahmanian, V.S.: A logical language for expressing authorizations. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy, pp. 31–42. IEEE Computer Society Press, Los Alamitos (1997)
Ruan, C., Varadharajan, V., Zhang, Y.: Logic-based reasoning on delegatable authorizations. In: Proc. of the 13th International Symposium on Methodologies for Intelligent Systems, pp. 185–193 (2002)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role based access control models. IEEE Computer 29(2), 38–47 (1996)
Thomsen, D.J.: Role-Based Application Design and Enforcement. In: Database Security, IV: Status and Prospects, pp. 151–169. Elsevier Science Publisher B.V, Amsterdam (1991)
Varadharajan, V., Calvelli, C.: An access control model and its use in representing mental health application access policy. IEEE Transaction on Knowledge and Data Engineering 8(1), 81–95 (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ruan, C., Varadharajan, V. (2003). An Authorization Model for E-consent Requirement in a Health Care Application. In: Zhou, J., Yung, M., Han, Y. (eds) Applied Cryptography and Network Security. ACNS 2003. Lecture Notes in Computer Science, vol 2846. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45203-4_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-45203-4_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20208-0
Online ISBN: 978-3-540-45203-4
eBook Packages: Springer Book Archive