Jan Werner, Bradley Malin, Yonghwan Lee, Akos Ledeczi, Janos Sztipanovits
Citation
Jan Werner, Bradley Malin, Yonghwan Lee, Akos Ledeczi, Janos Sztipanovits. "Integration of Clinical Workflows with Privacy Policies on a Common Semantic Platform". 2nd International Workshop on Model-Based Design of Trustworthy Health Information Systems, September, 2008.
Abstract
Abstract. As healthcare organizations (HCOs) migrate to electronic systems, they must ensure compliance with complex data protection legislation, such as the Health Insurance Portability and Accountability Act (HIPAA). Legislation specifies rules that must be enforced, but regulatory language is often imprecise, forcing HCOs to define local policies and procedures, as well as specific enforcement technologies. It is difficult for HCOs to ensure requirements are correctly translated across the enterprise, a problem compounded by the constant growth and evolution of deployed information technology (IT), such as clinical information systems (CISs). The consequence is HCOs frequently rely on ad hoc IT configurations, which are unverified and potentially conflict with an HCO‟s policy. Thus, it is crucial to develop (1) formal and computable representations of rules and requirements in data protection legislations, and (2) CISs that automatically enforce such specifications. This paper introduces a solution to these challenges by integrating HIPAA policy rules with a domain-specific model-integrated computing suite, tailored to the clinical enterprise. We present a detailed description of the policy-modeling process, the enforcement mechanism, and illustrate how to implement several policies, including mandatory access control and emergency access. All policies are formally specified through Prolog, but their enforcement is dependent on when their compliance can be evaluated. Static policies are enforced at design-time by mapping them to the structural constraints of system models. In contrast, dynamic policy rules, enforced at run-time, are loaded into a Prolog-based Policy Decision Point and Policy Enforcement Point, our extension to the standard SOA execution platform, which controls access to all services reliant upon protected health information. All models are sufficiently rich for integrating a CIS on a standard Service Oriented Architecture platform.
Electronic downloads
- jwerner%20mothis%202008.pdf · application/pdf · 469 kbytes
| Citation formats |
- HTML
Jan Werner, Bradley Malin, Yonghwan Lee, Akos Ledeczi, Janos Sztipanovits. <a href="http://www.truststc.org/pubs/469.html" >Integration of Clinical Workflows with Privacy Policies on a Common Semantic Platform</a>, 2nd International Workshop on Model-Based Design of Trustworthy Health Information Systems, September, 2008.
- Plain text
Jan Werner, Bradley Malin, Yonghwan Lee, Akos Ledeczi, Janos Sztipanovits. "Integration of Clinical Workflows with Privacy Policies on a Common Semantic Platform". 2nd International Workshop on Model-Based Design of Trustworthy Health Information Systems, September, 2008.
- BibTeX
@inproceedings{WernerMalinLeeLedecziSztipanovits08_IntegrationOfClinicalWorkflowsWithPrivacyPoliciesOnCommon, author = {Jan Werner and Bradley Malin and Yonghwan Lee and Akos Ledeczi and Janos Sztipanovits}, title = {Integration of Clinical Workflows with Privacy Policies on a Common Semantic Platform}, booktitle = {2nd International Workshop on Model-Based Design of Trustworthy Health Information Systems}, month = {September}, year = {2008}, abstract = {Abstract. As healthcare organizations (HCOs) migrate to electronic systems, they must ensure compliance with complex data protection legislation, such as the Health Insurance Portability and Accountability Act (HIPAA). Legislation specifies rules that must be enforced, but regulatory language is often imprecise, forcing HCOs to define local policies and procedures, as well as specific enforcement technologies. It is difficult for HCOs to ensure requirements are correctly translated across the enterprise, a problem compounded by the constant growth and evolution of deployed information technology (IT), such as clinical information systems (CISs). The consequence is HCOs frequently rely on ad hoc IT configurations, which are unverified and potentially conflict with an HCO‟s policy. Thus, it is crucial to develop (1) formal and computable representations of rules and requirements in data protection legislations, and (2) CISs that automatically enforce such specifications. This paper introduces a solution to these challenges by integrating HIPAA policy rules with a domain-specific model-integrated computing suite, tailored to the clinical enterprise. We present a detailed description of the policy-modeling process, the enforcement mechanism, and illustrate how to implement several policies, including mandatory access control and emergency access. All policies are formally specified through Prolog, but their enforcement is dependent on when their compliance can be evaluated. Static policies are enforced at design-time by mapping them to the structural constraints of system models. In contrast, dynamic policy rules, enforced at run-time, are loaded into a Prolog-based Policy Decision Point and Policy Enforcement Point, our extension to the standard SOA execution platform, which controls access to all services reliant upon protected health information. All models are sufficiently rich for integrating a CIS on a standard Service Oriented Architecture platform.}, URL = {http://www.truststc.org/pubs/469.html} }
Posted by Jan Werner on 18 Sep 2008.
For additional information, see the
Publications FAQ or
contact webmaster at www truststc org.
Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.