Data sharing about Electronic Health Records (EHRs) across healthcare organizations is still a challenging task due to compliance requirements with regulatory policies that can vary across states and countries, and organizations' internal business requirements. Even when adopting the same regulatory policies, each organization can interpret and implement these policies and requirements differently in its internal IT environments. This paper proposes a compliance-aware data management solution for EHR systems. It allows healthcare organizations to define their own security and regulatory compliance requirements for accessing and sharing healthcare data, and enables policy enforcement while sharing data with other organizations. The policy requirements are expressed in form of business processes that govern the access and sharing of data between people and systems. The business process operations are mapped into low-level operations on internal and remote record stores and policy enforcement points. We have implemented the prototype system that supports the proposed approach and integrated it with an open source electronic medical record system called OpenMRS, using which we have defined and enforced some real-world regulations and organizations' policies for data sharing.

Compliance aware cross-organization medical record sharing

Stevovic, Jovan;Casati, Fabio;
2013-01-01

Abstract

Data sharing about Electronic Health Records (EHRs) across healthcare organizations is still a challenging task due to compliance requirements with regulatory policies that can vary across states and countries, and organizations' internal business requirements. Even when adopting the same regulatory policies, each organization can interpret and implement these policies and requirements differently in its internal IT environments. This paper proposes a compliance-aware data management solution for EHR systems. It allows healthcare organizations to define their own security and regulatory compliance requirements for accessing and sharing healthcare data, and enables policy enforcement while sharing data with other organizations. The policy requirements are expressed in form of business processes that govern the access and sharing of data between people and systems. The business process operations are mapped into low-level operations on internal and remote record stores and policy enforcement points. We have implemented the prototype system that supports the proposed approach and integrated it with an open source electronic medical record system called OpenMRS, using which we have defined and enforced some real-world regulations and organizations' policies for data sharing.
2013
Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013
AA. VV.
New York
IEEE
9783901882517
Stevovic, Jovan; Casati, Fabio; B., Farraj; Li, J.; H. R., Motahari Nezhad; G., Armellin
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/100716
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 7
  • ???jsp.display-item.citation.isi??? 5
  • OpenAlex ND
social impact