article

Towards the security and privacy analysis of patient portals

Authors:

Janos L. Mathe,

Sean Duncavage,

Bradley A. Malin,

Janos SztipanovitsAuthors Info & Claims

ACM SIGBED Review, Volume 4, Issue 2

Pages 5 - 9

https://doi.org/10.1145/1295464.1295467

Published: 01 April 2007 Publication History

Abstract

Clinical information systems (CIS) significantly influence the quality and efficiency of health care delivery. However, CIS are complex environments that integrate information technologies, human stakeholders, and patient-specific data. Given the sensitivity of patient data, federal regulations require healthcare providers to adopt policy, as well as technology, protections for patient data. Ad hoc system design and implementation of CIS can cause unforeseen and unintended privacy and security breaches. The introduction of model-based design techniques combined with the development of high-level modeling abstractions and analysis methods provide a mechanism to investigate these concerns by conceptually simplifying CIS without losing expressive power. This work introduces the Model-based Design Environment for Clinical Information Systems (MODECIS) - a graphical design environment that assists CIS architects in formalizing CIS systems as well-defined services. MODECIS leverages Service-Oriented Architectures to create realistic system models at an abstract level. By modeling CIS using abstractions, we enable the analysis of legacy architectures, as well as the design and simulation of, future CIS. We present the feasibility of MODECIS via modeling certain functions, such as the authentication process of the MyHealth@Vanderbilt patient portal.

References

[1]

{1} Davies NM. Healthcare Information and Management Systems Society: The ROI of EMR-EHR: Productivity Soars, Hospitals Save Time and, Yes, Money. HIMSS Journal. 2006.

[2]

{2} U.S. Department of Health and Human Services. Standards for privacy of individually identifiable health information; Final Rule. Federal Register, 2002 Aug 12; 45 CFR: Parts 160-164.

[3]

{3} U.S. Department of Health and Human Services, Office for Civil Rights. Standards for protection of electronic health information; Final Rule. Federal Register, 2003 Feb 20; 45 CFR: Pt. 164.

[4]

{4} Masys D, Baker D, Butros A, Cowles KE. Giving patients access to their medical records: the PCASSO experience, J Am Med Inform Assoc. 2002; 9(2): 181-91.

[5]

{5} A. Yanchuk, A. Ivanyukovich, M. Marchese: "Towards a Mathematical Foundation for Service-Oriented Applications Design", http://www.science.unitn.it/~marchese/pdf/Towards_SOAD_ JoS_06.pdf

[6]

{6} B. Portier: "SOA terminology overview, Part 1: Service, architecture, governance, and business terms", http://www-128.ibm.com/developerworks/library/ws-soa-term1/index.html

[7]

{7} B. Portier: "SOA terminology overview, Part 2: Development processes, models, and assets", http://www-128.ibm.com/developerworks/library/ws-soa-term2/index.html

[8]

{8} OASIS: "Web Services Business Process Execution Language (WSBPEL) TC", http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wsbpel

[9]

{9} G. Karsai, J. Sztipanovits, A. Ledeczi, and T. Bapty, "Model-integrated development of embedded software," Proceedings of the IEEE, vol. 91, no. 1, pp. 145-164, Jan. 2003.

[10]

{10} Kawamoto K, Lobach D. Proposal for fulfilling strategic objectives of the U.S. roadmap for national action on decision support through a service-oriented architecture leveraging HL7 services. J Am Med Inform Assoc. 2007; 14: 146-55.

[11]

{11} R. Hamadi, B. Benatallah: "A Petri Net-based Model for Web Service Composition", http://crpit.com/confpapers/CRPITV17Hamadi.pdf

Digital Library

[12]

{12} F. van Breugel, M. Koshkina: "Models and Verification of BPEL", http://www.cse.yorku.ca/~franck/research/drafts/tutorial.pdf

[13]

{13} Oracle BPEL Process Manager, http://www.oracle.com/technology/products/ias/bpel/index.ht ml

[14]

{14} M. Alam, R. Breu, M. Hafner, "Modeling permissions in a (U/X)ML world," in Proc. First International Conference on Availability, Reliability and Security, pp. 685-692, April 2006.

Digital Library

[15]

{15} B. Malin and L. Sweeney, "How not to protect genomic data privacy in a distributed network: using trail reidentification to evaluate and design anonymity protection systems," Journal of Biomedical Informatics, vol. 37, no. 3, pp. 179-192, Feb 2004.

Digital Library

[16]

{16} G. Karsai, A. Agarwal., F. Shi, and J. Sprinkle, "On the use of graph transformation in the formal specification of model interpreters," Journal of Universal Computer Science, vol. 9, no. 11, pp. 1296-1321, Nov 2003.

Cited By

Mirkovic JBryhni H(2013)Development, Integration, and Deployment of Mobile Information Services in HealthcareIntegrated Information and Computing Systems for Natural, Spatial, and Social Sciences10.4018/978-1-4666-2190-9.ch012(242-261)Online publication date: 2013
https://doi.org/10.4018/978-1-4666-2190-9.ch012
Bestick ARatliff LYan PBajcsy RSastry SSastry SBaşar TBushnell LRohrbough L(2013)An inverse correlated equilibrium framework for utility learning in multiplayer, noncooperative settingsProceedings of the 2nd ACM international conference on High confidence networked systems10.1145/2461446.2461449(9-16)Online publication date: 9-Apr-2013
https://dl.acm.org/doi/10.1145/2461446.2461449

Index Terms

Towards the security and privacy analysis of patient portals

Recommendations

Research on Countermeasures of Patient Privacy Protection
ICCIS '13: Proceedings of the 2013 International Conference on Computational and Information Sciences

With the deepening of the health system reform as well as the people's legal concepts and self-protection awareness enhanced, patients tend to put on increasingly high value on the quality of medical care. How to ensure the quality of medical treatment ...
Patient portals: Anytime, anywhere
BIBM '15: Proceedings of the 2015 IEEE International Conference on Bioinformatics and Biomedicine (BIBM)

Patient portal is a secure online application which allows patients to have access to their personal health information via Internet around the clock. Patients can view their recent visit information, medications, labs and exams, doctor appointments and ...
Protection of Patient's Privacy and Data Security in E-Health Services
BMEI '08: Proceedings of the 2008 International Conference on BioMedical Engineering and Informatics - Volume 01

E-Health involves new forms of patient-physician interaction and poses new ethical challenges and threats to patient privacy. This paper reviews Health On the Net Foundation Code of Conduct (HONcode) accredited e-Health websites that provide online ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGBED Review

ACM SIGBED Review Volume 4, Issue 2

Special issues on the NSF team for research in ubiquitous secure technology (TRUST) project reports

April 2007

9 pages

EISSN:1551-3688

DOI:10.1145/1295464

Issue’s Table of Contents

Copyright © 2007 Authors.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 April 2007

Published in SIGBED Volume 4, Issue 2

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 07 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Mirkovic JBryhni H(2013)Development, Integration, and Deployment of Mobile Information Services in HealthcareIntegrated Information and Computing Systems for Natural, Spatial, and Social Sciences10.4018/978-1-4666-2190-9.ch012(242-261)Online publication date: 2013
https://doi.org/10.4018/978-1-4666-2190-9.ch012
Bestick ARatliff LYan PBajcsy RSastry SSastry SBaşar TBushnell LRohrbough L(2013)An inverse correlated equilibrium framework for utility learning in multiplayer, noncooperative settingsProceedings of the 2nd ACM international conference on High confidence networked systems10.1145/2461446.2461449(9-16)Online publication date: 9-Apr-2013
https://dl.acm.org/doi/10.1145/2461446.2461449

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents