Health care privacy and collaboration
With the introduction of Electronic Health Records (EHR) sensitive medical information is now available online. As a result, unauthorized access represents a serious privacy infringement risk. Ensuring this data is available to the right parties, while protecting patients from privacy infringements is a clear case for context-aware access control.
eHealth services depend on privacy protection
Confidentiality in eHealth systems is dependent on sensitive personal information being managed with constraints based on the purpose of use. As a patient you expect your physician to have access to reliable data in order to make qualified decisions about your health and any planned treatment. However, beyond the scope of treatment and care, you will be less inclined as a patient to accept disclosure of EHR data. Medical staff partially involved in your treatment may need partial access to your files whereas staff members of the clinic who have no professional relation to you should not have access to your details.
Regulatory compliance and privacy
Health care regulations grant individuals the right to register consent declarations or to block parts of their EHR data or prescription history which they find irrelevant in a given situation. Consents may therefore also impact pharmacists. Furthermore, legislators mandate strict privacy protection that will not impact efficient care in emergency situations.
The key to success lies in the ability of software solutions to adequately filter out sensitive information which, in a given context, is irrelevant to a particularly user case or purpose.
This is simply not achievable with old, static access control models. They are unable to capture context-related aspects and therefore do not provide the capabilities needed. Extensible authorization based on the XACML standard enables fine-grained access control allowing multi-dimensional filtering of data to be displayed to end-users. It is therefore ideal for eHealth related use cases.
Axiomatics in eHealth infrastructures
Axiomatics extensible authorization is used to enforce patient privacy legislation in national eHealth programs. Solutions from Axiomatics are also used to protect the privacy of individuals in single applications that process EHR data.