Personally Identifiable Information (PII) with related sensitive health care data is increasingly being maintained in electronic records. This means PII data can be made available, reproduced and transferred with more ease than ever before. Legislation in many countries is being adapted to secure trust in institutions, to meet the confidentiality and privacy concerns that are being raised.

This paper discusses Personally Identifiable Information (PII) and privacy concerns in the context of EHR processing, reviews differences and similarities in some examples of legislative frameworks, and draws some conclusions regarding the requirements on information security and authorization and access control models. Attribute Based Access Control (ABAC) based on the XACML standard is identified as an ideal approach.

Key Takeaways:
  • Why dynamic, fine-grained and context-aware authorization techniques are necessary from an authorization requirement point of view.
  • How ABAC can help organizations meet health care privacy regulations.