integrating attribute-based access control with fhir for

Integrang Aribute-Based Access Control with FHIR for Privacy Preserving Health Data Disclosure Mustafa Al Lail and Subhojeet Mukherje Colorado State University Computer Science Department

Upload: others

Post on 19-Jun-2022

4 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

Page 1: Integrating Attribute-Based Access Control with FHIR for

Integrating Attribute-Based Access Control with FHIR for Privacy Preserving Health Data Disclosure

Mustafa Al Lail and Subhojeet Mukherje

Colorado State UniversityComputer Science Department

Page 2: Integrating Attribute-Based Access Control with FHIR for

Motivating Scenario

Patient2: a highly visible politician

Patient1: a former drug addict

Policy: don’t share my drug use info.

Policy: release my treatment data one a yearly basis only

Researcher1: HIPAA compliant studying the effectiveness of a drug on hepatitis C.

Request : get me patient’s drug history and symptoms for every month.

Institute1

Policy: release patient data to HIPAA compliant researchers

Institute2

Policy: release statistics (no less than 10 patients) to researchers.

Doctors

Page 3: Integrating Attribute-Based Access Control with FHIR for

The approach integrates the following technologies: 1. Attribute-Based Access Control(ABAC)

2. eXtensible Access Control Markup Language(XACML) An OASIS standard XACML components:

Policy language to specify access rules Request/response protocol to query and evaluates user access request

against policies Reference architecture for deployment

3. Fast Healthcare Interoperability Resources (FHIR) Next generation standards framework for storing and

disseminating health data.

4. IRB authentication protocol

Approach

Page 4: Integrating Attribute-Based Access Control with FHIR for

Approach

Attribute-Based Access Control

XACML Policy Structure

Page 7: Integrating Attribute-Based Access Control with FHIR for

XACML Policy Language Model

Page 8: Integrating Attribute-Based Access Control with FHIR for

Institute1Policy Set

Page 9: Integrating Attribute-Based Access Control with FHIR for

Policy1

Page 10: Integrating Attribute-Based Access Control with FHIR for

XACML Request

Page 11: Integrating Attribute-Based Access Control with FHIR for

XACML Response

Page 12: Integrating Attribute-Based Access Control with FHIR for

IRB Authentication Protocol

IRB Sever

PEP

(1) Request (fills forms + Purpose (GET,POST,PUT etc))

(2) [H(SK,token,PURPOSE),token)]

Researcher

(3) [H(H(SK,token,Purpose),nonce), token,nonce], Request (Purpose)

Page 13: Integrating Attribute-Based Access Control with FHIR for

Implementation Solution Architecture

WSO2 Identity Sever

PDPPAP

PEP PIP

FHIR Sever

Health Data Database

Page 14: Integrating Attribute-Based Access Control with FHIR for

• Demo

Page 15: Integrating Attribute-Based Access Control with FHIR for

We investigated the integration of ABAC, XACML, IRB, and FHIR to preserve the privacy of patients.

Developed the skeleton of a proof of concept prototype implementation

So far, the approach is feasible. Different kinds of policies and requests

Summary

Page 16: Integrating Attribute-Based Access Control with FHIR for

Integrating services: Applying the approach to different policies Studying the usability and performance

Dissemination of the work Journal Article FHIR Code-A-Thon competition April 1-2, 2016

Future Work

Page 17: Integrating Attribute-Based Access Control with FHIR for

Thank you for listeningQA session & discussion

Colorado State UniversityComputer Science Department

Integrating FHIR Support for OpenMRS · CDA does documents. FHIR does both, plus REST and service models. HL7 V2 Vs. CDA Vs. FHIR Contd. •Extensibility –V2 offers Z segments whose

My Care Guide iOS appbucket.hl7.org/events/fhir/roundtable/2017/presentations/... · 2018. 10. 18. · HL7 FHIR® for Care Planning •FHIR v3.0, SMART on FHIR app •Built on the

OLIS HL7 FHIR Interface Implementation Guide for FHIR ... · OLIS HL7 FHIR Interface Implementation Guide for FHIR North Connectathon Version: draft 2017-04-26

Fhir your applications

Integrating Xtext and JavaRAG: Using an attribute grammar ...lup.lub.lu.se/student-papers/record/8884258/file/8884259.pdf · Integrating Xtext and JavaRAG: Using an attribute grammar

SQL on FHIR - FHIR DevDays

FHIR Parser

FHIR Genomics - Health Level Seven International Presentations/FHIR... · 2019. 2. 27. · FHIR Genomics and Connectathon Projects Demonstrated the feasibility of integrating a cloud-based

FHIR Developer Days 2015. Study on db implementations for FHIR server

FHIR RDF in Action - Home - FHIR DevDays€¦ · fhir.schema.org –Potential Use Cases •Provenance for FHIR Narrative Text •HTML FHIR Interchange Format •Markup for personal

Integrating the Healthcare Enterprise...Integrating the Healthcare Enterprise 5 IHE PCC Technical Framework Supplement 10 Query for Existing Data for Mobile (QEDm) HL7 ® FHIR Release

FHIR DevDays 2015 - introduction to FHIR

FHIR®-PIT Pilot Interoperability Testbed · 2019-03-18 · More FHIR® Starters and FHIR®-PIT Services Coming Soon! •Network of FHIR®-PITs where interoperability between organizations

HL7 FHIR DevDays - Home - FHIR · HL7 FHIR DevDays Program, speakers and registration: Save the date. Validate a resource

Security on FHIR - FHIR DevDays€¦ · Hospital system with a web-based EHR Patient-facing FHIR app Poorly-implemented SMART- on -FHIR Server RECON ... Open-Source reconnaissance

FHIR Documents - FHIR DevDays · FHIR Documents •Position: FHIR is the document future •Call to action: •Define, document, and promote a future where clinical documents and

Trifolia-on-FHIR · Trifolia-on-FHIR 3 / 26 Welcome Trifolia-on-FHIR is a FHIR resource editor that uses a FHIR server natively as its back-end. All STU3-compliant FHIR servers work

Learning HL7 FHIR Using the HAPI FHIR Server and Its Use

FHIR%–SPARKING% INNOVATION INHEALTH% … · FHIR%will%benefit%clinicians,%healthcare%executives,%implementersand% informed%patients FHIR%APIswill%future Nproof%your organisation

FHIR IN GLOBAL HEALTH - UW FHIR Interest Group · Ian Bacher, Brown University, OpenMRS FHIR Squad Developer Hamish Fraser, Brown University, OpenMRS Bett, AMPATH Kenya, OpenMRS FHIR

Integrating the Healthcare Enterprise · FHIR ® 1. Open Issues. 1. See question about use of Provenance Resource for reconciliation – what is queried? See FHIR Gforge tracker issue

FHIR and HSPC Meeting July 7 Grahame Grieve. Agenda: DCMs and FHIR Strategy for representing DCM content in FHIR – How do DCMs fit within the FHIR strategy/objectives?

Integrating the Healthcare Enterprise · 7/21/2017 · • Profile and constrain the FHIR Patient Resource • Use of FHIR operations to constrain returned values • Create an IHE

MAP CDA to FHIR and Back - FHIR DevDays

FHIR tutorial - Afternoon

Easy FHIR Persistence with FireKit for iOS - FHIR DevDays · Summary •FireKit •Provides a Realm-ready FHIR DSTU2 spec •Easily update and delete complex FHIR models in Realm

Introduction to FHIR & SMART · FHIR serves two technical roles in healthcare IT FHIR as an API specification FHIR as a data model

FHIR Documents · 2019-12-10 · 1 Agenda FHIR Documents t core components Document Profiling FHIR Exchange Patterns CDA and FHIR Documents Document Metadata / IHE XDS Documents v

FHIR DEV HL7V2 CDA CDA and FHIR track CLIN Clinical track ... · FHIR Profi ling Michel Rutt en SMART on FHIR Josh Mandel StructuredDataCapture (SDC) ... HL7® FHIR® DEVELOPER DAYS

Creating an event management service using HL7 FHIR · •Validate the FHIR Bundle using the FHIR reference server •Persist the FHIR Bundle in the FHIR repository •Return outcome

FHIR & Ice

Wado and FHIR

FHIR Profiles

SIMPLIFIER.NET VONK FORGE FHIR-API · 2020-03-02 · FHIR Training & Workshops FHIR Overview FHIR Profiling FHIR Advanced Also on-site training & workshops FHIR Services Architecture

FHIR In India - FHIR DevDays