Achieving RBAC on RESTful APIs for Mobile Apps using FHIR
|
|
- Cynthia Dalton
- 5 years ago
- Views:
Transcription
1 2017 5th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering Achieving RBAC on RESTful APIs for Mobile Apps using FHIR Yaira K. Rivera Sánchez, Steven A. Demurjian, & Mohammed S. Baihan Department of Computer Science & Engineering University of Connecticut Storrs, CT, USA {yaira.rivera, steven.demurjian, Abstract Health Information Exchange (HIE) provides a more complete health record of an individual that improves patient care with relevant data gathered from multiple health information technology (HIT) systems. In support of HIE, the Health Level Seven (HL7) XML standard was developed to manage, exchange, integrate, and retrieve electronic health information. In 2011, HL7 began drafting a next-generation standard, Fast Healthcare Interoperable Resources (FHIR), to facilitate the development and interaction of mobile health (mhealth) apps, HIT data sharing, and common format for information modeling. FHIR is based on RESTful APIs and supported by a FHIR server infrastructure that facilitates the exchange in a cloud computing setting. FHIR while possessing a security specification, has yet to define and identify actual security mechanisms for secure data exchange via RESTful API calls. In this paper, we incorporate role-based access control (RBAC) into FHIR to support the ability to control access of who can call which services of FHIR RESTful APIs that manage sensitive healthcare data. The work is demonstrated utilizing a mhealth application that communicates with the OpenEMR electronic health record via the HAPI FHIR server. Keywords- access control; data management; Fast Interoperable Healthcare Resources (FHIR); healthcare systems; interoperability; mobile applications; role-based access control (RBAC) I. INTRODUCTION The transition from paper-based to electronic health records (EHRs) has greatly increased in the past decade with eight out of ten physicians in the U.S. utilizing EHRs in their practices [1]. Despite this progress, there is still a need for a significant next step to allow patients and medical providers to easily access healthcare data that is distributed across multiple EHRs and other health information technology (HIT) systems. To support these actions, health information exchange (HIE) for the interoperation across sources has the potential to reduce healthcare data expenses where healthcare institutions could save up to $77.8B in the U.S. [2]. In addition, the Office of the National Coordinator (ONC) issued a report [3] in 2015 on certification rules for EHRs that has required that HIT vendors develop RESTful APIs for EHRs and other systems so that patients and medical providers using mobile health (mhealth) applications (apps) can easily access their healthcare data from multiple sources. In order to provide the sharing and exchange of information, healthcare standards have been developed including: Health Level Seven (HL7) v3 [4], which is a standard to manage, exchange, integrate, and retrieve electronic health information; and, the Digital Imaging and Communications in Medicine [5] standard for distributing and viewing medical images. In 2011, HL7 introduced the first draft of the Fast Healthcare Interoperability Resources (FHIR) specification designed to enable interoperability and integration with the newest and adopted technologies by the industry with a particular focus on making healthcare data in different EHRs/HIT systems easily available to mhealth apps via RESTful APIs in the cloud. FHIR has a set of security requirements [6] that identifies the major topics (communications security, authentication, authorization, access control, auditing, digital signatures, etc.). However, FHIR lacks concrete mechanisms that would be capable of controlling access to the services of RESTful APIs that contain sensitive healthcare data stored in the cloud. Access control mechanisms are regularly utilized to secure highly sensitive data in order to determine which information each user can access/store in a particular system, with the proviso that disclosing the wrong information could lead to serious consequences [7]. The three dominant access control models [8] to achieve this are: role-based access control (RBAC); discretionary access control (DAC); and, mandatory access control (MAC). Our previous work focused on an initial effort on authentication requirements for mobile apps [9] that was expanded to define an approach for rolebased access control (RBAC) for mobile computing [10]. The work in this paper builds off of [9,10] to incorporate RBAC into the FHIR standard and its infrastructure, to allow a mhealth app that is FHIR-compliant to exchange healthcare data that is in the cloud with multiple EHRs/HIT systems. This will be achieved by defining on a role-by-role basis, the subset of the FHIR RESTful API services that are available to users of a mhealth app, to intercept calls that are not allowed, thereby prohibiting access to the sensitive healthcare data associated with those calls. We incorporate RBAC into the FHIR architecture and demonstrate its actual inclusion via the HAPI FHIR reference implementation [11] that includes the HAPI FHIR library and open-source implementation of the FHIR specification in Java. The HAPI FHIR reference library contains several features that we take advantage of in order to intercept the FHIR server to allow the service calls that the mhealth app makes against the RESTful API service calls to be checked against defined RBAC policies. The remainder of the paper has four sections. Section II reviews background and related work. Section III presents a set of proposed modifications to incorporate RBAC into the FHIR specification and its realization within the HAPI FHIR reference implementation. To demonstrate the inclusion and realization of RBAC for a mhealth app within HAPI FHIR, /17 $ IEEE DOI /MobileCloud
2 Section IV provides an implementation of the proposed approach by using the Connecticut Concussion Tracker (CT 2 ) mhealth app and the OpenEMR HIT system [12]. Finally, Section V concludes the paper and discusses ongoing work. II. BACKGROUND AND RELATED WORK In this section, we review background and related work. For background, we discuss: role-based access control; and, FHIR and its Resources, RESTful API, and the HAPI FHIR reference implementation library. For related work, we examine and contrast to our work three existing approaches [13, 14, 15] with proposed security mechanisms for FHIR. Access control is a security process and mechanism that allows user requests to be granted or denied against the resources (objects) of a system or app, while authorization is the process that is specifically associated with allowing or denying access to a resource (object). The security specification of FHIR [6] requires that an implementation of FHIR embraces communications security, authentication, authorization, access control, auditing, digital signatures, etc., for usage in real-world situations. The FHIR security specification [6] also identifies two approaches that can be applied within the authorization layer of FHIR, namely, rolebased access control (RBAC) [16] and attribute-based access control (ABAC) [17]. In RBAC, users are assigned roles and each role contains different permissions, which contain the policies of which operations and objects a user with a particular role can have access to. ABAC, a context-aware approach, considers the user s responsibilities and places users in groups/roles based on attributes. For the purposes of this paper, we focus on applying RBAC to FHIR resources, to authorize which services of the RESTful APIs are available on a role-by-role basis for users of a mhealth app. FHIR is a standards framework created by HL7 with the intention of providing easier and quicker implementation of interoperability in healthcare systems to facilitate access of mhealth apps to healthcare data in the cloud as stored in multiple EHRs/HIT systems. One of the main goals of FHIR is to represent the entities and procedures in healthcare as resources [18]. These are classified into six sections which represent pieces of data (e.g., Patient, Condition) such as the entities involved in the care process (e.g., patients demographics) and the healthcare process itself (e.g., management of a patient s appointment). There are approximately ninety resources that can be utilized to map data from a healthcare system and the implementers of these resources claim that more resources will be added in a future [19]. The available resources can be accessed through the means of a RESTful API, which allows to connect healthcare interfaces with data sources that exist in the cloud. Different from SOAP (Simple Object Access Protocol) [20], which has been the dominant approach to manage web services interfaces over the past years and it is utilized in HL7 v2, RESTful APIs are easier to understand and to implement as they rely on HTTP and on Create, Read, Update, and Delete (CRUD) operations to develop services. One popular open-source library that implements FHIR specification is the HAPI FHIR reference implementation [11]. HAPI FHIR was developed in the Java programming language and offers the features of FHIR in addition to other features such as the ability to intercept the server (by using Java servlets [21]) that processes the user s requests. This intercepting feature is critical to support our interception of RESTful API calls in order to check RBAC security permissions to prevent unauthorized access to services that have not been assigned to a given role for a mhealth app. The FHIR standard is in a drafting phase, as the specification evolves over time. Nevertheless, there are a number of efforts that have appeared to address the way that security in FHIR could be realized. The first effort [13] applied FHIR to the AidIT mhealth app for patients, doctors, and pharmacists in order to demonstrate the way that a mhealth app can be integrated with the FHIR server side. The AidIT app can be utilized by users who have different privileges, uses QR codes to secure the data, and includes an RBAC mechanism to apply security policies to CRUD actions. The access control model is enforced within the user interface of the mobile app by only showing the components (buttons and tabs) that can be accessed according to a user s role. This approach does not enforce access control via FHIR and the RESTful API services, but focuses on programmatic changes to the AidIT mhealth app making reuse of the approach problematic for other mobile apps. Our proposed RBAC approach assigns RESTful based API services by role realized within the library utilized to implement FHIR. As a result, our approach is applicable to any mhealth app accessing RESTful API FHIR services to be controlled by RBAC, and is reusable without needing to modify app code. The second effort [14] applies FHIR to a health monitoring system of vital signs (blood pressure, blood sugar, etc.) for patients in cardiac rehab and for elderly with chronic diseases. The effort collected information using the Observation FHIR resource for 68 patients and nearly 2000 data points. However, despite the work acknowledging the need to support security, this was a subject for future work. The third approach SecFHIR [15] presented a security specification model on FHIR resources represented using XML or JSON schemas. The work on SecFHIR defined permissions on schemas, which implicitly specify the permissions on the corresponding XML instances; this is contrary to the ONC [3] effort to have RESTful APIs for healthcare data availability. Our focus on applying RBAC at the role/restful API level means that our policies are applicable regardless of the actual data format. Our work also does not need to add permission tags that would impact the FHIR resource standard schemas for XML and JSON. III. ROLE-BASED ACCESS CONTROL IN FHIR This section presents a set of proposed modifications to incorporate RBAC into the FHIR specification and its realization, in a general sense, within the HAPI FHIR reference implementation in three parts. In Section III.A, the 140
3 FHIR security specification is briefly reviewed to describe its current status and the way that our RBAC approach can be incorporated to control access to RESTful API services. Section III.B reviews the HAPI FHIR reference implementation capabilities with a focus on the intercepting process that can support our RBAC approach. Section III.C explains the integration of the concepts from Section III.A and Section III.B via the FHIR HAPI library that incorporates RBAC into our RBAC Server Interceptor. A. The FHIR Security Specification The FHIR security specification does not yet include explicit security capabilities, but does deliver different exchange protocols and models that could be utilized with security policies created by an organization [6]. To handle security, FHIR suggests several points including: securing data exchange with TLS/SSL (e.g., HTTPs); authenticating users with an authentication method (e.g., OAuth); and utilizing digital signatures. In addition, FHIR defines security labels to support access control management. The security labels were done with the purpose of restricting access on resources based on security policies established by security administrators of the data that is being exchanged. Nevertheless, there is very little documentation on the way that role-based access control policies could be both defined and enforced through the means of these labels. In addition of suggesting security labels, the FHIR security specification provides a notion of where security needs to be placed in the logical layout of a system in order to handle users, user authentication, and user authorization. The FHIR security specification also assumes that a security system exists and that is positioned before or after the FHIR API [6]. Fig. 1 shows three possible scenarios on the locations where a security system can be deployed on the logical layout of a system. Basically the layout is composed of clients, of a client (mhealth) app, of data sources (EHRs and other HIT systems), and of FHIR layers. The first scenario applies security mechanisms between two layers of FHIR where the first layer would be a security system. The second scenario places security on the client application. Lastly, the third scenario places security server-side [6]. For the purposes of this paper we focus on applying RBAC by using a similar idea to the one exposed in the first scenario. In the rest of the paper, we make two assumptions: a mobile app needs to obtain information from one or more data sources (e.g., EHRs or HITs) which are connected by a cloud server; and, a cloud server that connects the mobile app with the data sources is a FHIR sharing infrastructure. B. The HAPI FHIR Server Interceptors Our proposed approach consists on incorporating RBAC into FHIR at specification and implementation levels so that all of the clients and HITs/EHRs that utilize the HAPI FHIR library to implement the FHIR specification can take advantage of the added access control capabilities. Currently, two popular third party FHIR reference implementations are available that allow implementers to adopt the FHIR specification in practice the HAPI FHIR reference implementation for Java [11] and the Swift FHIR reference implementation for ios/os X [22]. Note that there are also many other open source reference implementations [23]. We chose HAPI FHIR since there are many samples of creating FHIR servers and clients in a quick manner and its library contains the ability to intercept the FHIR server before a request is processed and after the request has been processed in order to add access control to the user s request and/or to the server s response (see Section II). Note that even though HAPI FHIR offers this intercepting feature, the developer is responsible of creating the security model, policies, and enforcement process realized via the interceptors. Specifically, we demonstrate the way that the interceptor class can be generalized to reuse our RBAC approach for intercepting API calls with other cloud frameworks. HAPI FHIR offers several server interceptor functions [24] that allow developers to perform actions on the user s request before it is executed and after its execution (before the response is delivered to the user). The main interceptors the library provides are: the incomingrequestpreprocessed interceptor which can be called before the request is processed; the incomingrequestpostprocessed interceptor which can be called once the request is classified (URL and request headers are examined in order to know this); the incomingrequestprehandled interceptor which can be called once the request has been handled; and, the outgoingresponse interceptor, which can be called after the operation is handled but before the response is returned. In addition to these interceptor functions, HAPI FHIR developers are in the process of implementing authentication and authorization interceptors [25]. The authorization interceptor attempts to apply security to FHIR by creating a set of rules via rule-based access control within the function and utilize if/else statements in order to whitelist/blacklist requests. In our case, instead of utilizing rule-based access control, our approach involves the use of RBAC. Further, instead of modifying the code of the intercepting function every time we want to add/modify a permission to/in the policy (e.g., change a role or a permission on a role), we implement an RBAC interceptor function one time that consults permission and privilege definitions by role in a database. When changes to the security policies stored in a repository are made, the RBAC interceptor function will continue to work to check intercepted RESTful API calls. Fig. 1. Security system placement in deployment architecture [6]. 141
4 C. Proposed RBAC Server Interceptor This section introduces the proposed RBAC Server Interceptor Architecture in Fig. 2 that is used to evaluate which FHIR resources users are allowed to access by role via the corresponding FHIR RESTful API. When the client makes a request using the client application, this request will be handled by a FHIR server. The FHIR server is implemented with the HAPI FHIR reference implementation library with programmatic access to the server interceptor class. Fig. 3 has pseudocode of our RBAC approach as implemented within the incomingrequestpostprocessed function available in HAPI FHIR; this is essentially the RBAC Interceptor function discussed in Section III.B. Fig. 3 rewrites HAPI s incomingrequestpostprocessed interceptor function to obtain details of the request (e.g., HTTP method used) and the resource that is being evaluated before an object can be obtained. In the function, we retrieve the authorization header passed with the request, which contains an access token that holds the user s id as well as his/her role and, we verify this token by calling an API service (line 3 of Fig. 3). If the user passes the role verification (the API service returns a value greater than 0), then the access control policies for the requested resource are retrieved with the use of an API service (line 6 of Fig. 3); otherwise, the function blocks the request from executing and returns an error message. The API service implemented to retrieve the security policies from the intercepting function consists of the following parameters: the HTTP method of the request (e.g., POST, GET, PUT, DELETE); the resource the user is trying to access; and, the role of the user (line 7 of Fig. 3). If the role of the user has access to the requested resource and the specific authorized CRUD service, the service will return true and the request will continue. Otherwise, the process will come to an end and the intercepting function will return an error message. To manage which resources a specific role can access we need to have an access control policy stored in a repository or database which we can then retrieve from the intercepting function to either block or allow the request. Basically, once the user s role has been verified we can access the specific permission we want to evaluate through the means of an API service as stated in the previous paragraph. The database would hold the roles for each user of each mhealth app along with the permissions for each role to each HIT system supported with the HAPI FHIR server; specifically, to track which services of which FHIR RESTful APIs for each HIT are authorized by role to a user of a particular mhealth app. Note that we are not considering the primary key as an essential field for our security policy since it is only used for indexing purposes. With that in mind the role_id field contains the available role ids in a system, the http_method field contains the HTTP methods available in the system (e.g., GET, POST), the resource_name field contains the resources that are available in the system, and the permission field establishes whether a user with a particular role has access to the HTTP method he/she requested of a specific resource. Sample access control policies will be provided in Section IV, Table 1. Fig. 2. Proposed RBAC Server Interceptor Architecture. Fig. 3. Proposed Access Control Approach within the incomingrequestpostprocessed function. IV. IMPLEMENTATION To evaluate the incorporation of RBAC into FHIR, the Connecticut Concussion Tracker (CT 2 ) mhealth app, database, and server are connected to an instance of OpenEMR [12] via HAPI FHIR. CT 2 is a collaboration between the Departments of Physiology and Neurobiology, and Computer Science & Engineering at the University of Connecticut and Schools of Nursing and Medicine in support of a new law passed in the state of Connecticut to track concussions of kids between ages 7 to age 19 in public schools (CT Law HB6722 [26]). The CT 2 app is for Android and ios devices and uses a FHIR server to manage its data, which is stored in an instance of OpenEMR [12] (accessed through a FHIR server as well and located in a cloud server). The CT 2 mhealth app utilizes the following four FHIR resources in order to create, read, and update subsets of the data (delete is not allowed in this app): Patient to track demographics and other basic information of patients (students that suffer concussions); Condition to track a medical condition, in our case a concussion; Observation to track symptoms of patients (students); and CarePlan to track the planned treatment for a condition (concussion). To begin, Fig. 4 shows the mapping of resources and the location of the RBAC server interceptor function within the FHIR instance of the CT 2 mhealth app. Note that each of the FHIR Resources (Patient, Condition, etc.) for both CT 2 and OpenEMR have a FHIR RESTful API with CRU services (no delete). We incorporate the RBAC server interceptor function as a security layer before the requested resource attempts to retrieve/insert/update data from the OpenEMR system, similar to the first option in Fig. 1 where the first FHIR layer consisted of a security layer. If the requested resource successfully passes the security checks in the server interceptor function, then the HAPI FHIR controller class of CT 2 will receive the request and send it to the appropriate OpenEMR FHIR resource class along with any parameters by using another instance of FHIR. In this case, both of our 142
5 FHIR instances were implemented using the HAPI FHIR library. Specifically, FHIR requires that information in the CT 2 database is mapped to/from FHIR resources and information in the OpenEMR repository is mapped to/from FHIR resources and, exchanged through shared resources via the CRUD FHIR APIs defined for each resource for both CT 2 and OpenEMR FHIR APIs. interceptor function is registered in the RestfulServer instance of the FHIR server, namely, on the CT 2 FHIR server, by making reference to the class by either calling registerinterceptor or setinterceptors. Fig. 4. CT2-OpenEMR FHIR Mapping. To determine the type of action a user of CT 2 can perform on these FHIR resources, we defined four roles: Nurse role which has access to all of the resources (CRU for CT 2 FHIR RESTful API) to manage a student s concussion incident from its occurrence to its resolution; Athletic Trainer (AT) role which is allowed to do a limited preliminary assessment if a concussion incident occurs at the event; Coach role which can report a concussion incident at an athletic event with very limited information on the student; and, Parent role which can report a concussion incident on his/her child while attending the athletic event or track the current status of his/her children that have ongoing concussions. Table 1 defines the permissions for CRU for all resources for all four roles. These policies are stored in a security policy database and will be accessed through the use of the RBAC server interceptor function incomingrequestpostprocessed which is part of the server interceptor class the HAPI FHIR library offers. Notice that in Table 1, a user with a Nurse role has access to all CRU services of all resources; at the other extreme, a Coach role is limited to reporting and reading the basic information on the concussion by having only access to CR for the Patient and Condition resources. The creation of the RBAC permissions to FHIR services by role in Table 1 allows fine-grained control of the FHIR RESTful APIs for the four Resources utilized by the CT 2 mhealth app. TABLE I. CRUD PERMISSIONS OF CT 2 FHIR RESOURCES. Resource/Role Athletic Trainer Coach Nurse Parent Patient C, R C, R C, R, U C, R, U Condition C, R C, R C, R, U C, R Observation C, R R C, R, U C, R CarePlan R R C, R, U R The pseudo code as given in Fig. 3 is transitioned to the RBAC server interceptor function given in Fig. 5: incomingrequestpostprocessed. This function is included within a class that extends the InterceptorAdapter class, which is part of the server interceptor feature HAPI FHIR offers. In addition, in order for the server to recognize that we want to utilize the intercepting class, the RBAC server Fig. 5. Contents of the incomingrequestpostprocessed function in the CT 2 FHIR Server. The CT 2 mhealth app was tested with two accounts: one for a user assigned the role of Nurse and the other for a user assigned the role of Coach. In the test, both the Nurse and the Coach users attempt to utilize the CT 2 mhealth app to update information on a student s concussion case (the UPDATE/PUT operation). However, as noted in Table 1, while Nurse has U access to a Patient resource, Coach does not. As a result, the Coach user s request fails since the permission U is not present in Table 1. Therefore, the incomingrequestpostprocessed function located within the CT 2 FHIR server java code will abort the execution of the request and return an error message to inform the user that he/she does not have permission to the requested resource as shown in the top image of Fig. 6. In the case of a user with a Nurse role, Table 1 shows that the role has U permission on the Patient resource meaning it has permission to update a patient, therefore, the request is performed successfully as shown in the bottom image of Fig. 6. Another situation that is also supported in the RBAC server interceptor function is if the user has managed to tamper his/her role in order to obtain more privileges. This action will be identified when the access token sent on the header is verified and will block any further execution of the request and send an error message to the user telling him/her that the user verification failed as shown in Fig. 7. Note that the RBAC server interceptor function can return error messages as either JSON or XML format (which are the formats that are available in FHIR to return the client a response). We utilized JSON since this is the format that the CT 2 mhealth app has for handling the user requests and responses. In addition, the requests shown on Figs. 6 and 7 were made with Postman [28] instead of doing these directly with the CT 2 mhealth app in order to present a clear view of the response the requests can have in different scenarios. V. CONCLUSION AND ONGOING WORK This paper has proposed a novel approach to support 143
6 RBAC security policies for mobile computing in a cloud setting incorporated into FHIR to facilitate information exchange between a mhealth app and multiple EHRs/HIT systems. The FHIR infrastructure in Section II defined Resources with CRUD RESTful APIs as a common format for exchange in the cloud. RBAC in Section III was defined and enforced for the FHIR RESTful API of each Resource, allowing a given user/role combination to be authorized to specific CRUD services of each Resource. The RBAC as defined for FHIR was then incorporated into an actual reference implementation of the FHIR specification utilizing the HAPI FHIR library in Section IV with the CT 2 mhealth app interacting with OpenEMR via FHIR. Our work provided an RBAC server interceptor that realized and enforced security on FHIR RESTful API services allowing real-time checks to determine if a user has permission to invoke a FHIR RESTful API service on a resource through the means of the server interceptor feature the HAPI FHIR library has. Fig. 6. JSON Response Messages from Interceptor. Fig. 7. JSON Response Disallowed Request. In terms of ongoing work, we are exploring the inclusion of MAC and DAC into the FHIR specification as realized in HAPI FHIR. To support this effort, we are clarifying the way that a user s identifier and role (and clearance level) can be generated and stored in an access token (e.g., JSON Web Token [28]) that is passed through the header of a request. In addition, we plan to test our approach with a mhealth app that obtains data from multiple data sources, since the CT 2 app only connects to one data source. Finally, we are exploring the generalization of our intercepting approach with HAPI FHIR in order to obtain a solution that can be utilized in other apps that implement FHIR. REFERENCES [1] D. Heisey-Grove and V. Patel, Any, certified, and basic: Quantifying Physician EHR adoption through 2014, Sep Retrieved from ified_vs_basic.pdf. [2] J. Walker, E. Pan, D. Johnston, J. Adler-Milstein, D.W. Bates, and B. Middleton, The Value of Health Care Information Exchange and Interoperability, Health Affairs, 24(2), pp , [3] Health and Human Services Department, 2015 Edition Health Information Technology Certification Criteria, 2015 Edition Base Electronic Health Record Definition, and ONC Health IT Certification Program Modifications, Mar Retrieved from [4] Health Level Seven International, Retrieved from d=185. [5] DICOM, Digital imaging and communications in medicine, Retrieved from [6] FHIR, FHIR security, Sep Retrieved from [7] T.C. Rindfleisch, Privacy, information technology, and health care, Communications of the ACM, 40(8), pp , [8] R.S. Sandhu and P. Samarati, Access Control: Principles and Practice, IEEE Communications Magazine, 32(9), pp , [9] Y.K. Rivera Sánchez and S.A. Demurjian, Chapter 6: User Authentication Requirements for Mobile Computing, Handbook of Research on Innovations in Access Control and Management, IGI Global, [10] Y. K. Rivera Sánchez, S. A. Demurjian, J. Conover, T. Agresta, X. Shao, and M. Diamond, Chapter 6: An Approach for Role-Based Access Control in Mobile Applications, (S. Mukherja, Ed.), IGI Global, [11] HAPI FHIR, HAPI, Retrieved from [12] OpenEMR, Retrieved from [13] G.C. Lamprinakos, A.S. Mousas, A.P. Kapsalis, D.I. Kaklamani, I.S. Venieris, A.D. Boufis et al., Using FHIR to develop a healthcare mobile application, IEEE, pp , [14] B. Franz, A, Schuler, O. Krauss, Applying FHIR in an integrated health monitoring system, EJBI 2015, 11(2), pp , Jan [15] A.M. Altamimi, SecFHIR: A security specification model for Fast Healthcare Interoperability Resources, International Journal of Advanced Computer Science and Applications (ijacsa), 7(6), [16] D. Ferraiolo and R. Kuhn, Role-Based Access Control, Proc. of the NIST-NSA National Computer Security Conf., pp , [17] E. Coyne and T. Weil, ABAC and RBAC: scalable, flexible, and auditable access management, IT Prof., vol. 15(3), pp , [18] FHIR DSTU2, Guide to resources, Retrieved from [19] FHIR Resources, Resource Index, Retrieved from [20] W3C, Latest SOAP versions, Retrieved from [21] Java, Java Servlet Technology, Retrieved from [22] SMART on FHIR, Swift-SMART, Retrieved from [23] HL7 International, Open source FHIR implementations, Sept Retrieved from ons. [24] HAPI FHIR, Server Interceptors, Retrieved from [25] HAPI FHIR, Server Security, Retrieved from [26] Connecticut General Assembly, Substitute for raised H.B. No. 6722, Retrieved from ftp://ftp.cga.ct.gov/2015/cbs/h/hb-6722.htm. [27] Postman, Postman, Retrieved from [28] JWT, Introduction to JSON Web Tokens, Retrieved from 144
Use Cases for Argonaut Project -- DRAFT Page
Use Cases for Argonaut Project -- DRAFT Page 1 Use Cases for Argonaut Project DRAFT V0.3 March 03, 2015 Use Cases for Argonaut Project -- DRAFT Page 2 Introduction The Argonaut Project seeks to rapidly
More informationSpecification and Enforcement of Access Control in Heterogeneous Distributed Applications
Specification and Enforcement of Access Control in Heterogeneous Distributed Applications Torsten Fink, Manuel Koch, and Cristian Oancea Institut für Informatik Freie Universität Berlin, 14195 Berlin,
More informationAn Object-Dependent and Context Constraints-Aware Access Control Approach Based on RBAC
An Object-Dependent and Context Constraints-Aware Access Control Approach Based on RBAC Xiaoli Ren, Lu Liu and Chenggong Lv School of Economics & Management, Beihang University, Beijing 100083, P.R. China
More informationSelect, simplify, fix: How Continua, IHE and other profiles contribute to making standards fit for purpose Michael Strübin, European Programme
Select, simplify, fix: How Continua, IHE and other profiles contribute to making standards fit for purpose Michael Strübin, European Programme Director PROGRESSIVE Workshop 19 October 2017, Brussels 1.
More informationP1752 Working Group Meeting
P1752 Working Group Meeting Sponsored by IEEE Engineering in Medicine & Biology (EMB) Standards Committee 26 June 2018 Teleconference Attendance This document shows attendance from previous calls https://tinyurl.com/yc3oxg6q
More informationHow the European Commission is supporting innovation in mobile health technologies Nordic Mobile Healthcare Technology Congress 2015
How the European Commission is supporting innovation in mobile health technologies Nordic Mobile Healthcare Technology Congress 2015 Claudia Prettner, Unit for Health and Well-Being, DG CONNECT Table of
More informationHIPAA AND SECURITY. For Healthcare Organizations
HIPAA AND EMAIL SECURITY For Healthcare Organizations Table of content Protecting patient information 03 Who is affected by HIPAA? 06 Why should healthcare 07 providers care? Email security & HIPPA 08
More informationWhamTech SmartData Fabric Healthcare Configurable FHIR REST APIs
WhamTech SmartData Fabric Healthcare Configurable FHIR REST APIs March 2017 (Best viewed in slideshow mode) Revision 1.2 Copyright 2017 WhamTech, Inc. 1 Challenges facing interoperability in healthcare
More informationIMPROVING DATA SECURITY USING ATTRIBUTE BASED BROADCAST ENCRYPTION IN CLOUD COMPUTING
IMPROVING DATA SECURITY USING ATTRIBUTE BASED BROADCAST ENCRYPTION IN CLOUD COMPUTING 1 K.Kamalakannan, 2 Mrs.Hemlathadhevi Abstract -- Personal health record (PHR) is an patient-centric model of health
More informationHealthcare IT A Monitoring Primer
Healthcare IT A Monitoring Primer Published: February 2019 PAGE 1 OF 13 Contents Introduction... 3 The Healthcare IT Environment.... 4 Traditional IT... 4 Healthcare Systems.... 4 Healthcare Data Format
More informationApplying the Semantic Web Layers to Access Control
J. Lopez, A. Mana, J. maria troya, and M. Yague, Applying the Semantic Web Layers to Access Control, IEEE International Workshop on Web Semantics (WebS03), pp. 622-626, 2003. NICS Lab. Publications: https://www.nics.uma.es/publications
More informationDeveloping A Semantic Web-based Framework for Executing the Clinical Quality Language Using FHIR
Developing A Semantic Web-based Framework for Executing the Clinical Quality Language Using FHIR Guoqian Jiang 1, Eric Prud Hommeax 2, and Harold R. Solbrig 1 1 Mayo Clinic, Rochester, MN, 55905, USA 2
More informationHealthcare FHIR API TECHNICAL SPECIFICATION 7.4
Healthcare FHIR API TECHNICAL SPECIFICATION 7.4 2018 Pegasystems Inc., Cambridge, MA All rights reserved. Trademarks For Pegasystems Inc. trademarks and registered trademarks, all rights reserved. All
More informationCloud-based Identity and Access Control for Diagnostic Imaging Systems
320 Int'l Conf. Security and Management SAM'15 Cloud-based Identity and Access Control for Diagnostic Imaging Systems Weina Ma and Kamran Sartipi Department of Electrical, Computer and Software Engineering
More informationDeveloping A Semantic Web-based Framework for Executing the Clinical Quality Language Using FHIR
Developing A Semantic Web-based Framework for Executing the Clinical Quality Language Using FHIR Guoqian Jiang 1, Eric Prud Hommeaux 2, Guohui Xiao 3, and Harold R. Solbrig 1 1 Mayo Clinic, Rochester,
More informationDirect, DirectTrust, and FHIR: A Value Proposition
Direct, DirectTrust, and FHIR: A Value Proposition August 10, 2017 Authors: Grahame Grieve, HL7 Product Director for FHIR; David Kibbe, Luis Maas, Greg Meyer, and Bruce Schreiber, members of the DirectTrust
More informationP1752 Working Group Meeting
P1752 Working Group Meeting Sponsored by IEEE Engineering in Medicine & Biology (EMB) Standards Committee 13 Mar 2018 Teleconference Attendance This document shows attendance from previous calls https://tinyurl.com/yc3oxg6q
More informationWEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices
WEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices Chris Steel, Ramesh Nagappan, Ray Lai www.coresecuritypatterns.com February 16, 2005 15:25 16:35
More informationIHE Integration Statement for
2/4/2015 IHE Integration Statement for MEDIC Client Registry RI Version 1.0 and above Prepared By MOHAWK MHEALTH AND EHEALTH DEVELOPMENT AND INNOVATION CENTRE (MEDIC) Contents 1. Introduction... 2 1.1.
More informationExisting Healthcare Standards
Existing Healthcare Standards Category Context (Information Model) Information Interchange Standard & Specific Elements ASN.1 Abstract Syntax Notation.1 ASTM E2369-05 Standard Specification for Continuity
More informationRole-Evolution in Role-based Access Control System Suganthy. A * Department of Banking Technology Pondicherry University, Puducherry, India
International Journal of Emerging Research in Management &Technology Research Article July 2017 -Evolution in -based Access Control System Suganthy. A * Department of Banking Technology Pondicherry University,
More informationDeveloping Mobile Application Framework By Using RESTFul Web Service with JSON Parser
Developing Mobile Application Framework By Using RESTFul Web Service with JSON Parser Ei Ei Thu,Than Nwe Aung University of Computer Studies Mandalay (UCSM), Mandalay, Myanmar. eieithuet@gmail.com, mdytna@gmail.com
More informationA JAVA-BASED SYSTEM FOR XML DATA PROTECTION* E. Bertino, M. Braun, S. Castano, E. Ferrari, M. Mesiti
CHAPTER 2 Author- A JAVA-BASED SYSTEM FOR XML DATA PROTECTION* E. Bertino, M. Braun, S. Castano, E. Ferrari, M. Mesiti Abstract Author- is a Java-based system for access control to XML documents. Author-
More informationmhealth (Mobile Health)
mhealth (Mobile Health) Foundational Curriculum: Cluster 6: System Connectivity Module 11: Telehealth, Telemedicine and mhealth Unit 2: mhealth (Mobile Health) 35/60 Curriculum Developers: Angelique Blake,
More informationThree Levels of Access Control to Personal Health Records in a Healthcare Cloud
Three Levels of Access Control to Personal Health Records in a Healthcare Cloud Gabriel Sanchez Bautista and Ning Zhang School of Computer Science The University of Manchester Manchester M13 9PL, United
More informationInteroperability Specifications and Conformance Testing Services Made Available on the Tukan Platform
Interoperability Specifications and Conformance Testing Services Made Available on the Tukan Platform Sebastian Bojanowski, HL7 Poland IHIC 2018 Portsmouth, 12 July 2018 Challenges of Polish health IT
More informationSecuring XML with Role- Based Access Control: Case Study in Health Care
334 Chapter 13 Securing XML with Role- Based Access Control: Case Study in Health Care Alberto De la Rosa Algarín University of Connecticut, USA Steven A. Demurjian University of Connecticut, USA Timoteus
More informationXML Based on HL 7 V 3.0 Message Exchanging Model for Hospital Information System
International Journal of Computational Intelligence and Healthcare Informatics, Vol. 3, No. 2, July-December 2010, pp. 85-88 Published by Serials Publications, ISSN : 0973-7413 XML Based on HL 7 V 3.0
More informationArchitecture Diagram. Figure 1 : Architecture Diagram
Architecture Diagram Figure 1 : Architecture Diagram Use Case Model Survey Patient: Figure 2 : Use Case Model Survey Patients can search for doctor and make online appointments. They also can view their
More informationHL7 FHIR. Rik Smithies, HL7 UK Technical Committee Chair September 28 th 2016
HL7 FHIR Rik Smithies, HL7 UK Technical Committee Chair rik@nprogram.co.uk September 28 th 2016 FHIR in one slide Fast Healthcare Interoperable Resources New free and open healthcare data API Builds on
More informationDeploying Access Control using Extended XACML in Open Web Service Environment
Deploying Access Control using Extended XACML in Open Web Service Environment Thirumaran.M Pondicherry Engg College Dhavachelvan.P Pondicherry University Divya.A Pondicherry Engg College ABSTRACT Now a
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationAccess Governance in a Cloudy Environment. Nabeel Nizar VP Worldwide Solutions
Access Governance in a Cloudy Environment Nabeel Nizar VP Worldwide Solutions Engineering @nabeelnizar Nabeel.Nizar@saviynt.com How do I manage multiple cloud instances from a single place? Is my sensitive
More informationHow Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq.
How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq. Word Count: 2,268 Physician practices have lived with the reality of HIPAA for over twenty years. In that time, it has likely
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationAn Approach to XML-Based Administration and Secure Information Flow Analysis on an Object Oriented Role-Based Access Control Model
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 22, 49-61 (2006) An Approach to XML-Based Administration and Secure Information Flow Analysis on an Object Oriented Role-Based Access Control Model CUNGANG
More information2017 2nd International Conference on Information Technology and Management Engineering (ITME 2017) ISBN:
2017 2nd International Conference on Information Technology and Management Engineering (ITME 2017) ISBN: 978-1-60595-415-8 Design and Implementation of a Mobile Healthcare Management Platform Based on
More informationThe Future of Interoperability: Emerging NoSQLs Save Time, Increase Efficiency, Optimize Business Processes, and Maximize Database Value
The Future of Interoperability: Emerging NoSQLs Save Time, Increase Efficiency, Optimize Business Processes, and Maximize Database Value Author: Tim Dunnington Director of Interoperability, Informatics
More informationTRUST IDENTITY. Trusted Relationships for Access Management: AND. The InCommon Model
TRUST. assured reliance on the character, ability, strength, or truth of someone or something - Merriam-Webster TRUST AND IDENTITY July 2017 Trusted Relationships for Access Management: The InCommon Model
More informationBRIDGEWATER SURGERIES. Privacy Notice
BRIDGEWATER SURGERIES Privacy Notice We understand how important it is to keep your personal information safe and secure and we take this very seriously. We have taken steps to make sure your personal
More informationHIPAA Compliance & Privacy What You Need to Know Now
HIPAA Email Compliance & Privacy What You Need to Know Now Introduction The Health Insurance Portability and Accountability Act of 1996 (HIPAA) places a number of requirements on the healthcare industry
More informationUNDER THE HOOD. API Overview
UNDER THE HOOD API Overview The Redox API was built to abstract away the technical variance across systems to deliver a consistent developer experience. This means that as a developer, you can spend less
More informationTechnical Overview. Version March 2018 Author: Vittorio Bertola
Technical Overview Version 1.2.3 26 March 2018 Author: Vittorio Bertola vittorio.bertola@open-xchange.com This document is copyrighted by its authors and is released under a CC-BY-ND-3.0 license, which
More informationRedefining Athletic Healthcare
Redefining Athletic Healthcare What Is DragonFly MAX? DragonFly MAX is an athlete-centered organizational platform built with the latest mobile technologies that is redefining athletic healthcare through
More informationEfficient integrity checking technique for securing client data in cloud computing
International Journal of Electrical & Computer Sciences IJECS-IJENS Vol: 11 No: 05 43 Efficient integrity checking technique for securing client data in cloud computing Dalia Attas and Omar Batrafi Computer
More informationCERT Symposium: Cyber Security Incident Management for Health Information Exchanges
Pennsylvania ehealth Partnership Authority Pennsylvania s Journey for Health Information Exchange CERT Symposium: Cyber Security Incident Management for Health Information Exchanges June 26, 2013 Pittsburgh,
More informationSmartphone app co-design workshop
Supervisor: A/Prof Josip Car Co-supervisor: Prof Helen Smith Smartphone app co-design workshop with caregivers of children with Atopic dermatitis XU Xiaomeng Ph.D. student Lee Kong Chian School of Medicine
More informationFHIR Overview. HL7 FHIR Connectathon20 January 12, 2019
FHIR Overview HL7 FHIR Connectathon20 January 12, 2019 Presenter: Richard Ettema FHIR Certified Implementer Lead Consultant, AEGIS.net, Inc. richard.ettema@aegis.net 2018 AEGIS.net, Inc., HL7 International.
More informationHIPAA / HITECH Overview of Capabilities and Protected Health Information
HIPAA / HITECH Overview of Capabilities and Protected Health Information August 2017 Rev 1.8.9 2017 DragonFly Athletics, LLC 2017, DragonFly Athletics, LLC. or its affiliates. All rights reserved. Notices
More informationSAMPLE POLICY. Current State Assessment Criteria. 1. That EPHI that is transmitted electronically is not vulnerable to interception; and
Documentation of HIPAA Security Implementation Standards The HIPAA Privacy regulations required the adoption of formal policies and procedures. For the HIPAA Security Standards, the documentation is even
More informationXML Access Control for Semantically Related XML Documents
XML Access Control for Semantically Related XML Documents Vijay Parmar and Hongchi Shi Department of Computer Engineering & Computer Science University of Missouri-Columbia Columbia, MO 65211, USA vnp9b1@mizzou.edu
More informationCertification for Meaningful Use Experiences and Observations from the Field June 2011
Certification for Meaningful Use Experiences and Observations from the Field June 2011 Principles for Certification to Support Meaningful Use Certification should promote EHR adoption by giving providers
More informationAnalysis of Various RBAC and ABAC Based Access Control Models with Their Extension
Analysis of Various RBAC and ABAC Based Access Control Models with Their Extension Prajapati Barkha, Gurucharansingh Sahani Student, Assistant Professor, Computer Engineering Department, Sardar Vallabhbhai
More informationSecurity Overview of the BGI Online Platform
WHITEPAPER 2015 BGI Online All rights reserved Version: Draft v3, April 2015 Security Overview of the BGI Online Platform Data security is, in general, a very important aspect in computing. We put extra
More informationEfficient Role Based Access Control Method in Wireless Environment
Efficient Role Based Access Control Method in Wireless Environment Song-hwa Chae 1, Wonil Kim 2, and Dong-kyoo Kim 3* 1 1 Graduate School of Information and Communication, Ajou University, Suwon, Korea
More informationJVA-563. Developing RESTful Services in Java
JVA-563. Developing RESTful Services in Java Version 2.0.1 This course shows experienced Java programmers how to build RESTful web services using the Java API for RESTful Web Services, or JAX-RS. We develop
More informationAuditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC
Auditing and Monitoring for HIPAA Compliance HCCA COMPLIANCE INSTITUTE 2003 April, 2003 Presented by: Suzie Draper Sheryl Vacca, CHC 1 The Elements of Corporate Compliance Program There are seven key elements
More informationLiferay Security Features Overview. How Liferay Approaches Security
Liferay Security Features Overview How Liferay Approaches Security Table of Contents Executive Summary.......................................... 1 Transport Security............................................
More informationOASIS Cross-Enterprise Security and Privacy Authorization (XSPA) WS- Trust Healthcare Profile. Working draft 20 August, 2008
OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) WS- Trust Healthcare Profile Working draft 20 August, 2008 Document identifier: xspa-ws-trust-profile-01 Location: Editor: Brett Burley,
More informationThe Journey to Mobility. Session NI5, March 5, 2018 Victoria L. Tiase, MSN, RN-BC Director of Research Science, NewYork-Presbyterian Hospital
The Journey to Mobility Session NI5, March 5, 2018 Victoria L. Tiase, MSN, RN-BC Director of Research Science, NewYork-Presbyterian Hospital 1 Conflict of Interest Victoria L. Tiase, MSN, RN-BC Has no
More informationOpen Health Tools UI Platform The MITRE Corporation. All rights Reserved. Approved for Public Release: XXXXX. Distribution Unlimited.
Open Health Tools UI Platform Approved for Public Release: XXXXX. Distribution Unlimited. Agenda UI Problem Open Health Tool UI Platform Collaboration OHT UI Platform Architecture Enabling Innovation UI
More informationThe MovingLife Project
The MovingLife Project MObile ehealth for the VINdication of Global LIFEstyle change and disease management solutions Stakeholders Conference The MovingLife Roadmaps Brussels 18 April 2013 Alessio Gugliotta
More informationAutomating Unpredictable Processes:
Automating Unpredictable Processes: Building Responsive Apps using Business Rules By Carl Hewitt, Chief Architect, Decisions and Heath Oderman, CTO, Decisions Copyright 2016 Building Responsive Apps: Comparing
More informationA SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS
A SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS Introduction If you re a growing service organization, whether a technology provider, financial services corporation, healthcare company, or professional
More informationNetwork Programmability with Cisco Application Centric Infrastructure
White Paper Network Programmability with Cisco Application Centric Infrastructure What You Will Learn This document examines the programmability support on Cisco Application Centric Infrastructure (ACI).
More informationThere have been several changes to IDEA since it was passed in The MDE-OSE has regularly issued new policies to address changes in Federal regul
There have been several changes to IDEA since it was passed in 1990. The MDE-OSE has regularly issued new policies to address changes in Federal regulations, guidance from OSEP memos, and case law. 6/10/14
More informationThe Role of IT in HIPAA Security & Compliance
The Role of IT in HIPAA Security & Compliance Mario Cruz OFMQ Chief Information Officer For audio, you must use your phone: Step 1: Call (866) 906-0123. Step 2: Enter code 2071585#. Mario Cruz Mario Cruz
More informationEfficient Auditable Access Control Systems for Public Shared Cloud Storage
Efficient Auditable Access Control Systems for Public Shared Cloud Storage Vidya Patil 1, Prof. Varsha R. Dange 2 Student, Department of Computer Science Dhole Patil College of Engineering, Pune, Maharashtra,
More informationAchieving interoperability between Arden- Syntax-based clinical decision support and openehr-based data systems
Achieving interoperability between Arden- Syntax-based clinical decision support and openehr-based data systems Martin SPINETH a,b, Andrea RAPPELSBERGER c and Klaus-Peter ADLASSNIG b,c 1 a University of
More informationOpen Cloud Computing Interface Platform
GFD-R-P.227 OCCI-WG Thijs Metsch, Intel Mohamed Mohamed, Telecom SudParis September 19, 2016 Open Cloud Computing Interface Platform Status of this Document This document provides information to the community
More informationComposable Software, Collaborative Development, and the CareWeb Framework. Doug Martin, MD
Composable Software, Collaborative Development, and the CareWeb Framework Doug Martin, MD Regenstrief Institute www.regenstrief.org Regenstrief Institute Non-profit organization Founded in 1969 Healthcare
More informationBuilding Better Interfaces: HL7 Conformance Profiles
Tutorials, W. Rishel Research Note 26 November 2002 Building Better Interfaces: HL7 Conformance Profiles The new Health Level Seven conformance technology allows individual healthcare organizations and
More informationIdentity, Authentication and Authorization. John Slankas
Identity, Authentication and Authorization John Slankas jbslanka@ncsu.edu Identity Who or what a person or thing is; a distinct impression of a single person or thing presented to or perceived by others;
More informationHealth Cloud Implementation Guide
Health Cloud Implementation Guide Salesforce, Winter 17 @salesforcedocs Last updated: December 20, 2016 Copyright 2000 2016 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark
More informationCore Role Based Access Control (RBAC) mechanism for MySQL
Core Role Based Access Control (RBAC) mechanism for MySQL by Ian Molloy Radu Dondera Umang Sharan CS541 Project Report Under the Guidance of Prof. Elisa Bertino With the Department of Computer Science
More informationWhite Paper. The Evolution of RBAC Models to Next-Generation ABAC: An Executive Summary
White Paper The Evolution of RBAC Models to Next-Generation ABAC: An Executive Summary 2 Overview: IT security has gone through major changes. Enterprises today are facing a rapid expansion of diverse
More information4.2. Authenticating to REST Services. Q u i c k R e f e r e n c e G u i d e. 1. IdentityX 4.2 Updates
4.2 Authenticating to REST Services Q u i c k R e f e r e n c e G u i d e In IdentityX 4.1, REST services have an authentication and signing requirement that is handled by the IdentityX REST SDKs. In order
More informationHealth Information Exchange Clinical Data Repository Utility Services Architecture Building Block HISO
Health Information Exchange Clinical Data Repository Utility Services Architecture Building Block HISO 10040.1 To be used in conjunction with HISO 10040.0 Health Information Exchange Overview and Glossary
More informationOHF ATNA Audit Client. Architecture & API Documentation. Version seknoop[at]us[dot]ibm[dot]com Sarah Knoop
OHF ATNA Audit Client Architecture & API Documentation Version 0.0.2 seknoop[at]us[dot]ibm[dot]com Sarah Knoop Page 1 of 14 Contents 1. Introduction...3 2. Getting Started...4 2.1 Platform Requirements...4
More informationChapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao
Chapter 9: Database Security: An Introduction Nguyen Thi Ai Thao thaonguyen@cse.hcmut.edu.vn Spring- 2016 Outline Introduction to Database Security Issues Types of Security Threats to databases Database
More informationEfficiently Sharing All of a Patient s Data With All their Providers Completing the Model
www.gdhealth.com Efficiently Sharing All of a Patient s Data With All their Providers Completing the Model Multi-Source Longitudinal Medical Record (MLMR) Thomas Pole and Robert Guajardo 6.13.2017 Our
More information2002 Journal of Software
1000-9825/2002/13(01)0092-07 2002 Journal of Software Vol13, No1,, (,100871) E-mail {zouwei,sjs,sunyc}@cspkueducn http//wwwpkueducn,,,,, ; ; ; TP311 A, (component-based software development, CBSD) CBSD,,,,
More informationAuthorization Aspects of the Distributed Dataflow-oriented IoT Framework Calvin
Master s Thesis Authorization Aspects of the Distributed Dataflow-oriented IoT Framework Calvin Tomas Nilsson Department of Electrical and Information Technology, Faculty of Engineering, LTH, Lund University,
More informationForcare B.V. Cross-Enterprise Document Sharing (XDS) Whitepaper
Cross-Enterprise Document Sharing (XDS) Copyright 2010 Forcare B.V. This publication may be distributed in its unmodified whole with references to the author and company name. Andries Hamster Forcare B.V.
More informationSCHEMA BASED XML SECURITY: RBAC APPROACH
SCHEMA BASED XML SECURITY: RBAC APPROACH Xinwen Zhang, Jaehong Park, and Ravi Sandhu George Mason University {xzhang6, jpark2, sandhu) } @gmu.edu Abstract Security of XML instance is a basic problem, especially
More informationMobile Application Privacy Policy
Mobile Application Privacy Policy Introduction This mobile application is hosted and operated on behalf of your health plan. As such, some information collected through the mobile application may be considered
More information[GSoC Proposal] Securing Airavata API
[GSoC Proposal] Securing Airavata API TITLE: Securing AIRAVATA API ABSTRACT: The goal of this project is to design and implement the solution for securing AIRAVATA API. Particularly, this includes authenticating
More informationCOMPTIA CLO-001 EXAM QUESTIONS & ANSWERS
COMPTIA CLO-001 EXAM QUESTIONS & ANSWERS Number: CLO-001 Passing Score: 800 Time Limit: 120 min File Version: 39.7 http://www.gratisexam.com/ COMPTIA CLO-001 EXAM QUESTIONS & ANSWERS Exam Name: CompTIA
More informationFinding and Securing ephi in SharePoint and SharePoint Online
Finding and Securing ephi in SharePoint and SharePoint Online Executive Summary The healthcare industry and related verticals such as insurance are under pressure to share information and collaborate in
More informationCYBERSECURITY. Recent OCR Actions & Cyber Awareness Newsletters. Claire C. Rosston
CYBERSECURITY Recent OCR Actions & Cyber Awareness Newsletters Claire C. Rosston DISCLAIMER This presentation is similar to any other legal education materials designed to provide general information on
More informationAPI Management Solutions
API Management Solutions The Microsoft Way Inhoud 2015 Motion10 motion10.nl 2 3 Introduction 4 API Management solutions defined 6 Microsoft API Management - Nevatech Sentinet - Azure API Management 9 When
More informationCDA- RE-GENERATION AND INTEGRATION FOR HEALTH INFORMATION EXCHANGE BASED ON CLOUD COMPUTING SYSTEM
CDA- RE-GENERATION AND INTEGRATION FOR HEALTH INFORMATION EXCHANGE BASED ON CLOUD COMPUTING SYSTEM 1 THOTA KARTHIK, M.TECH SCHOLAR 2 B.JAINABBI, ASST.PROFESSOR DEPARTMENT OF CSE AVANTHI INSTITUTE OF ENGINEERING
More informationThe Clinical Data Repository Provides CPR's Foundation
Tutorials, T.Handler,M.D.,W.Rishel Research Note 6 November 2003 The Clinical Data Repository Provides CPR's Foundation The core of any computer-based patient record system is a permanent data store. The
More informationSecure Smart Homes using Jini and UIUC SESAME
Secure Smart Homes using Jini and UIUC SESAME Jalal Al-Muhtadi, Manish Anand, M. Dennis Mickunas, Roy H. Campbell Department of Computer Science, University of Illinois at Urbana Champaign {almuhtad,anand,mickunas,roy}@cs.uiuc.edu
More informationWhat is New in MyChart? My Medical Record Health Preferences Settings Appointments and Visits Visits Schedule an Appointment Update Information
What is New in MyChart? On August 26th, we will be upgrading and changing the look and feel to our MyChart patient portal site. We would like to make you aware of a few differences that you will see, when
More information1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010
Standard CIP 011 1 Cyber Security Protection Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes
More informationVisualizing Access Control Policies in Databases. Jared Chandler. Comp 116 Fall 2015
Visualizing Access Control Policies in Databases Jared Chandler Comp 116 Fall 2015 To the Community I chose this topic because it is something I have an interest in improving. SQL databases are widespread
More informationEPCS in the State of New York
EPCS in the State of New York Medical Society of the State of New York November 20, 2014 Ken Majkowski Vice President Partner Development EPCS Adoption Status as of October 19, 2014 Over 1.3 million New
More informationAttribute based Access Control Model for Multi- Mission Data in Space Ground System
Attribute based Access Control Model for Multi- Mission Data in Space Ground System Somdatta Nath somdatta.nath@gd-ms.com 2015 by GDMS. Published by The Aerospace Corporation with permission. Overview
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More information