Research Article
The Process of Policy Authoring of Patient-Controlled Privacy Preferences
@INPROCEEDINGS{10.1007/978-3-642-29262-0_14, author={Thomas Trojer and Basel Katt and Thomas Schabetsberger and Richard Mair and Ruth Breu}, title={The Process of Policy Authoring of Patient-Controlled Privacy Preferences}, proceedings={Electronic Healthcare. 4th International Conference, eHealth 2011, M\^{a}laga, Spain, November 21-23, 2011, Revised Selected Papers}, proceedings_a={E-HEALTH}, year={2012}, month={5}, keywords={Privacy Patient privacy policy Access control Authoring tools Information self-determination Integrating the Healthcare Enterprises (IHE)}, doi={10.1007/978-3-642-29262-0_14} }
- Thomas Trojer
Basel Katt
Thomas Schabetsberger
Richard Mair
Ruth Breu
Year: 2012
The Process of Policy Authoring of Patient-Controlled Privacy Preferences
E-HEALTH
Springer
DOI: 10.1007/978-3-642-29262-0_14
Abstract
Discussions about appropriate security controls to protect medical records led to the understanding that the patient her-/himself plays a crucial role in networked electronic health-care. Patients have individual privacy concerns and may want to execute their personal right of self-determination on access and usage of their medical records. The ability for patients to have control over their personal medical data is the essence of patient-centric networked electronic health-care, but poses challenges regarding its tool support. Since patients can be generally treated as non-security experts as well as non-health-care domain experts, usability-supporting factors of authoring tools for privacy preferences have to receive major attention by implementers. Additionally, domain characteristics have to influence the design of such authoring applications. Finally expressed privacy preferences have to be analysed to inform the patient-author and guide her/him in the policy authoring process. In this paper we discuss the process of authorization policy authoring for shared electronic health records which we use to implement patient-controlled access control authoring tools. Further a use-case in the context of a specific health-care infrastructure is presented.