Electronic Healthcare. 4th International Conference, eHealth 2011, Málaga, Spain, November 21-23, 2011, Revised Selected Papers

Research Article

The Process of Policy Authoring of Patient-Controlled Privacy Preferences

Download
485 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-29262-0_14,
        author={Thomas Trojer and Basel Katt and Thomas Schabetsberger and Richard Mair and Ruth Breu},
        title={The Process of Policy Authoring of Patient-Controlled Privacy Preferences},
        proceedings={Electronic Healthcare. 4th International Conference, eHealth 2011, M\^{a}laga, Spain, November 21-23, 2011, Revised Selected Papers},
        proceedings_a={E-HEALTH},
        year={2012},
        month={5},
        keywords={Privacy Patient privacy policy Access control Authoring tools Information self-determination Integrating the Healthcare Enterprises (IHE)},
        doi={10.1007/978-3-642-29262-0_14}
    }
    
  • Thomas Trojer
    Basel Katt
    Thomas Schabetsberger
    Richard Mair
    Ruth Breu
    Year: 2012
    The Process of Policy Authoring of Patient-Controlled Privacy Preferences
    E-HEALTH
    Springer
    DOI: 10.1007/978-3-642-29262-0_14
Thomas Trojer1,*, Basel Katt1,*, Thomas Schabetsberger2,*, Richard Mair2,*, Ruth Breu1,*
  • 1: University of Innsbruck
  • 2: ITH-icoserve GmbH
*Contact email: thomas.trojer@uibk.ac.at, basel.katt@uibk.ac.at, thomas.schabetsberger@ith-icoserve.com, richard.mair@ith-icoserve.com, ruth.breu@uibk.ac.at

Abstract

Discussions about appropriate security controls to protect medical records led to the understanding that the patient her-/himself plays a crucial role in networked electronic health-care. Patients have individual privacy concerns and may want to execute their personal right of self-determination on access and usage of their medical records. The ability for patients to have control over their personal medical data is the essence of patient-centric networked electronic health-care, but poses challenges regarding its tool support. Since patients can be generally treated as non-security experts as well as non-health-care domain experts, usability-supporting factors of authoring tools for privacy preferences have to receive major attention by implementers. Additionally, domain characteristics have to influence the design of such authoring applications. Finally expressed privacy preferences have to be analysed to inform the patient-author and guide her/him in the policy authoring process. In this paper we discuss the process of authorization policy authoring for shared electronic health records which we use to implement patient-controlled access control authoring tools. Further a use-case in the context of a specific health-care infrastructure is presented.