Protecting privacy during peer-to-peer exchange of medical documents
Privacy is an important aspect of interoperable medical information systems. Governments and health care organizations have established privacy policies to prevent abuse of personal health data. These policies often require organizations to obtain patient consent prior to exchanging personal informa...
Gespeichert in:
| Veröffentlicht in: | Information systems frontiers 2012-03, Vol.14 (1), p.87-104 |
|---|---|
| Hauptverfasser: | , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 104 |
|---|---|
| container_issue | 1 |
| container_start_page | 87 |
| container_title | Information systems frontiers |
| container_volume | 14 |
| creator | Weber-Jahnke, Jens H. Obry, Christina |
| description | Privacy is an important aspect of interoperable medical information systems. Governments and health care organizations have established privacy policies to prevent abuse of personal health data. These policies often require organizations to obtain patient consent prior to exchanging personal information with other interoperable systems. The consents are defined in form of so-called disclosure directives. However, policies are often not precise enough to address all possible eventualities and exceptions. Unanticipated priorities and other care contexts may cause conflicts between a patient’s disclosure directives and the need to receive treatments from informed caregivers. It is commonly agreed that in these situations patient safety takes precedence over information privacy. Therefore, caregivers are typically given the ability to override the patient’s disclosure directives to protect patient safety. These overrides must be logged and are subject to privacy audits to prevent abuse. Centralized “shared health record” (SHR) infrastructures include consent management systems that enact the above functionality. However, consent management mechanisms do not extend to information systems that exchange clinical information on a peer-to-peer basis, e.g., by secure messaging. Our article addresses this gap by presenting a consent management mechanism for peer-to-peer interoperable systems. The mechanism restricts access to sensitive, medical data based on defined consent directives, but also allows overriding the policies when needed. The overriding process is monitored and audited in order to prevent misuse. The mechanism has been implemented in an open source project called CDAShip and has been made available on SourceForge. |
| doi_str_mv | 10.1007/s10796-011-9304-2 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1019656357</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2604456151</sourcerecordid><originalsourceid>FETCH-LOGICAL-c348t-e717c65a1c05176866c8da71ee8bc71301ec625e2bec79974aeb0a3f24b4868a3</originalsourceid><addsrcrecordid>eNp1kE1LxDAQhoMouK7-AG_Fk5doJmmT9CjrJwh60HNI0-napR9r0or7702tIAieZgae92V4CDkFdgGMqcsATOWSMgCaC5ZSvkcWkClO8xTy_bgLragQXB6SoxA2jIHkKluQ62ffD-iGulsnW19_WLdLytF_n4ieDj2dZoKf7s12a0z6KmmxrJ1tkrJ3Y4vdEI7JQWWbgCc_c0leb29eVvf08enuYXX1SJ1I9UBRgXIys-BYBkpqKZ0urQJEXTgFggE6yTPkBTqV5yq1WDArKp4WqZbaiiU5n3u3vn8fMQymrYPDprEd9mMwwCCXmRSZiujZH3TTj76L35mcS5lqDTJCMEPO9yF4rExU0Fq_i01m0mpmrSZqNZNWw2OGz5mwnSyh_y3-P_QFhMZ5wQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>926648816</pqid></control><display><type>article</type><title>Protecting privacy during peer-to-peer exchange of medical documents</title><source>SpringerLink Journals - AutoHoldings</source><creator>Weber-Jahnke, Jens H. ; Obry, Christina</creator><creatorcontrib>Weber-Jahnke, Jens H. ; Obry, Christina</creatorcontrib><description>Privacy is an important aspect of interoperable medical information systems. Governments and health care organizations have established privacy policies to prevent abuse of personal health data. These policies often require organizations to obtain patient consent prior to exchanging personal information with other interoperable systems. The consents are defined in form of so-called disclosure directives. However, policies are often not precise enough to address all possible eventualities and exceptions. Unanticipated priorities and other care contexts may cause conflicts between a patient’s disclosure directives and the need to receive treatments from informed caregivers. It is commonly agreed that in these situations patient safety takes precedence over information privacy. Therefore, caregivers are typically given the ability to override the patient’s disclosure directives to protect patient safety. These overrides must be logged and are subject to privacy audits to prevent abuse. Centralized “shared health record” (SHR) infrastructures include consent management systems that enact the above functionality. However, consent management mechanisms do not extend to information systems that exchange clinical information on a peer-to-peer basis, e.g., by secure messaging. Our article addresses this gap by presenting a consent management mechanism for peer-to-peer interoperable systems. The mechanism restricts access to sensitive, medical data based on defined consent directives, but also allows overriding the policies when needed. The overriding process is monitored and audited in order to prevent misuse. The mechanism has been implemented in an open source project called CDAShip and has been made available on SourceForge.</description><identifier>ISSN: 1387-3326</identifier><identifier>EISSN: 1572-9419</identifier><identifier>DOI: 10.1007/s10796-011-9304-2</identifier><language>eng</language><publisher>Boston: Springer US</publisher><subject>Access control ; Auditing ; Business and Management ; Caregivers ; Communication ; Consent ; Consents ; Control ; Cybersecurity ; Health ; Health care industry ; Information management ; Information systems ; Infrastructure ; Interoperability ; IT in Business ; Jurisdiction ; Laboratories ; Management of Computing and Information Systems ; Medical ; Medical records ; Medical research ; Operations Research/Decision Theory ; Organizations ; Patient safety ; Patients ; Peer to peer computing ; Peers ; Personal health ; Pharmacy ; Policies ; Privacy ; Security services ; Software ; Studies ; Systems Theory</subject><ispartof>Information systems frontiers, 2012-03, Vol.14 (1), p.87-104</ispartof><rights>Springer Science+Business Media, LLC 2011</rights><rights>Springer Science+Business Media, LLC 2012</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c348t-e717c65a1c05176866c8da71ee8bc71301ec625e2bec79974aeb0a3f24b4868a3</citedby><cites>FETCH-LOGICAL-c348t-e717c65a1c05176866c8da71ee8bc71301ec625e2bec79974aeb0a3f24b4868a3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s10796-011-9304-2$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/s10796-011-9304-2$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>315,782,786,27931,27932,41495,42564,51326</link.rule.ids></links><search><creatorcontrib>Weber-Jahnke, Jens H.</creatorcontrib><creatorcontrib>Obry, Christina</creatorcontrib><title>Protecting privacy during peer-to-peer exchange of medical documents</title><title>Information systems frontiers</title><addtitle>Inf Syst Front</addtitle><description>Privacy is an important aspect of interoperable medical information systems. Governments and health care organizations have established privacy policies to prevent abuse of personal health data. These policies often require organizations to obtain patient consent prior to exchanging personal information with other interoperable systems. The consents are defined in form of so-called disclosure directives. However, policies are often not precise enough to address all possible eventualities and exceptions. Unanticipated priorities and other care contexts may cause conflicts between a patient’s disclosure directives and the need to receive treatments from informed caregivers. It is commonly agreed that in these situations patient safety takes precedence over information privacy. Therefore, caregivers are typically given the ability to override the patient’s disclosure directives to protect patient safety. These overrides must be logged and are subject to privacy audits to prevent abuse. Centralized “shared health record” (SHR) infrastructures include consent management systems that enact the above functionality. However, consent management mechanisms do not extend to information systems that exchange clinical information on a peer-to-peer basis, e.g., by secure messaging. Our article addresses this gap by presenting a consent management mechanism for peer-to-peer interoperable systems. The mechanism restricts access to sensitive, medical data based on defined consent directives, but also allows overriding the policies when needed. The overriding process is monitored and audited in order to prevent misuse. The mechanism has been implemented in an open source project called CDAShip and has been made available on SourceForge.</description><subject>Access control</subject><subject>Auditing</subject><subject>Business and Management</subject><subject>Caregivers</subject><subject>Communication</subject><subject>Consent</subject><subject>Consents</subject><subject>Control</subject><subject>Cybersecurity</subject><subject>Health</subject><subject>Health care industry</subject><subject>Information management</subject><subject>Information systems</subject><subject>Infrastructure</subject><subject>Interoperability</subject><subject>IT in Business</subject><subject>Jurisdiction</subject><subject>Laboratories</subject><subject>Management of Computing and Information Systems</subject><subject>Medical</subject><subject>Medical records</subject><subject>Medical research</subject><subject>Operations Research/Decision Theory</subject><subject>Organizations</subject><subject>Patient safety</subject><subject>Patients</subject><subject>Peer to peer computing</subject><subject>Peers</subject><subject>Personal health</subject><subject>Pharmacy</subject><subject>Policies</subject><subject>Privacy</subject><subject>Security services</subject><subject>Software</subject><subject>Studies</subject><subject>Systems Theory</subject><issn>1387-3326</issn><issn>1572-9419</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2012</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GNUQQ</sourceid><recordid>eNp1kE1LxDAQhoMouK7-AG_Fk5doJmmT9CjrJwh60HNI0-napR9r0or7702tIAieZgae92V4CDkFdgGMqcsATOWSMgCaC5ZSvkcWkClO8xTy_bgLragQXB6SoxA2jIHkKluQ62ffD-iGulsnW19_WLdLytF_n4ieDj2dZoKf7s12a0z6KmmxrJ1tkrJ3Y4vdEI7JQWWbgCc_c0leb29eVvf08enuYXX1SJ1I9UBRgXIys-BYBkpqKZ0urQJEXTgFggE6yTPkBTqV5yq1WDArKp4WqZbaiiU5n3u3vn8fMQymrYPDprEd9mMwwCCXmRSZiujZH3TTj76L35mcS5lqDTJCMEPO9yF4rExU0Fq_i01m0mpmrSZqNZNWw2OGz5mwnSyh_y3-P_QFhMZ5wQ</recordid><startdate>20120301</startdate><enddate>20120301</enddate><creator>Weber-Jahnke, Jens H.</creator><creator>Obry, Christina</creator><general>Springer US</general><general>Springer Nature B.V</general><scope>AAYXX</scope><scope>CITATION</scope><scope>0U~</scope><scope>1-H</scope><scope>3V.</scope><scope>7SC</scope><scope>7WY</scope><scope>7WZ</scope><scope>7XB</scope><scope>87Z</scope><scope>8AL</scope><scope>8AO</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>8FL</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ALSLI</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BEZIV</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>CNYFK</scope><scope>DWQXO</scope><scope>FRNLG</scope><scope>F~G</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K60</scope><scope>K6~</scope><scope>K7-</scope><scope>L.-</scope><scope>L.0</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>M0C</scope><scope>M0N</scope><scope>M1O</scope><scope>P5Z</scope><scope>P62</scope><scope>PQBIZ</scope><scope>PQBZA</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>Q9U</scope></search><sort><creationdate>20120301</creationdate><title>Protecting privacy during peer-to-peer exchange of medical documents</title><author>Weber-Jahnke, Jens H. ; Obry, Christina</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c348t-e717c65a1c05176866c8da71ee8bc71301ec625e2bec79974aeb0a3f24b4868a3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2012</creationdate><topic>Access control</topic><topic>Auditing</topic><topic>Business and Management</topic><topic>Caregivers</topic><topic>Communication</topic><topic>Consent</topic><topic>Consents</topic><topic>Control</topic><topic>Cybersecurity</topic><topic>Health</topic><topic>Health care industry</topic><topic>Information management</topic><topic>Information systems</topic><topic>Infrastructure</topic><topic>Interoperability</topic><topic>IT in Business</topic><topic>Jurisdiction</topic><topic>Laboratories</topic><topic>Management of Computing and Information Systems</topic><topic>Medical</topic><topic>Medical records</topic><topic>Medical research</topic><topic>Operations Research/Decision Theory</topic><topic>Organizations</topic><topic>Patient safety</topic><topic>Patients</topic><topic>Peer to peer computing</topic><topic>Peers</topic><topic>Personal health</topic><topic>Pharmacy</topic><topic>Policies</topic><topic>Privacy</topic><topic>Security services</topic><topic>Software</topic><topic>Studies</topic><topic>Systems Theory</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Weber-Jahnke, Jens H.</creatorcontrib><creatorcontrib>Obry, Christina</creatorcontrib><collection>CrossRef</collection><collection>Global News & ABI/Inform Professional</collection><collection>Trade PRO</collection><collection>ProQuest Central (Corporate)</collection><collection>Computer and Information Systems Abstracts</collection><collection>Access via ABI/INFORM (ProQuest)</collection><collection>ABI/INFORM Global (PDF only)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>ABI/INFORM Global (Alumni Edition)</collection><collection>Computing Database (Alumni Edition)</collection><collection>ProQuest Pharma Collection</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ABI/INFORM Collection (Alumni Edition)</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Social Science Premium Collection</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Business Premium Collection</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>Library & Information Science Collection</collection><collection>ProQuest Central Korea</collection><collection>Business Premium Collection (Alumni)</collection><collection>ABI/INFORM Global (Corporate)</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Business Collection (Alumni Edition)</collection><collection>ProQuest Business Collection</collection><collection>Computer Science Database</collection><collection>ABI/INFORM Professional Advanced</collection><collection>ABI/INFORM Professional Standard</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>ABI/INFORM Global</collection><collection>Computing Database</collection><collection>Library Science Database</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>ProQuest One Business</collection><collection>ProQuest One Business (Alumni)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>ProQuest Central Basic</collection><jtitle>Information systems frontiers</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Weber-Jahnke, Jens H.</au><au>Obry, Christina</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Protecting privacy during peer-to-peer exchange of medical documents</atitle><jtitle>Information systems frontiers</jtitle><stitle>Inf Syst Front</stitle><date>2012-03-01</date><risdate>2012</risdate><volume>14</volume><issue>1</issue><spage>87</spage><epage>104</epage><pages>87-104</pages><issn>1387-3326</issn><eissn>1572-9419</eissn><abstract>Privacy is an important aspect of interoperable medical information systems. Governments and health care organizations have established privacy policies to prevent abuse of personal health data. These policies often require organizations to obtain patient consent prior to exchanging personal information with other interoperable systems. The consents are defined in form of so-called disclosure directives. However, policies are often not precise enough to address all possible eventualities and exceptions. Unanticipated priorities and other care contexts may cause conflicts between a patient’s disclosure directives and the need to receive treatments from informed caregivers. It is commonly agreed that in these situations patient safety takes precedence over information privacy. Therefore, caregivers are typically given the ability to override the patient’s disclosure directives to protect patient safety. These overrides must be logged and are subject to privacy audits to prevent abuse. Centralized “shared health record” (SHR) infrastructures include consent management systems that enact the above functionality. However, consent management mechanisms do not extend to information systems that exchange clinical information on a peer-to-peer basis, e.g., by secure messaging. Our article addresses this gap by presenting a consent management mechanism for peer-to-peer interoperable systems. The mechanism restricts access to sensitive, medical data based on defined consent directives, but also allows overriding the policies when needed. The overriding process is monitored and audited in order to prevent misuse. The mechanism has been implemented in an open source project called CDAShip and has been made available on SourceForge.</abstract><cop>Boston</cop><pub>Springer US</pub><doi>10.1007/s10796-011-9304-2</doi><tpages>18</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1387-3326 |
| ispartof | Information systems frontiers, 2012-03, Vol.14 (1), p.87-104 |
| issn | 1387-3326 1572-9419 |
| language | eng |
| recordid | cdi_proquest_miscellaneous_1019656357 |
| source | SpringerLink Journals - AutoHoldings |
| subjects | Access control Auditing Business and Management Caregivers Communication Consent Consents Control Cybersecurity Health Health care industry Information management Information systems Infrastructure Interoperability IT in Business Jurisdiction Laboratories Management of Computing and Information Systems Medical Medical records Medical research Operations Research/Decision Theory Organizations Patient safety Patients Peer to peer computing Peers Personal health Pharmacy Policies Privacy Security services Software Studies Systems Theory |
| title | Protecting privacy during peer-to-peer exchange of medical documents |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-04T07%3A48%3A18IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Protecting%20privacy%20during%20peer-to-peer%20exchange%20of%20medical%20documents&rft.jtitle=Information%20systems%20frontiers&rft.au=Weber-Jahnke,%20Jens%20H.&rft.date=2012-03-01&rft.volume=14&rft.issue=1&rft.spage=87&rft.epage=104&rft.pages=87-104&rft.issn=1387-3326&rft.eissn=1572-9419&rft_id=info:doi/10.1007/s10796-011-9304-2&rft_dat=%3Cproquest_cross%3E2604456151%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=926648816&rft_id=info:pmid/&rfr_iscdi=true |