Security, privacy and patient identity

Hello, I’m working quite a bit in patient identity and privacy standards in various bodies in the US and EU. I haven’t found much discussion in this forum about the topic, and would welcome the discussion.

There is some experience (and implementation) of IHE Advanced Patient Privacy Consents (APPC) with openEHR systems.

There are other approaches in use with openEHR systems, but not yet any standardisation within openEHR.

One view (mine;-) says that we should be adding Consent as a top-level content type to the EHR, and supporting computable consent representation within that. The challenge is how to represent access to specific kinds of content in a way that is comprehensible to patients and clinicians.

This is not easy, since it should potentially take account of the things that APPC does, i.e. actor types, episodes, facilities, withholding etc.

If you would like to post your specific interests here that would certainly help the discussion.

2 Likes

Hi Jim,

These are clearly significant issues but to a large extent currently outside of openEHR’s focus, as right now they are mostly driven by external efforts, mostly at a national level. e,g. even in the UK each of the 4 countries has a different approach to patient identity. This is also a heavily culturally nuanced and ‘political’ arena where public opinion has a significant impact.

In theory, as Thomas says, we should be able to embed some standardised ideas of fine-grain access control to parts of an openEHR record but it is non-trivial to reconcile all of the various potential rules involved, both technically, and in a way that humans understand the impact, and therefore restrict access in a way that does not damage care.

3 Likes

I’ve been following the discussions here on patient identity, data ownership, and privacy. I’d be happy to participate if there was more discussion.

One general direction I think we will end up taking in health IT is Attribute-based Access control (ABAC) rather than RBAC.

An overview of ABAC for use in healthcare is in this paper.

(IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 11, No. 2, February 2020

Understanding Attribute-Based Access Control for Modelling and Analysing Healthcare Professionals’ Security Practices

Livinus Obiora Nweke, Prosper Yeng, Stephen D. Wolthusen, Bian Yang

Abstract—In recent years, there has been an increase in the application of attribute-based access control (ABAC) in electronic health (e-health) systems. E-health systems are used to store a patient’s electronic version of medical records. These records are usually classified according to their usage i.e., electronic health record (EHR) and personal health record (PHR). EHRs are electronic medical records held by the healthcare providers, while PHRs are electronic medical records held by the patients themselves. Both EHRs and PHRs are critical assets that require access control mechanism to regulate the manner in which they are accessed. ABAC has demonstrated to be an efficient and effective approach for providing fine grained access control to these critical assets. In this paper, we conduct a survey of the existing literature on the application of ABAC in e-health systems to understand the suitability of ABAC for e-health systems and the possibility of using ABAC access logs for observing, modelling and analysing security practices of healthcare professionals. We categorize the existing works according to the application of ABAC in PHR and EHR. We then present a discussion on the lessons learned and outline future challenges. This can serve as a basis for selecting and further advancing the use of ABAC in e-health systems.

1 Like

For further exploration of this approach, anyone interested might want to check out Better’s open source ABAC server: GitHub - better-care/better-abac-server: Better ABAC Server

1 Like

I agree technically but it can be phenomenally difficult to apply and manage granular access details from a human management/ human understanding perspective.

Well with ABAC, it all depends on how many attributes there are. If content items were to have say 2 attributes, e.g.

  • clinical discipline, with values like cardiology, mental health, sexual health etc
  • clinical setting, e.g. general practice, hospital, hospice, aged care, …

Then creating privacy rules will not necessarily be that hard. We need to do work on this of course, and I agree that the final result needs to be simple enough to understand for both clinician and patient (and software…)

Thats the easy bit - and exactly the approach used in the UK care-planning projects where staff identity across a broad range of professions and organisations plus associated permissions are critical. ABAC has worked well.

However we took care to try to structure compositions and associated templates to try to make it easy to fix the ‘access to’ question at composition level rather than deeper inside the composition. I though this might compromise the natural composition groupings but there was actually a very good fit between the partitioning of the data and associated access groups.

No doubt we ill need ot use the ABAC to apply differential rules deeper inside compositions as new uses emerge but that is where it starts to get very difficult to manage conflicting rules, without starting to introduce risk. I’m not saying it cannot or should not be done,. just that it is easy to be transfixed by the theoretical potential to apply access constraints throughout the data tree.

Best to start with broad level categories and push back on complex, granular detail unless a strong use case emerges.

1 Like

A model for an archetype-based access policy management was my first idea for my PhD thesis more than ten years ago (time flies!). Finally I moved to a general archetype modeling methodology, but I can share my initial ideas.

It is just a very early analysis that wasn’t developed further, but maybe there is something useful there.

Access policies in archetype-based systems - David Moner.pdf (551,4 KB)

5 Likes

Thanks, @ian.mcnicoll sorry for my “one year delay” in responding. I concur, though I’ve been involved in work to leverage IAM systems as part of brokering identity and health data exchange (using JSON-based open source). Happy to share more if anyone is interested.