Patient-centric authorization framework for electronic healthcare services

Jing Jin, Gail-Joon Ahn, Hongxin Hu, Michael J. Covington, Xinwen Zhang

Research output: Contribution to journalArticlepeer-review

43 Scopus citations


In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and privacy protection requirements. We also articulate and address issues and mechanisms on policy anomalies that occur in the composition of discrete access control policies from different data sources.

Original languageEnglish (US)
Pages (from-to)116-127
Number of pages12
JournalComputers and Security
Issue number2-3
StatePublished - Mar 2011


  • Electronic Health Records(EHRs)
  • Patient-centric authorization
  • Policy anomaly analysis
  • Policy composition
  • Selective sharing

ASJC Scopus subject areas

  • General Computer Science
  • Law


Dive into the research topics of 'Patient-centric authorization framework for electronic healthcare services'. Together they form a unique fingerprint.

Cite this