Consent based privacy for eHealth systems

Show simple item record

dc.contributor.author Habibi, Ryan
dc.date.accessioned 2018-08-31T19:40:36Z
dc.date.available 2018-08-31T19:40:36Z
dc.date.copyright 2018 en_US
dc.date.issued 2018-08-31
dc.identifier.uri http://hdl.handle.net/1828/10010
dc.description.abstract Access to Personal Health Information (PHI) is a valuable part of the modern health care model. Timely access to relevant PHI assists care providers in making clinical decisions and ensure that patients receive the highest quality of care. PHI is highly sensitive and unauthorized disclosure of PHI has potential to lead to social, economic, or even physical harm to the patient. Traditional electronic health (eHealth) tools are designed for the needs of care providers and are insufficient for the needs of patients. Our research goal is to investigate the requirements of electronic health care systems which place patient health and privacy above all other concerns. Control of secure resources is a well established area of research in which many techniques such as cryptography, access control, authentication, and organizational policy can be combined to maintain the confidentiality and integrity of data. Access control is the dominant data owner facing privacy control. To better understand this domain we conducted a scoping literature review to rapidly map the key concepts underpinning patient facing access controls in eHealth systems. We present the analysis of that corpus as well as a set of identified requirements. Based on the identified requirements we developed Circle of Health based Access Control (CoHBAC), a patient centered access control model. We then performed a second scoping review to extend our research beyond just access controls, which are insufficient to provide reasonable privacy alone. The second review yielded a larger, more comprehensive, set of sixty five requirements for patient centered privacy systems. We refined CoHBAC into Privacy Centered Access Control (PCAC) to meet the needs of our second set of requirements. Using the conceptual model of accountability that emerged from the reviewed literature we present the identified requirements organized into the Patient Centered Privacy Framework. We applied our framework to the Canadian health care context to demonstrate its applicability. en_US
dc.language English eng
dc.language.iso en en_US
dc.rights Available to the World Wide Web en_US
dc.subject Access Control en_US
dc.subject eHealth en_US
dc.subject Consent en_US
dc.subject Privacy en_US
dc.title Consent based privacy for eHealth systems en_US
dc.type Thesis en_US
dc.contributor.supervisor Damian, Daniela
dc.degree.department Department of Computer Science en_US
dc.degree.level Master of Science M.Sc. en_US
dc.description.scholarlevel Graduate en_US

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search UVicSpace


My Account