Abstract
Data sharing about electronic health records (EHRs) across healthcare organisations is still a challenging task due to compliance requirements with regulatory policies that can vary across states and countries, and organisations' internal business requirements. Even when adopting the same regulatory policies, each organisation can interpret and implement these policies and requirements differently in its internal IT environments. This paper proposes a compliance-aware data management solution for EHR systems. It allows healthcare organisations to define their own security and regulatory compliance requirements for accessing and sharing healthcare data, and enables policy enforcement while sharing data with other organisations. The policy requirements are expressed in the form of business processes that govern the access and sharing of data between people and systems. The business process operations are mapped into low-level operations on internal and remote record stores and policy enforcement points. We have implemented a prototype system that supports the proposed approach and integrated it with OpenMRS, an open source electronic medical record system, using which we have defined and enforced some real-world regulations and organisations' policies for data sharing.
| Original language | English |
|---|---|
| Pages (from-to) | 201-223 |
| Number of pages | 23 |
| Journal | International Journal of Business Process Integration and Management |
| Volume | 6 |
| Issue number | 3 |
| DOIs | |
| Publication status | Published - 2013 |
| Externally published | Yes |
Fingerprint
Keywords
- Business process execution
- Cross-organisation data sharing
- EHRs
- Electronic health records
- Regulatory compliance
ASJC Scopus subject areas
- Business and International Management
- Strategy and Management
- Management Science and Operations Research
Cite this
Business process management enabled compliance-aware medical record sharing. / Stevovic, Jovan; Li, Jun; Motahari-Nezhad, Hamid R.; Casati, Fabio; Armellin, Giampaolo.
In: International Journal of Business Process Integration and Management, Vol. 6, No. 3, 2013, p. 201-223.Research output: Contribution to journal › Article
}
TY - JOUR
T1 - Business process management enabled compliance-aware medical record sharing
AU - Stevovic, Jovan
AU - Li, Jun
AU - Motahari-Nezhad, Hamid R.
AU - Casati, Fabio
AU - Armellin, Giampaolo
PY - 2013
Y1 - 2013
N2 - Data sharing about electronic health records (EHRs) across healthcare organisations is still a challenging task due to compliance requirements with regulatory policies that can vary across states and countries, and organisations' internal business requirements. Even when adopting the same regulatory policies, each organisation can interpret and implement these policies and requirements differently in its internal IT environments. This paper proposes a compliance-aware data management solution for EHR systems. It allows healthcare organisations to define their own security and regulatory compliance requirements for accessing and sharing healthcare data, and enables policy enforcement while sharing data with other organisations. The policy requirements are expressed in the form of business processes that govern the access and sharing of data between people and systems. The business process operations are mapped into low-level operations on internal and remote record stores and policy enforcement points. We have implemented a prototype system that supports the proposed approach and integrated it with OpenMRS, an open source electronic medical record system, using which we have defined and enforced some real-world regulations and organisations' policies for data sharing.
AB - Data sharing about electronic health records (EHRs) across healthcare organisations is still a challenging task due to compliance requirements with regulatory policies that can vary across states and countries, and organisations' internal business requirements. Even when adopting the same regulatory policies, each organisation can interpret and implement these policies and requirements differently in its internal IT environments. This paper proposes a compliance-aware data management solution for EHR systems. It allows healthcare organisations to define their own security and regulatory compliance requirements for accessing and sharing healthcare data, and enables policy enforcement while sharing data with other organisations. The policy requirements are expressed in the form of business processes that govern the access and sharing of data between people and systems. The business process operations are mapped into low-level operations on internal and remote record stores and policy enforcement points. We have implemented a prototype system that supports the proposed approach and integrated it with OpenMRS, an open source electronic medical record system, using which we have defined and enforced some real-world regulations and organisations' policies for data sharing.
KW - Business process execution
KW - Cross-organisation data sharing
KW - EHRs
KW - Electronic health records
KW - Regulatory compliance
UR - http://www.scopus.com/inward/record.url?scp=84885652504&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84885652504&partnerID=8YFLogxK
U2 - 10.1504/IJBPIM.2013.056961
DO - 10.1504/IJBPIM.2013.056961
M3 - Article
VL - 6
SP - 201
EP - 223
JO - International Journal of Business Process Integration and Management
JF - International Journal of Business Process Integration and Management
SN - 1741-8763
IS - 3
ER -