Compliance aware cross-organization medical record sharing

Jovan Stevovic, Fabio Casati, Bilal Farraj, Jun Li, Hamid R. Motahari-Nezhad, Giampaolo Armellin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

Data sharing about Electronic Health Records (EHRs) across healthcare organizations is still a challenging task due to compliance requirements with regulatory policies that can vary across states and countries, and organizations' internal business requirements. Even when adopting the same regulatory policies, each organization can interpret and implement these policies and requirements differently in its internal IT environments. This paper proposes a compliance-aware data management solution for EHR systems. It allows healthcare organizations to define their own security and regulatory compliance requirements for accessing and sharing healthcare data, and enables policy enforcement while sharing data with other organizations. The policy requirements are expressed in form of business processes that govern the access and sharing of data between people and systems. The business process operations are mapped into low-level operations on internal and remote record stores and policy enforcement points. We have implemented the prototype system that supports the proposed approach and integrated it with an open source electronic medical record system called OpenMRS, using which we have defined and enforced some real-world regulations and organizations' policies for data sharing.

Original languageEnglish
Title of host publicationProceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013
Pages772-775
Number of pages4
Publication statusPublished - 2013
Externally publishedYes
Event2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013 - Ghent, Belgium
Duration: 27 May 201331 May 2013

Conference

Conference2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013
CountryBelgium
CityGhent
Period27.5.1331.5.13

Fingerprint

Health
Electronic medical equipment
Industry
Information management
Compliance

Keywords

  • business process modeling and execution
  • cross-organization data sharing
  • regulatory compliance

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Stevovic, J., Casati, F., Farraj, B., Li, J., Motahari-Nezhad, H. R., & Armellin, G. (2013). Compliance aware cross-organization medical record sharing. In Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013 (pp. 772-775). [6573075]

Compliance aware cross-organization medical record sharing. / Stevovic, Jovan; Casati, Fabio; Farraj, Bilal; Li, Jun; Motahari-Nezhad, Hamid R.; Armellin, Giampaolo.

Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013. 2013. p. 772-775 6573075.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Stevovic, J, Casati, F, Farraj, B, Li, J, Motahari-Nezhad, HR & Armellin, G 2013, Compliance aware cross-organization medical record sharing. in Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013., 6573075, pp. 772-775, 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013, Ghent, Belgium, 27.5.13.
Stevovic J, Casati F, Farraj B, Li J, Motahari-Nezhad HR, Armellin G. Compliance aware cross-organization medical record sharing. In Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013. 2013. p. 772-775. 6573075
Stevovic, Jovan ; Casati, Fabio ; Farraj, Bilal ; Li, Jun ; Motahari-Nezhad, Hamid R. ; Armellin, Giampaolo. / Compliance aware cross-organization medical record sharing. Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013. 2013. pp. 772-775
@inproceedings{334c18847a2f422d9eb5ff9f5d2c0b6a,
title = "Compliance aware cross-organization medical record sharing",
abstract = "Data sharing about Electronic Health Records (EHRs) across healthcare organizations is still a challenging task due to compliance requirements with regulatory policies that can vary across states and countries, and organizations' internal business requirements. Even when adopting the same regulatory policies, each organization can interpret and implement these policies and requirements differently in its internal IT environments. This paper proposes a compliance-aware data management solution for EHR systems. It allows healthcare organizations to define their own security and regulatory compliance requirements for accessing and sharing healthcare data, and enables policy enforcement while sharing data with other organizations. The policy requirements are expressed in form of business processes that govern the access and sharing of data between people and systems. The business process operations are mapped into low-level operations on internal and remote record stores and policy enforcement points. We have implemented the prototype system that supports the proposed approach and integrated it with an open source electronic medical record system called OpenMRS, using which we have defined and enforced some real-world regulations and organizations' policies for data sharing.",
keywords = "business process modeling and execution, cross-organization data sharing, regulatory compliance",
author = "Jovan Stevovic and Fabio Casati and Bilal Farraj and Jun Li and Motahari-Nezhad, {Hamid R.} and Giampaolo Armellin",
year = "2013",
language = "English",
isbn = "9783901882517",
pages = "772--775",
booktitle = "Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013",

}

TY - GEN

T1 - Compliance aware cross-organization medical record sharing

AU - Stevovic, Jovan

AU - Casati, Fabio

AU - Farraj, Bilal

AU - Li, Jun

AU - Motahari-Nezhad, Hamid R.

AU - Armellin, Giampaolo

PY - 2013

Y1 - 2013

N2 - Data sharing about Electronic Health Records (EHRs) across healthcare organizations is still a challenging task due to compliance requirements with regulatory policies that can vary across states and countries, and organizations' internal business requirements. Even when adopting the same regulatory policies, each organization can interpret and implement these policies and requirements differently in its internal IT environments. This paper proposes a compliance-aware data management solution for EHR systems. It allows healthcare organizations to define their own security and regulatory compliance requirements for accessing and sharing healthcare data, and enables policy enforcement while sharing data with other organizations. The policy requirements are expressed in form of business processes that govern the access and sharing of data between people and systems. The business process operations are mapped into low-level operations on internal and remote record stores and policy enforcement points. We have implemented the prototype system that supports the proposed approach and integrated it with an open source electronic medical record system called OpenMRS, using which we have defined and enforced some real-world regulations and organizations' policies for data sharing.

AB - Data sharing about Electronic Health Records (EHRs) across healthcare organizations is still a challenging task due to compliance requirements with regulatory policies that can vary across states and countries, and organizations' internal business requirements. Even when adopting the same regulatory policies, each organization can interpret and implement these policies and requirements differently in its internal IT environments. This paper proposes a compliance-aware data management solution for EHR systems. It allows healthcare organizations to define their own security and regulatory compliance requirements for accessing and sharing healthcare data, and enables policy enforcement while sharing data with other organizations. The policy requirements are expressed in form of business processes that govern the access and sharing of data between people and systems. The business process operations are mapped into low-level operations on internal and remote record stores and policy enforcement points. We have implemented the prototype system that supports the proposed approach and integrated it with an open source electronic medical record system called OpenMRS, using which we have defined and enforced some real-world regulations and organizations' policies for data sharing.

KW - business process modeling and execution

KW - cross-organization data sharing

KW - regulatory compliance

UR - http://www.scopus.com/inward/record.url?scp=84883483375&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84883483375&partnerID=8YFLogxK

M3 - Conference contribution

SN - 9783901882517

SP - 772

EP - 775

BT - Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013

ER -