Compliance aware cross-organization medical record sharing

Jovan Stevovic, Fabio Casati, Bilal Farraj, Jun Li, Hamid R. Motahari-Nezhad, Giampaolo Armellin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)


Data sharing about Electronic Health Records (EHRs) across healthcare organizations is still a challenging task due to compliance requirements with regulatory policies that can vary across states and countries, and organizations' internal business requirements. Even when adopting the same regulatory policies, each organization can interpret and implement these policies and requirements differently in its internal IT environments. This paper proposes a compliance-aware data management solution for EHR systems. It allows healthcare organizations to define their own security and regulatory compliance requirements for accessing and sharing healthcare data, and enables policy enforcement while sharing data with other organizations. The policy requirements are expressed in form of business processes that govern the access and sharing of data between people and systems. The business process operations are mapped into low-level operations on internal and remote record stores and policy enforcement points. We have implemented the prototype system that supports the proposed approach and integrated it with an open source electronic medical record system called OpenMRS, using which we have defined and enforced some real-world regulations and organizations' policies for data sharing.

Original languageEnglish
Title of host publicationProceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013
Number of pages4
Publication statusPublished - 2013
Externally publishedYes
Event2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013 - Ghent, Belgium
Duration: 27 May 201331 May 2013


Conference2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013


  • business process modeling and execution
  • cross-organization data sharing
  • regulatory compliance

ASJC Scopus subject areas

  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Compliance aware cross-organization medical record sharing'. Together they form a unique fingerprint.

Cite this