A Consent-based Workflow System for Healthcare Systems

Giovanni Russello, Changyu Dong, Naranker Dulay

Research output: Contribution to conferenceProceeding

Abstract

In this paper, we describe a new framework for healthcare systems where patients are able to control the disclosure of their medical data. In our framework, the patient's consent has a pivotal role in granting or removing access rights to subjects accessing patient's medical data. Depending on the context in which the access is being executed, different consent policies can be applied. Context is expressed in terms of workflows. The execution of a task in a given workflow carries the necessary information to infer whether the consent can be implicitly retrieved or should be explicitly requested from a patient. However, patients are always able to enforce their own decisions and withdraw consent if necessary. Additionally, the use of workflows enables us to apply the need-to-know principle. Even when the patient's consent is obtained, a subject should access medical data only if it is required by the actual situation. For example, if the subject is assigned to the execution of a medical diagnosis workflow requiring access to the patient's medical record. We also provide a complex medical case study to highlight the design principles behind our framework. Finally, the implementation of the framework is outlined.

Conference

Conference9th IEEE International Workshop on Policies for Distributed Systems and Networks
CountryUnited States
Period2/06/08 → …

Cite this

Russello, G., Dong, C., & Dulay, N. (2008). A Consent-based Workflow System for Healthcare Systems. 153-161. 9th IEEE International Workshop on Policies for Distributed Systems and Networks, United States.
Russello, Giovanni ; Dong, Changyu ; Dulay, Naranker. / A Consent-based Workflow System for Healthcare Systems. 9th IEEE International Workshop on Policies for Distributed Systems and Networks, United States.
@conference{45ec0e12eb894333b2519af71cba5215,
title = "A Consent-based Workflow System for Healthcare Systems",
abstract = "In this paper, we describe a new framework for healthcare systems where patients are able to control the disclosure of their medical data. In our framework, the patient's consent has a pivotal role in granting or removing access rights to subjects accessing patient's medical data. Depending on the context in which the access is being executed, different consent policies can be applied. Context is expressed in terms of workflows. The execution of a task in a given workflow carries the necessary information to infer whether the consent can be implicitly retrieved or should be explicitly requested from a patient. However, patients are always able to enforce their own decisions and withdraw consent if necessary. Additionally, the use of workflows enables us to apply the need-to-know principle. Even when the patient's consent is obtained, a subject should access medical data only if it is required by the actual situation. For example, if the subject is assigned to the execution of a medical diagnosis workflow requiring access to the patient's medical record. We also provide a complex medical case study to highlight the design principles behind our framework. Finally, the implementation of the framework is outlined.",
author = "Giovanni Russello and Changyu Dong and Naranker Dulay",
year = "2008",
language = "English",
pages = "153--161",
note = "9th IEEE International Workshop on Policies for Distributed Systems and Networks ; Conference date: 02-06-2008",

}

Russello, G, Dong, C & Dulay, N 2008, 'A Consent-based Workflow System for Healthcare Systems' 9th IEEE International Workshop on Policies for Distributed Systems and Networks, United States, 2/06/08, pp. 153-161.

A Consent-based Workflow System for Healthcare Systems. / Russello, Giovanni; Dong, Changyu; Dulay, Naranker.

2008. 153-161 9th IEEE International Workshop on Policies for Distributed Systems and Networks, United States.

Research output: Contribution to conferenceProceeding

TY - CONF

T1 - A Consent-based Workflow System for Healthcare Systems

AU - Russello, Giovanni

AU - Dong, Changyu

AU - Dulay, Naranker

PY - 2008

Y1 - 2008

N2 - In this paper, we describe a new framework for healthcare systems where patients are able to control the disclosure of their medical data. In our framework, the patient's consent has a pivotal role in granting or removing access rights to subjects accessing patient's medical data. Depending on the context in which the access is being executed, different consent policies can be applied. Context is expressed in terms of workflows. The execution of a task in a given workflow carries the necessary information to infer whether the consent can be implicitly retrieved or should be explicitly requested from a patient. However, patients are always able to enforce their own decisions and withdraw consent if necessary. Additionally, the use of workflows enables us to apply the need-to-know principle. Even when the patient's consent is obtained, a subject should access medical data only if it is required by the actual situation. For example, if the subject is assigned to the execution of a medical diagnosis workflow requiring access to the patient's medical record. We also provide a complex medical case study to highlight the design principles behind our framework. Finally, the implementation of the framework is outlined.

AB - In this paper, we describe a new framework for healthcare systems where patients are able to control the disclosure of their medical data. In our framework, the patient's consent has a pivotal role in granting or removing access rights to subjects accessing patient's medical data. Depending on the context in which the access is being executed, different consent policies can be applied. Context is expressed in terms of workflows. The execution of a task in a given workflow carries the necessary information to infer whether the consent can be implicitly retrieved or should be explicitly requested from a patient. However, patients are always able to enforce their own decisions and withdraw consent if necessary. Additionally, the use of workflows enables us to apply the need-to-know principle. Even when the patient's consent is obtained, a subject should access medical data only if it is required by the actual situation. For example, if the subject is assigned to the execution of a medical diagnosis workflow requiring access to the patient's medical record. We also provide a complex medical case study to highlight the design principles behind our framework. Finally, the implementation of the framework is outlined.

UR - http://doi.ieeecomputersociety.org/10.1109/POLICY.2008.22

M3 - Proceeding

SP - 153

EP - 161

ER -

Russello G, Dong C, Dulay N. A Consent-based Workflow System for Healthcare Systems. 2008. 9th IEEE International Workshop on Policies for Distributed Systems and Networks, United States.