Abstract
Developments in health information technology have encouraged the establishment of distributed systems known as Health Information Exchanges (HIEs) to enable the sharing of patient records between institutions. In many cases, the parties running these exchanges wish to limit the amount of information they are responsible for holding because of sensitivities about patient information. Hence, there is an interest in broker-based HIEs that keep limited information in the exchange repositories. However, it is essential to audit these exchanges carefully due to risks of inappropriate data sharing. In this paper, we consider some of the requirements and present a design for auditing broker-based HIEs in a way that controls the information available in audit logs and regulates their release for investigations. Our approach is based on formal rules for audit and the use of Hierarchical Identity-Based Encryption (HIBE) to support staged release of data needed in audits and a balance between automated and manual reviews. We test our methodology via an extension of a standard for auditing HIEs called the Audit Trail and Node Authentication Proffle (ATNA) protocol.
| Original language | English (US) |
|---|---|
| Pages | 313-320 |
| Number of pages | 8 |
| DOIs | |
| State | Published - 2014 |
| Event | 4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014 - San Antonio, TX, United States Duration: Mar 3 2014 → Mar 5 2014 |
Other
| Other | 4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014 |
|---|---|
| Country/Territory | United States |
| City | San Antonio, TX |
| Period | 3/3/14 → 3/5/14 |
Keywords
- Audit
- Formal logic
- Health information technology
- Hierarchical identity based encryption
ASJC Scopus subject areas
- Software