A virtual PHR authorization system

Cloud computing and Internet of things (IOT) technologies can support a new generation of PHR systems which are provided as cloud services that contain patient data (health and social) from various sources, including automatically transmitted data from Internet connected devices of patient living space (e.g. medical devices connected to patients at home care). In this paper, the virtual PHR concept is introduced as an entity on the network consisted of (a) a non-healthcare component containing health and social information collected by either the patient or non-healthcare providers, (b) a medical device component containing health information transmitted from Internet connected medical devices and (c) a healthcare professional component containing information stored into various healthcare information systems. The PHR concept is based on the patient-centered model dictating that patients are the owners of their information. Hence, patients are empowered to authorize other subjects to access it that introduces specific security challenges which are further accentuated by the fact that diverse local security policies may need to be reconciled. The PHR authorization system proposed here is based on a combination of role-based and attribute-based access control (RABAC) and supports patient-specified authorization policies of various granularity levels subject to constraints imposed by the security policies of the various health and social care providers involved. To this end, an ontology of granular security concepts is built to aid in semantically matching diverse authorization requests and to enable semantic rule reasoning on whether a requested access should be permitted or denied.