Hide/Show Apps

Security, privacy, identity and patient consent management across healthcare enterprices in integrated healthcare enterprices (IHE) cross enterprise document sharing (XDS) affinity domain

Namlı, Tuncay
Integrated Healthcare Enterprise (IHE) is an initiative by industry and healthcare professionals to improve knowledge sharing and interoperability between healthcare related enterprises. IHE publishes Integration Profiles on several Healthcare Fields to define how systems can use existing standards and technologies to execute a specific use case in healthcare. Cross Enterprise Document Sharing (XDS) is such a profile which defines the way of sharing Electronic Health Records (EHR) between healthcare enterprises. In this thesis, IHE Cross Enterprise User Authentication, IHE Node Authentication and Audit Trail, IHE Basic Patient Privacy Consent profiles are implemented based on the IHE XDSimplementation by National Institute of Standards, USA. Furthermore, some of the unspecified issues related with these profiles are clarified and new techniques are offered for their implementations. One of the contribution of the thesis is to use OASIS Extensible Access Control Markup Language (XACML) to define patient consent policies and manage access control. Other technologies and standards that are used in the implementation are as follows; OASIS Security Assertion Markup Language (SAML), XML Signature, Mutual Transport Layer Security (TLS), RFC 3195 Reliable Delivery for Syslog, RFC 3881 Security Audit and Access Accountability Message XML Data Definitions.