Ontalogy driven privacy access control for healthcare information system

Abstract

Ontologies are common definitions for entities. As ontologies are needed for the standardization of the definition of different terms; they are also important for the understanding of healthcare applications by machines. Sharing the information brings for some security needs like privacy and access controls in healthcare. Hence, effective mechanisms are needed to ensure the privacy of healthcare information system. Developing a privacy access control model is essential for healthcare information system. So far many privacy access control models have been developed to protect the patient’s medical records. This study is set out to consider different privacy access control model by looking their advantage and drawbacks. Pusat Kesihatan UTM has been chosen as the particular small-medium hospital to explore the problems in the patient’s privacy to experiment the type of privacy access control model used. This is where the project comes in to; to study the current information system at UTM Clinic and to propose complete Privacy access control model to support the users involved in the system as well as keep patient’s medical records protected. Qualitative method is used to get needed information and study the current situation of information system at the clinic. Internal interview was carried out with the TISMA (Total Information for Medical Administration) administrator to understand the Weaknesses of the current system within the clinic and also to recognize the expectations of system administrator TISMA. Through the analysis of different privacy access controls, this project comes up with policy ontology based privacy access control model which presents three aspects of healthcare Information system that include rights, ontology representation and Rei policy specification. Finally a prototype has been implemented to generate the result.