|
Title:
|
ROLE-BASED ACCESS CONTROL FOR CLOUD COMPUTING REALIZED WITHIN HAPI FHIR |
|
Author(s):
|
Mohammed Baihan, Steven Demurjian, Yaira Rivera Sanchez, Adam Toris, Amy Franzis, Angela Onofrio, Geoffrey Cheng and Thomas Agresta |
|
ISBN:
|
978-989-8533-69-2 |
|
Editors:
|
Pedro Isaías and Hans Weghorn |
|
Year:
|
2017 |
|
Edition:
|
Single |
|
Keywords:
|
Cloud services, Access control, RBAC, Health information exchange, Security, HAPI FHIR |
|
Type:
|
Full Paper |
|
First Page:
|
3 |
|
Last Page:
|
14 |
|
Language:
|
English |
|
Cover:
|
|
|
Full Contents:
|
click to dowload 
|
|
Paper Abstract:
|
Cloud computing provides services in the cloud to be utilized by mobile apps/users and businesses and is required in critical domains such as healthcare. Specifically, the Meaningful Use Stage 3 guidelines require cloud services to enable health-related information to be available for patients and medical providers via mobile apps that access, modify, and exchange data from multiple health information technology (HIT) systems. These HITs may: operate with cloud services, programming services, or web services; use different cloud service providers; and, employ alternate access control techniques in which mobile app developers are required to interact with many heterogeneous systems and platforms. This paper proposes role-based access control for cloud computing (RBACCC) for multiple HITs to register cloud, programming, and web services, where said services are unified into a global set of cloud services controlled via definition/enforcement. A new HIT system joining the cloud must map their services to existing global services. As a result, mobile developers can more easily interact with a unified global API to access multiple HITs. To demonstrate RBACCC, we utilize the Fast Healthcare Interoperability Resources (FHIR) standard, that models healthcare data with resources in JSON and CRUD RESTful APIs to track a patients clinical findings, problems, allergies, etc.; this is via a proof-of-concept prototype: the Concussion Tracker mobile app for K-12 students; the ShareMyHealth mobile app for fitness data; and, the OpenEMR and MyGoogle HITs that have FHIR APIs utilizing the HAPI FIR implementation. |
|
|
|
|
|
|
