HealthPass: Fine-Grained Access Control to Portable Personal Health Records

At present, emerging possibilities for patients to access their health records or health information may potentially lead to changes within the current health care delivery system from an institution-centered to a patient-centered model and an electronic personal health record (PHR) may greatly influence such a shift. However, the use of PHRs does introduce specific challenges in terms of accidental disclosure of or malicious access to an individual´s health data. Hence a high level of security for data access is required due to the sensitivity and confidentiality of the health data in PHRs. In this paper, we present extensible models for defining and configuring fine-grained, role-based access control policies for XML-based portable personal health records using an extended digital certificate approach, called HealthPass which enables flexible and dynamic interactions without using a classical authorization and authentication approach like username and password.