Electronic personal health record (PHR) is a citizen-centric information tool that allows citizens to control their personal information. However, an ideal PHR should also allow citizens to connect with their formal and informal caregivers (e.g. a family member, a caregiver) and together manage citizen health and social information. This introduces specific challenges in terms of security since multiple parties make entries and require access to PHR data. Since citizens are typically non-security and non-domain experts is considered impossible to control all this information. To this end, this paper presents a conceptual security framework for the employment of an attribute-based PHR access control policy that is continually updated according to providers' local security policies and individual professionals and citizen sharing preferences.
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
Tel.: +1 703 830 6300
Fax: +1 703 830 2300 firstname.lastname@example.org
(Corporate matters and books only) IOS Press c/o Accucoms US, Inc.
For North America Sales and Customer Service
West Point Commons
Lansdale PA 19446
Tel.: +1 866 855 8967
Fax: +1 215 660 5042 email@example.com