Policy based Electronic Medical Record System

Abstract

Even before current social network and cloud computing booms, people identified their medical record information as a key private data source has to be protected with proper systems and procedures. At present, vast publicity received on adverse affects on privacy critical data in both social networks and cloud computing, and that always raise concerns on medical record systems too; most of the time medical record systems have more privacy critical information than aforementioned environments. A main reason for incapability of protecting privacy other and general security requirements in applications are as they do not have proper security mechanisms in place which are suited for their application needs. OpenMRS is a well-known medical record system and our work describes a better way of handling access control in it. We describe a case study to evaluate whether better access control can be placed on OpenMRS using XACML. In addition to that, one of the goals of this work is to preserve existing fine-grained access control in the OpenMRS and extend it for the different needs. Prior to this work, OpenMRS is using a Role Based Access Control (RBAC) model to restrict user actions. RBAC gives administrative nightmare in large/dynamic systems with role explosion. Also existing access control mechanism add constraints on extension for different needs. In our implementation, we integrate standard XACML based components in to OpenMRS. Then evaluate our solution with several types of security polices, whether those policy types can be used with new implementation or not. Finally a generalization of our proposed solution presented to reuse it in other domains of enterprise applications.