An electronic health record (EHR) is a repository for electronically stored data related to patient's health status and health care. An EHR System can provide functions to improve the quality and the efficiency of health-care delivery. There is an increasing demand for personal healthcare services such as remote patient monitoring. To enable such services, health data may be communicated to and from a patient's home. Health-related data is generally considered as private, which justifies the existence of legislation and well-established ethical principles such as Hippocratic Oath. To enable use of digital health data at home and sharing with third parties outside the hospital, the future healthcare infrastructure needs additional protection mechanisms that go beyond traditional access control.
Traditional security mechanisms provide an online centralized secure access solution for protection of sensitive health data. This solution fits well in the traditional centralized architecture of the healthcare infrastructures. However, the modern healthcare infrastructure is of a decentralized nature and the sensitive health data is frequently shared with different parties belonging to different security domains. Digital rights management (DRM) provides a solution to fulfill these additional needs of modern healthcare infrastructure. However, the DRM system should be interoperable with the access control system as these systems may be deployed in parallel.
“DRM and Access Control architectures interoperability” by Eva Rodríguez et al., at 50th International Symposium ELMAR-2008, 10-12 Sep. 2008, Zadar, Croatia, vol. 2, pp. 447-450, discloses a DRM architecture and an access control framework (ACF) architecture. The DRM architecture manages access by users to resources. A ‘broker’ provides interoperability between DRM and ACF access control rules, between digital objects and digital media, and between protection information associated to digital resources of both systems.