United States [change]

	IBM Research
	IBM Research - Almaden
	IBM CS Research

Computer Science
Research Areas
Projects
People
Work with Universities
Honors
Publications
Events
News
Career Opportunities
Feedback


Related Links
	Almaden CS Storage Systems
	Worldwide Labs

PRIvacy Management Architecture (PRIMA)

Computer Science

Intelligent Information Systems project : PRIMA (PRIvacy Management Architecture)

In Healthcare today, there isn't necessarily a correlation between adoption of privacy policies and adequate patient privacy protection. The protection mechanisms in place at Healthcare entities are under-utilized, and often by-passed, in order to deliver care. Exception-based access, normally Break-The-Glass scenarios, is a general rule in Healthcare, rather than an infrequent occurrence.

This current state of affairs appears to put the patient at risk, to engender a false sense of privacy while purporting compliance with regulation, to undermine the notion of empowering the patient and to make consent to a policy is meaningless; as consent is no longer valid when the policy itself is not valid. In this context, the existence of a policy insignificant because it is not a genuine reflection of company’s privacy practices.

In this work we propose PRIMA, a PRIvacy Management Architecture for healthcare systems, which addresses this problem of the circumvention of policy. PRIMA utilizes the actual practices of the organizations (embodied in the audit logs) to perform policy refinement. The system's advantages are that: 1) it fits to the clinical workflow and does not require the workflow to fit to it, i.e. it does not impede the clinical workflow, 2) it enables precise (or rather more realistic) definitions of purposes, criteria for exception-based accesses and categories of authorized users, and 3) it enables improved privacy protection for the patient.

Team: Rafae Bhatti, Tyrone Grandison.

Publications

Claudio A. Ardagna, Sabrina De Capitani di Vimercati, Tyrone Grandison, Sushil Jajodia, Pierangela Samarati. "Regulating Exceptions in Healthcare using Policy Spaces". To appear in the Proceedings of the 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSEC) 2008. London, United Kingdom. July 2008.

Rafae Bhatti, Tyrone Grandison. Towards Improved Privacy Policy Coverage in Healthcare Using Policy Refinement". The Proceedings of the 4th VLDB Workshop on Secure Data Management 2007. Vienna, Austria, Sept 2007.

Tyrone Grandison, John Davis. "The Impact of Industry Constraints on Model-Driven Data Disclosure Controls". The Proceedings of the 1st International Workshop on Model-Based Trustworthy Health Information Systems (MOTHIS) 2007, Nashville, Tennessee. Sept 2007.

[ Intelligent Information Systems Home Page | Healthcare Informatics | CS at ARC ]

About IBM

Privacy

Contact