2010 Feb 17 at 10:30
DC 1304
Rafae Bhatti, Oracle, U.S.A.
With the adoption of Electronic Medical Records (EMRs), an increasing number of health-related Web applications is now available to consumers, providers, and partners. While this transformation offers huge benefits, there are security and privacy concerns integral to the process of electronic healthcare delivery. In this talk, we first survey the body of evidence to emphasize the design of appropriate security solutions for electronic healthcare applications. The successful solutions will always comply with the prime directive of healthcare - `nothing should interfere with delivery of care'. We then formally present the problem of reconciling security and privacy policies with the actual healthcare workflow, which we refer to as the policy coverage problem. We outline a technical solution to the problem based on the concept of policy refinement, and develop a privacy protection architecture called PRIMA. We also offer guidelines for electronic healthcare applications to ensure adequate policy coverage. The ultimate goal is that electronic healthcare applications should be made secure without compromising usability.
Bio.: Rafae Bhatti is currently a Senior Member of Technical Staff at Oracle, USA. He received his PhD degree in Computer Engineering from Purdue University in 2006. His PhD research is in the area of information systems security, in particular access management in federated systems and specification of XML-based security protocols for Web-based information systems. Before joining Oracle, he worked as a post-doctoral researcher at IBM Almaden Research Center. His recent work focuses on designing privacy and security technologies for application in the healthcare delivery, and reducing the gap between stated privacy policies and actual levels of compliance and privacy protection provided to the consumers. His work on XML-based access control framework for the Role-Based Access Control (RBAC) model has been cited by the OASIS consortium in their official announcement of the RBAC standard. He is a member of the ACM and the IEEE.