Towards the Security and Privacy Analysis of Patient Portals

TitleTowards the Security and Privacy Analysis of Patient Portals
Publication TypeJournal Article
Year of Publication2007
AuthorsMathe, J., S. Duncavage, J. Werner, B. A. Malin, A. Ledeczi, and J. Sztipanovits
JournalSpecial Interest Group on Embedded Systems Review (SIGBED)
Volume4 (#2)
Date Published04/2007
Type of ArticleACM

Clinical information systems (CIS) significantly influence the quality and efficiency of health care delivery. However, CIS are complex environments that integrate information technologies, human stakeholders, and patient-specific data. Given the sensitivity of patient data, federal regulations require healthcare providers to adopt policy, as well as technology, protections for patient data. Ad hoc system design and implementation of CIS can cause unforeseen and unintended privacy and security breaches. The introduction of model-based design techniques combined with the development of high-level modeling abstractions and analysis methods provide a mechanism to investigate these concerns by conceptually simplifying CIS without losing expressive power. This work introduces the Model-based Design Environment for Clinical Information Systems (MODECIS) - a graphical design environment that assists CIS architects in formalizing CIS systems as well-defined services. MODECIS leverages Service-Oriented Architectures to create realistic system models at an abstract level. By modeling CIS using abstractions, we enable the analysis of legacy architectures, as well as the design and simulation of, future CIS. We present the feasibility of MODECIS via modeling certain functions, such as the authentication process of the MyHealth@Vanderbilt patient portal.

Mathe-ACM.SIGBED.07-Towards.Analysis.pdf374.36 KB