“I hereby declare that I have read this project and in my

opinion this project is sufficient in terms of scope and quality for the

award of the degree of master of computer science (information security)”

Signature : ...................................................

Name of Supervisor : DR IMRAN GHANI

Date : JUNE 10, 2012

ONTOLOGY DRIVEN PRIVACY ACCESS CONTROL FOR HEALTHCARE

INFORMATION SYSTEM

AIDARUS MOHAMED IBRAHIM

A project submitted in partial fulfillment of the

requirements for the award of the degree of

Master of Computer Science (Information Security)

Faculty of Computer Science and Information Systems

Universiti Teknologi Malaysia

JUNE 2012

ii

I declare that this project entitled “Ontology Driven Privacy Access Control For

Heathcare Information System” is the result of my own research except as cited in the

references. The project report has not been accepted for any degree and is not

concurrently submitted in candidature of any other degree.

Signature : ....................................................

Name : Aidarus Mohamed Ibrahim

Date : June, 2012

iii

“Dedicated to my beloved family and friends, without their understanding,

supports, and most of all love, the completion of this work would not have been

possible.”

iv

ACKNOWLEDGEMENT

I would like to express my gratitude to Allah for providing me the blessing to

complete this work. Hence, I am deeply grateful to my supportive and helpful

supervisor Dr Imran Ghani for assisting and guiding me in the completion of this

project. With all truthfulness, without Allah then his support, this project would not

have been a completed. Imran Ghani has always been my source of motivation and

guidance. For that, I am truly grateful for his continual support and cooperation in

assisting me all the way through the semester.

My thanks also extend to my friends, for their enlightening companionship

and encouragement of trudging through all the moments from down to up the hill in

the run to complete Master Project. I would not have done it without the help and

motivation from all of them.

To my family, no words can describe my gratefulness for always being

there despite of the distance. They have showered me with love and compassion and

enrich my life like no other. They are the source of comfort and kept me focus the

priorities in life and therefore, this work is dedicated to them.

v

ABSTRACT

Ontologies are common definitions for entities. As ontologies are needed for

the standardization of the definition of different terms; they are also important for the

understanding of healthcare applications by machines. Sharing the information

brings for some security needs like privacy and access controls in healthcare. Hence,

effective mechanisms are needed to ensure the privacy of healthcare information

system. Developing a privacy access control model is essential for healthcare

information system. So far many privacy access control models have been developed to

protect the patient’s medical records. This study is set out to consider different privacy

access control model by looking their advantage and drawbacks. Pusat Kesihatan UTM

has been chosen as the particular small-medium hospital to explore the problems in the

patient’s privacy to experiment the type of privacy access control model used. This is

where the project comes in to; to study the current information system at UTM Clinic

and to propose complete Privacy access control model to support the users involved in

the system as well as keep patient’s medical records protected. Qualitative method is

used to get needed information and study the current situation of information system at

the clinic. Internal interview was carried out with the TISMA (Total Information for

Medical Administration) administrator to understand the Weaknesses of the current

system within the clinic and also to recognize the expectations of system administrator

TISMA. Through the analysis of different privacy access controls, this project comes up

with policy ontology based privacy access control model which presents three aspects of

healthcare Information system that include rights, ontology representation and Rei

policy specification. Finally a prototype has been implemented to generate the result.

vi

ABSTRAK

Ontologies adalah definisi biasa bagi entiti. Sebagai ontologies

diperlukan untuk penyeragaman takrif syarat-syarat yang berbeza; mereka juga

adalah penting untuk memahami aplikasi penjagaan kesihatan oleh mesin. Berkongsi

maklumat yang membawa beberapa keperluan keselamatan seperti kawalan privasi

dan akses dalam penjagaan kesihatan. Oleh itu, mekanisme yang berkesan diperlukan

untuk memastikan privasi sistem maklumat penjagaan kesihatan.Membangunkan

model kawalan akses privasi adalah penting untuk sistem maklumat penjagaan

kesihatan. Setakat ini banyak model privasi kawalan akses telah dibangunkan untuk

melindungi rekod perubatan pesakit. Kajian ini dibentangkan untuk

mempertimbangkan model kawalan akses privasi yang berbeza dengan melihat

kelebihan dan kelemahan mereka. Pusat Kesihatan UTM telah dipilih sebagai

hospital kecil dan sederhana untuk meneroka masalah dalam privasi pesakit menguji

jenis model kawalan akses privasi yang digunakan. Ini adalah di mana projek itu

akan masuk untuk mengkaji sistem maklumat semasa di Klinik UTM dan

mencadangkan model kawalan Privasi akses lengkap untuk menyokong pengguna

yang terlibat dalam sistem seperti juga menyimpan rekod perubatan pesakit yang

dilindungi. Kaedah kualitatif digunakan untuk mendapatkan maklumat yang

diperlukan dan mengkaji situasi semasa sistem maklumat di klinik. Temuduga

dalaman telah dijalankan dengan pentadbir TISMA untuk memahami kelemahan

sistem semasa di dalam klinik dan juga mengiktiraf jangkaan pentadbir sistem

TISMA. Melalui analisis kawalan akses privasi yang berbeza, projek ini datang

dengan dasar privasi kawalan berasaskan ontologi model akses yang membentangkan

tiga aspek sistem Maklumat penjagaan kesihatan yang termasuk hak, perwakilan

ontologi dan spesifikasi dasar Rei. Akhirnya prototaip telah dilaksanakan untuk

menjana hasil.

.

vii

TABLE OF CONTENTS

CHAPTER TITLE PAGE

DECLARATION ii

DEDICATION iii

ACKNOWLEDGEMENTS iv

ABSTRACT v

ABSTRAK vi

TABLE OF CONTENTS vii

LIST OF TABLES xii

LIST OF FIGURES xiii

LIST OF ABBREVIATION xvi

LIST OF APPENDIX xvii

1 INTRODUCTION

1.1 Introduction 1

1.2 Problem Background 3

1.3 Problem Statement 4

1.4 Project Objective 4

1.5 Project Scope 5

1.6 Significant of the Project 5

1.7 Report Organisation 6

2 LITERATURE REVIEW

2.1 Introduction 8

2.2 Healthcare Information System Overview(HIS) 9

2.2.1 Personal Healthcare Record(PHR) 10

viii

2.2.2 Electronic Healthcare Record(EHR) 10

2.2.3 Electronic Medical Record(EMR) 11

2.2.4 Relationships of PHR,EHR and EMR 12

2.3 Privacy and Confidentiality in HIS 13

2.4 Access Controls 14

2.4.1 Discretionary Access Control(DAS) 14

2.4.2 Mandatory Access Control(MAC) 18

2.4.3 Role Based Access Control 20

2.5 Ontology in Healthcare 22

2.5.1 Existing Healthcare Ontology 23

2.5.2 Web Ontology Language(OWL) 26

2.5.3 Policy Specification For Ontology based in 27

2.5.4 Related Studies in Healthcare Privacy 33

2.6 Comparative Study of Access Controls in Healthcare 34

2.7 Chapter Summary 37

3 PROJECT METHODOLOGY 38

3.1 Introduction 38

3.2 Operational Framework 38

3.2.1 Phase 1 40

3.3.2 Phase 2 41

3.3.3 Phase 3: 41

3.3 Case Study 42

3.4 Software Prototyping 43

3.5 Hardware and Software Requirements 43

3.5.1 Software Requirement 44

3.5.2 Hardware Requirement 45

3.6 Chapter Summary 45

4 PROPOSED MODEL DESIGN 46

4.1 Introduction 46

4.2 The Current System 47

4.2.1 Organisational Analysis 48

ix

4.2.2 Pusat Kesihatan UTM Mission 48

4.2.3 Pusat Kesihatan Objectives 48

4.2.4 Pusat Kesihtan UTM Services 49

4.3 Patient handling process in Pusat Kesihatan UTM 51

4.3.1 ICT in Puat Kesihtan UTM(TISMA) 53

4.4 Hierarchy Role Based Access Control in TISMA 56

4.4.1 Use Case Diagram In TISMA 57

4.4.2 Activity Diagram in TISMA 58

4.5 Proposed Model 59

4.5.1 Model Components 60

4.6 Chapter Summary 64

5 PROTOTYPE IMPLEMENTATION 65

5.1 Introduction 65

5.2 Rights 66

5.2.1 Authentication 66

5.2.2 Assignment 67

5.2.3 Permission 68

5.2.4 Roles 69

5,2.5 Operations 70

5.2.6 Tasks 71

5.3 Ontology Based Information Retrieval for Patient’s Information

72

5.4 Policy Specification 75

5.4.1 Requirement Policy Specification 76

5.4.2 Rei Policy Specification 77

5.4.3 Rei Policy Specification inTISMA 78

5.5 Chapter Summary 83

6 CONCLUSION AND RECOMMENDATION 84

6.1 Introduction 84

6.2 Developing the model 84

6.3 Evaluating the Value of the Study 85

x

6.3.1 Project’s First Objective 85

6.3.2 Project’s Second Objective 86

6.3.3 Project’s Third Objective 86

6.4 Review of the Study 87

6.5 Recommendation for Future Work 88

REFERENCES

89

APPENDIX A 92

xi

LIST OF TABLES

TABLE NO TITLE PAGE

2.1 Difference between EMR and EHR 11

2.2 Examples of Access Control Matrix 15

2.3 Summary of different Models and Frameworks 31

2.4 Evaluation of Access Control Methods in Healthcare System 36

3.1 Software Requirement 44

5.1 Rights Module 60

xii

LIST OF FIGURES

FIGURE NO TITLE PAGE

2.1 Literature review Structure 9

2.2 Relationship Between PHR,EMR and EHR 13

2.3 Access Control List 17

2.4 Capability List 16

2.5 Controlling Information Flow of Access Control 19

2.6 RBAC Relationship 20

2.7 Example of Functional Role Hierarchy 21

2.8 Framework for Development of Cardiovascular Decision 24

2.9 Framework for medical Information Integration 25

2.10 Architecture of the proposed Model 26

3.1 Operational Framework 39

3.2 System prototyping 42

3.3 Evolutionary Prototyping 43

4.1 Representation the various services for UTM Clinic 47

4.2 Patient handling in Pusat Kasihatan 49

4.3 TISMA Architecture 50

xiii

4.4 Role Hierarchy 51

4.5 Role hierarchy RBAC in TISMA System 52

4.6 Administrator Activity in TSIMA system 53

4.7 User Accessibility of Patient Records 54

4.8 Use Case Diagrams for TISMA 55

4.9 Activity Diagram Login System in TISMA 56

xiv

LIST OF APPENDIXES

APPENDIX TITLE PAGE

A Rights Code 92

B Ontology File 94

C Rie policy Specification 102

1

CHAPTER 1

INTRODUCTION

1.1 Introduction

In recent years, advanced technologies that enable organizations to collect,

store and manage massive amounts of data in digital form have been developed.

Sometimes, the data maintained within an organization's databases is considered to

be confidential. This is the case for patient health records, which may hold sensitive

information. In such cases, the organization is responsible for establishing a data-

access policy in order to maintain privacy.

Currently, healthcare services are moving from paper-based to electronic

version of record king system (SCIMP, 2006).As medical personnel need to

document increasing volumes of information as patients receive increasingly

complex care involving a range of data from the intensive examinations and

treatments paper-based systems are not sufficient to cope with this revolutionize.

While technology advancements are available to transform healthcare record keeping

in many positive ways, Privacy control of HIS pose unique concern. Healthcare

records use to be considered private matter between the doctor and the patient.

However, with the continuous growth of the organization who involved the in the

healthcare maintenance, doctor nowadays are required to share these records with

third party. Hence, health records are someway perused employers insurance

companies and drug manufacturing companies. Since patient records contain

sensitive information such as insurance number, social security number past drug use

2

or genetic predisposition to various diseases, it is very important it is very important

to prevent unauthorized access to these private and confidential data.

Commonly, some hospitals many people can have access to healthcare

information system (HIS).Anyone from nursing staff to the lowest technicians can

have look at those records. Therefore, a serious question is how completely is the

patient’s records is kept from unauthorized eyes from seeing medical records

unnecessary? As medical records aggregated into electronic databases, there is

mounting concern will have even more access to these records and these situations

might threat to confidentiality of personal health information (Fratini, 2007).

In fact, modern electronic health records contain extremely personal and

sensitive information regarding not only health history but also the dietary habits,

sexual orientation, sexual activities, employment status, income, eligibility for public

assistance and family history of a patient (Choi,Capitan, Krause, &Streeper,

2006).Patients understand the importance of retaining medical information to support

and improve the delivery of health care even when they recognize both the sensitive

nature of the collected data and the fact that information contended by computerized

health information system becomes more accessible to health professionals,

administrative and medical staff, and third parties (Conrick& Newell,2006). Patients

expect secure health information systems in which personal data is protected and any

disclosed information would be used only for health care purposes (Grain, 2006).

Security and privacy are thus increasing imperative for data and information

so privacy related issues include building design for privacy issue include

implementation privacy policy related.

Due to the importance for the patient’s medical information and its privacy,

healthcare information system must have privacy access controls which can enhance

the functionality and trustworthiness between the patients and the healthcare

information system staff. Otherwise, patient will worry about their information and

this may decrease the satisfaction between the doctors and patients.

3

First of all, in this thesis various models related to privacy access control for

healthcare information system (HIS) is discussed.

1.2 Background of the Problem

In a shared care environment, different health care units (HCU) are involved

in the care process as well as in maintaining accurate medical records. Indeed, in

modern healthcare environments different care services are offered by different HCU

within the organization or in a healthcare network that involves multiple

organizations. This requires the communication and cooperation among all actors

involved in the administration of patients care (Choi, et al., 2006).Internet turns into

a natural environment for such functionalities by allowing the exchange of EHRs and

the interconnection of medical applications, thus facilitating better management of

medical services as well as faster treatment of patients (Gritzalis and

Lambrinoudakis, 2004).

As in paper-based health records, physicians have an ethical obligation of

protecting patient information in order to prevent potential harm to an individual.

Nevertheless, the nature of her/his transformed the duty of physician-patient

confidentiality to a complex task. Despite thepersonal nature of health records, EHRs

make patient’s information potentially available to anyone with access to a health

information system (Anderson, 2007).

Therefore, the responsibility of protecting patient privacy has moved from an

individual/local responsibility to a duty shared among the different entities that share

the information. This tendency is altering the preexisting conception of the doctor–

patient confidentiality and is threatening the quality of health care (Choi,et al., 2006).

These apprehensions are also shared by the public whose primary concern is security,

4

privacy, confidentiality and protection of their personal health information

(Goldschmidt, 2005,Rash, 2005).

As an attempt to explore the problems related privacy access control for

healthcare information system, this research will focus on particular small-medium

hospital named UTM Clinic.

In this project, it has been emphasized the patient’s information privacy by

combining the suitable mechanisms to provide the patients high quality of medical

services as well as keeping his information as private. Only those who have the

suitable permission can access the system. Policy Ontology based privacy access

control model have been proposed, to validate the model a prototype has been

implemented.

1.3 Problem Statement

Clearly, it is very crucial point to understand the users who want to access the

patient’s information and related access controls. The different roles for healthcare

Information system users in UTM Clinic are different from doctor to nursing staffs.

To enhance the degree for privacy control in healthcare information system (His) in

UTM Clinic we proposed policy ontology driven privacy access control model. The

main problem is “Who can access the patient’s medical records?”We have analyzed

the categories of users Doctors and Nurses such with the read/write privileges in

UTM clinic that can only view the records but also can edit.

5

1.4 Project Objectives

The objectives of the project include:

To study the current UTM Clinic information system privacy control.

To propose policy ontology based model for privacy control for healthcare

information system.

To develop prototype for policy ontology based privacy access control.

1.5 Scope of the Project

These are the important scopes which define the boundary of the project:

This project looks at the healthcare system privacy control recognized in

UTM Clinic and their existing system and the type of privacy access

control model are used.

This study focuses on analyzing the current status for the user privilege to

access patient’s information at UTM Clinic.

1.6 Significance of the project

The significance of the healthcare information system is paramount as it

utilizes technology to provide added convenience to our daily lives. In the past, a

patient would have to wait as the doctor and nurses retrieved their paper medical

records. Now, doctors have instant access to our medical records with just click of

mouse. However, the challenge of implementing of healthcare information system is

the protecting the patient’s privacy of the medical records. The consequences are

great if the medical records if the medical records are leaked to outsiders. In here, we

proposed model for Privacy control at UTM Clinic to ensure the right user who can

6

access the system completely or partially by giving some certain privileges. This

thesis contributes to the following factors:

Helping Database administrators in hospitals to understand Patient’s

privacy and their roles as well as the way they can be adequately

supported by information and communication technology.

Supporting the Database administrators to control the privacy better in

HIS

Improving privacy access control for Patient’s privacy.

1.7 Report Organization

The project contains six chapters. The chapters are organized according to

the different work involved in this study. The detailed organization of the report

is described in the following paragraphs. This section gives highlight the way

different chapters are organized.

Chapter 1 describes a general outline of the project by giving a brief

overview and the problem of the project. Statements of the objectives and aims

of the project were presented. The scope and significance of the project have also

stated. The project will be successfully achieved by successful developing these

objectives and aims of the project.

Chapter 2 contains the review of the literature and the related the works

done by the authors; it highlights the policy ontology based access controls in

healthcare system. The author presented deeply by citing comparative study

related in this project. The author identified the gap and proposed a model.

Chapter 3 highlighted the Methodology operational framework. This

framework consists of three phases .the first phase contains the literature review

and case study used for data collection. The second phase covers the proposed

7

model and its implementation. The last phase outlines the project report writing

and presenting the project.

Chapter 4 discussed a study related the current system in UTM Clinic.

The author carried out real case study about the access controls in UTM clinic

and the classification of user in the clinic based on the permission when

accessing the system. The author met face to face the system administrator in

TISMA system and interviewed the existing access controls practiced in TISMA

system. After being understood the problem which is the output of the case study.

The author proposed model which is designed based the results from the

interview. The components of the proposed model also discussed in this chapter.

Chapter 5 focuses on the prototype implementation by generating the

expected result. In this chapter, the modules which are the building blocks of this

model have been produced and drawn their result. In here, the author produced

three various results based on the modules on the model. Such as first module

which is permissions, tasks, roles, assignments, operations. While the second

module contains ontology representation based UTM Clinic. The final module

contained the Rei policy specifications for management of the privacy access

control.

Chapter 6 looks at the conclusion and the recommendations, as well as the

judgment whether or not the objectives of the study are met.

89

REFERENCES

A. Toninelli, R. Montanari, L. Kagal, O. Lassila, Proteus.(2007). A Semantic Context-

Aware Adaptive PolicyModel, IEEE Intl Workshop on Policies for

Distributed Systems and Networks. 129-40.

Bandar S. Alhaqbani.(2010). Privacy and Trust Management for Electronic Health

Records. Doctor Philosophy. Queensland University of Technology Brisbane,

Australia.

B. Shields, O. Molloy, G. Lyons, J. Duggan(2006). Using Semantic Rules to

Determine Access Control for WebServices.Proc 15th Intl Conference on

World Wide Web (WWW 2006), (2006) 913-914.

B. Shields, O. Molloy, G. Lyons, J. Duggan, Using Semantic Rules to Determine

Access Control for WebServices, Proc 15th Intl Conference on World Wide

Web (WWW 2006), (2006) 913-914.

C. Wolter, M. Menzel. A. Schaad, P. Miseldine, and C. Meine(2009). Model driven

business process security requirements specification.Journal of Systems

Architecture.

D. F. Ferraiolo, D. R. Kuhn and R. Chandramouli(2003). Role-Based Access

Control.Artech House, 2003.

Engelbrecht Rolf, Geissbuhler A., Lovis C (2005). Connecting Medical Informatics

and Bio-informatics: Proceedings of MIE2005: the XIXth

International

Congress of the European Federation for Medical Informatics. IOS

Press.

90

Eukleenjungko, Hyungji and jeun woo lee( 2007). Ontology and CDSS based

intelligent health data management in healthcare server”.

Farooq, K.; Hussain, A.; Leslie, S.; Eckl, C.; Slack W(2011)..Pervasive Computing

Technologies for Healthcare (PervasiveHealth), 2011 5th International

Conference on Publication Year: 2011 , Page(s): 283 – 286.

G. Brox(2005). MPEG-21 as an access control tool for the National.Health Service

Care Records Service", Journal ofTelemedicine and Telecare, volume 11, pp.

23-25.

H. L. Sollins(2008). HIPAA privacy guides for providers and patients,Geriatric

Nursing.

ISO(2005).Electronic Health Record—Definition, Scope and Context. International

Organization for Standardization 2005.

J. B. D. Joshi, W. G. Aref, A. Ghafoor, and E. H(2001), Spafford. Security models

forweb-based applications. Communication of the ACM, 44(2):38–44.

L. Zhang, G. Ahn, and B.-T. Chu (2001). A Rule-based framework for role based

delegation, In Proceedings of the 6th ACM symposium on Access control

models and technologies Chantilly, Virginia, USA.

L. Kagal, C. Hanson, D.Weitzner(2008). Using dependency tracking to provide

explanations for policy management, in IEEE Policy.

M. Evered and S. Bögeholz(2004). A case study in access control requirements for a

health information system. Proceedings of the 2nd Australasian information

security workshop (AISW2004), Dunedin.

NJBM Zaizi (2007). A Study Of Security And Privacy Issues In Hospital Record

Management System.

Rui Zhang and Ling Liu.(2010).Security Models and Requirements for Healthcare

Application. Information Technology and Applications in Biomedicine (ITAB),

2010 10th IEEE International Conference on , vol., no., pp.1-4, 3-5 Nov. 2010

Clouds.

R. S. Sandhu and P. Samarati.(1994). Access control: Principles and practice.

IEEECommunications Magazine, 32(9):40–48, 1994.

91

R. Studer, V. R. Benjamins, and D. Fensel(1998).Knowledge engineering: principles

and methods. Data Knowl.Eng., vol. 25, no. 1–2, pp. 161–197, 1998.

R. Dieng-Kuntz, D. Minier, M. Ruzicka, F. Corby, O. Corby, and

L.Alamarguy.(2006). Building and using a medical ontology for

knowledge management and cooperative work in a health care

network.Comput. Biol. Med.,vol. 36, no. 7–8, pp. 871–892.

T. Strang and C. Linnhoff-Popien,(2004), Context modeling survey. InProc.

Workshop Adv. Context Model., Reason. Manage. (UbiComp

2004),Nottingham, England, 2004.

T. Finin, A. Joshi, L. Kagal, J. Niu, R. Sandhu, et al, ROWLBAC (2008).

Representing Role Based Access Controlin OWL, Proc 13th Symposium on

Access controls Models and Technologies (2008) 73-82.

V. Hu, D. Ferraiolo, and D. R. Kuhn.(2006). Assessment of access control systems.

Technical Report NISTIR-7316, National Institute of Standards and

Technology.

Valls, K. Gibert, D. S´ancheza, and M. Bateta(2010). Using ontologies for structuring

organizational knowledge in Home Care assistance,” Int. J. Med. Inform., vol.

79, no. 5, pp. 370–387, 2010.

X. H.Wang, D. Q. Zhang, T. Gu, H.K. Pung, and H. K.(2004), “Ontology based

context modeling and reasoning using OWL,” in Proc. 2nd IEEE

Conf.PervasiveComput. Commun. Workshops, 2004, pp. 18–22.