Web-based secure access from multiple patient repositories

Abstract

BACKGROUND: Internet-based health-record management requires not only the provision of strong data protection to prevent privacy intrusion and unauthorized access, but also the introduction of a common healthcare-record format to allow cooperation using heterogeneous repositories held at various hospitals.

METHODS: A secure multi-agent architecture is proposed for accessing healthcare information through the Internet from multiple heterogeneous repositories. The proposed system is organized into a four-tier architecture that consists of client applications, a central access-control system, local access-control systems, and hospital information systems. The eXtensible Markup Language (XML) and the role-based access-control (RBAC) system are combined for efficient repository management by providing methods for access-control, information exchange, user authentication, data integrity, and selective encryption.

RESULT: A multi-agent architecture using XML and RBAC can interconnect heterogeneous repositories with different formats and different hospital policies, and allow them to communicate securely. The authorized client, having confirmed access privileges, can retrieve the requested healthcare data in an XML-based common data format with embedded confidentiality.

CONCLUSION: The proposed method for Internet-based exchange of patient data is particularly useful for cooperative healthcare and the creation of lifetime healthcare records.