Distributed Policy Decision Points for Electronic Health Records

Abstract: The advancement in technology mandates the extensive use of computerized healthcare devices making Electronic Health Records (EHRs) the way to store the patient details. The EHR systems have high availability and security requirements for the storage database. DIGHT is a distributed key-value store architecture being developed at SICS addressing the problems of high availability and scalability, data integrity and confidentiality, accountability, EHR versioning and extensibility. This Master thesis addresses the authorization requirements of the EHR systems. eXtensible Access Control Markup Language (XACML) is a OASIS standard for general purpose access control policy language designed for managing the access for resources. All of the available open source implementation of Policy Decision Point(PDP) conforms to XACML version 2.0 and retrieves the policies from the traditional file systems. Sun open source implementation of PDP conforming to XACML 2.0 was evaluated. It was upgraded to conform with XACML 3.0 standards. The XACML Admin Profile for delegation was also implemented. The testing was carried out with a prototype application which accepts text sms from registered doctors through an sms gateway. The application was designed for adding new patient record, medical record to an existing patient and retrieving existing patient and medical records. The application generates the XACML Request and send it to the PDP for evaluation. The XACML policies for authorizing the doctors were stored in MySQL database clusters. The PDP evaluates the request and send the XACML Response back to the application. The application processes the response and send appropriate reply to the sender. Performance evaluation was carried out with policies stored in database clusters. The thesis also discusses about the possible future enhancements like implementing XACML profile for SAML assertions, implementing the Policy Information Point to fetch attributes.