Patient portal, as the front-end of a huge amount of electronic medical records, is essential for ensuring the security and privacy of those medical records. However, development and deployment of patient portal is non-trivial, which may suffer from both common security issues of web-based applications and specific challenges regarding complex and dynamic policies in clinical environment. In this position paper, we select an open source EMR application OpenEMR and study its vulnerabilities. We propose a two-tier defense architecture for protecting web patient portal, which consists of three major components: BLOCK, SENTINEL and ORACLE. In particular, we abstract security policies specification and enforcement out of the implementation of patient portal, which allows for independent verification and configuration of security policies and checking, as well as transparent integration of new mechanisms.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
BibTeX
@inproceedings {179479,
title = {Protecting Web-based Patient Portal for the Security and Privacy of Electronic Medical Records},
booktitle = {3rd USENIX Workshop on Health Security and Privacy (HealthSec 12)},
year = {2012},
address = {Bellevue, WA},
url = {https://www.usenix.org/conference/healthsec12/workshop-program/presentation/Li},
publisher = {USENIX Association},
month = aug
}
Twitter
Facebook
LinkedIn
Google+
YouTube
connect with us