The goal of the project is to develop an approach to the problem of security and privacy for eHealth applications based on policy-driven security services. The project achieves its goal using the following approaches: (1) Develop an architectural framework supporting the interoperation of security services. The framework combines the service oriented architecture paradigm with the event-based model and also includes a context-management service; (2) Develop an identity management service based on the life-cycle of digital identities;(3) Develop an authentication service supporting multi-factor authentication policies;(4) Develop a privacy-aware role-based access control (RBAC) service able to support content-based authorization;(5) Develop policy modularization and policy activation/deactivation mechanisms to support emergency situations and the ''break-the-glass'' principle that are relevant for eHealth applications; and (6) Prototype the framework and the services and integrate them with a Web-based prototype of a Personal Health Record (PHR) management system being developed by one of the Co-PIs.
The results of the project will benefit the IT providers of eHealth solutions by offering enhanced architectural solutions for security and privacy, as well as insights about their complexity, their manageability and their interoperability. The results will provide useful insights for those eHealth IT providers wanting to evaluate the feasibility of the ''Software As A Service'' (SAAS) model for security and privacy, as well as for IT security managers of caregiver organizations. This project supports Ph.D and master students to pursue research in security architectures and services, and in advanced IT systems for eHealth. Several course modules will be developed based on the project results, including modules on: HIPAA - Security and Privacy Requirements; Security Architectures for eHealth; Security as a Service - Concepts, Architectures, and Techniques. Publications, technical reports, and software from this research will be disseminated via the project web site (www.cs.purdue.edu/homes/bertino/IIS-eHealth)