Storage of medical record information in electronic format and the sharing of this information among different health care organizations have the potential to produce enormous improvements in health care systems' quality and efficiency. At the same time, the proliferation and sharing of electronic medical records present serious risks, due to the extremely sensitive nature of the information. The goal of this project is to develop new techniques for the storage, maintenance, and control of sensitive data that permit open sharing among legitimate users while protecting the data against unauthorized use and disclosure.
The research in this project has two components: (1) a new approach to information protection referred to as cross-layer identity and access management (IAM), and (2) research on health system needs and usability issues. Cross-layer IAM research investigates an architecture and mechanisms in which access control and other security-related functions are tightly coordinated between different information access layers of the complex software stack that is present in health care environments; including secure storage, logical data access, and application layers, and finally the application presentation layer in the end devices employed by users to access the system. In the second project component, health systems are being studied to identify and define roles, access requirements, and common use-case scenarios within a representative health care organization.
The project will have a number of broader impacts. Healthcare organizations will be actively engaged, through the participation of Children's Healthcare of Atlanta, and through outreach to other organizations in this sector. New courses that cover security for healthcare IT systems will also be developed and offered to students in existing graduate programs in information security and health systems.