Ph.D. Proposal: Eugene Sanzi

Doctoral Dissertation Proposal

Title: Adaptive Trust Negotiation for Time-Critical Access to Healthcare Data

Ph.D. Candidate: Eugene Sanzi

Major Advisor: Dr. Steven A. Demurjian

Associate Advisors: Dr. Thomas Agresta, Dr. Bing Wang

Tuesday August 20, 2:00pm
Homer Babbidge Library 1947 Conference room

Abstract
The security of an application’s data is an important consideration when creating modern applications.  Users expected to have a need to access secure data undergo an explicit pre-registration process where an electronic identity (username, X.509 certificate, etc.) and a method of laying claim to the identity (password, public/private key pair, etc.) are created for the user. The user’s authorization information that determines what the user is allowed to access is associated with the electronic identity. However, there are emergent situations where a user may have a need to access data or services to which previous pre-registration is not possible because the future need for such data is unpredictable, such as an emergency room physician accessing the electronic health records (EHRs) of admitted patients. In this case, a request is sent to multiple health information technology (HITs) systems (many EHRs) that are all interacting with one another via health information exchange (HIE). The Fast Healthcare Interoperability Resource (FHIR) standard from HL7 facilitates HIE among EHRs via a server implementation such as HAPI FHIR.  In this situation, there is a need for a process where legitimate users (requestors such as medical personnel) can make requests to the resource providers (controllers such as EHRs or other HIT systems) in such a way that trust can be established between the requestor and controller automatically without introducing the need for slow human intervention, allowing the necessary data to be obtained for the requestor quickly, securely, and safely. We define trust as the ability for the requestors and controllers to ascertain that: the requestor and controller are connecting to the correct entities (neither is being impersonated), the requestor meets the conditions necessary to obtain the data, and that the requestor will handle the data properly and securely when it is obtained. In this proposal, we present a trust negotiation framework that allows trust to be established with automated techniques by extending and combining trust negotiation, attribute-based access control (ABAC), and a new trust profile. Additionally, the trust negotiation framework allows the data to be restricted using role-based access control (RBAC) and mandatory access control (MAC). Trust negotiation is used to establish trust by allowing the requestor and controller to alternate releasing secure credentials representing indications of trust, with the level of trust increasing between the requestor and controller with each exchange of credentials. These credentials form the basis of the attributes required for ABAC to decide access to a resource. The trust profile introduced in this proposal is a complete history of the user’s access to sensitive data that is utilized as a set of credentials during trust negotiation. During trust negotiation, the user chooses a subset of the trust profile, adds it to a digital wallet, and presents the digital wallet to the controller as proof that the user has been trusted to access sensitive data in the past. If the controller grants access to the user, the controller generates new credentials that the user receives and adds to the trust profile. The feasibility of this approach is demonstrated through a scenario in the healthcare industry, where healthcare professionals (doctors, nurses, insurance agents, public health officials, etc.) attempt to obtain authorization to healthcare data possessed by healthcare organizations, with whom there is no pre-existing relationship. Specificalloy will utilize a mobile health application for documenting and managing concussions that occur among K to 12 students by stakeholders that include parents, athletic trainers, coaches, nurses and administrators. We leverage health information exchange concepts, the FHIR standard, the HAPI FHIR server, a Velatura FHIR pit, and the OpenEMR open source electronic health record as the infrastructure within which the trust profiles and trust  negotiation are realized.