Abstract
In this thesis we investigate the relationship of security, privacy, legislation, computational power in relation to Cross-Enterprise User Assertions (XUA), which allows us to develop the recommendations for the appropriate, architecture, functionality, cryptographic algorithms, and key lengths. The evolution of health records from paper to electronic media promises to be an important part of improving the quality of health care. The diversity of organizations, systems, geography,laws and regulations create a significant challenge for ensuring the privacy of Electronic Health Records (EHRs), while maintaining availability. XUA is a technology that attempts to address the problem of sharing EHRs across enterprise boundaries. We rely on NSA suite B cryptography to provide the fundamental framework of the minimum security requirements at the 128 bit security level. We also recommend the use of the National Institute of Standards and Technologys (NIST) FIPS 140-2 specification to establish confidence in the software's security features.
Library of Congress Subject Headings
Medical records--Data processing; Medical records--Access control; Data encryption (Computer science)
Publication Date
9-21-2012
Document Type
Thesis
Department, Program, or Center
Computer Science (GCCIS)
Advisor
Radziszowski, Stanisław
Recommended Citation
Rodzinka, Mark, "Cross-enterprise access control security for electronic health records: Technical, practical and legislation impact" (2012). Thesis. Rochester Institute of Technology. Accessed from
https://repository.rit.edu/theses/5528
Campus
RIT – Main Campus
Comments
Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works. Physical copy available through RIT's The Wallace Library at: R864 .R64 2012