Security / Privacy as a Service

• Based on Service Oriented Architecture (SOA) / Web Services principles
• Application: web-based Personal Health Record (PHR)
• Patients control data -- “data ownership”
• Patients indicate access levels
• Patients maintain data
• Use of RBAC in heterogeneous eHealth systems
• Goal: Interoperability + Security & Privacy
• Identity Management, Authentication, Access Control, etc.

SOA approach to Security & Privacy

• Policy-based security services
• Event-based model to complement SOA paradigm
• Service Classes
• Digital Identity management services
• Authentication management services
• Access Control services
• e-Consent and privacy protection
• Patient and Provider roles
• Service classes and Auditing: HIPAA compliance