Title: Business process management enabled compliance-aware medical record sharing

Authors: Jovan Stevovic; Jun Li; Hamid R. Motahari-Nezhad; Fabio Casati; Giampaolo Armellin

Addresses: Department of Information Engineering and Computer Science, University of Trento, Via Sommarive, 5, 38123, Trento, Italy; CRG – Centro Ricerche GPI, Via Ragazzi del '99, 13, 38123, Trento, Italy ' Hewlett Packard Laboratories, 1501 Page Mill Road, Palo Alto, CA 94304, USA ' Hewlett Packard Laboratories, 1501 Page Mill Road, Palo Alto, CA 94304, USA ' Department of Information Engineering and Computer Science, University of Trento, Via Sommarive, 5, 38123, Trento, Italy ' CRG – Centro Ricerche GPI, Via Ragazzi del '99, 13, 38123, Trento, Italy

Abstract: Data sharing about electronic health records (EHRs) across healthcare organisations is still a challenging task due to compliance requirements with regulatory policies that can vary across states and countries, and organisations' internal business requirements. Even when adopting the same regulatory policies, each organisation can interpret and implement these policies and requirements differently in its internal IT environments. This paper proposes a compliance-aware data management solution for EHR systems. It allows healthcare organisations to define their own security and regulatory compliance requirements for accessing and sharing healthcare data, and enables policy enforcement while sharing data with other organisations. The policy requirements are expressed in the form of business processes that govern the access and sharing of data between people and systems. The business process operations are mapped into low-level operations on internal and remote record stores and policy enforcement points. We have implemented a prototype system that supports the proposed approach and integrated it with OpenMRS, an open source electronic medical record system, using which we have defined and enforced some real-world regulations and organisations' policies for data sharing.

Keywords: electronic health records; EHRs; regulatory compliance; cross-organisation data sharing; business process execution; business process management; BPM; medical record sharing; healthcare technology; data management; security; open source.

DOI: 10.1504/IJBPIM.2013.056961

International Journal of Business Process Integration and Management, 2013 Vol.6 No.3, pp.201 - 223

Published online: 03 Oct 2013 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article