Protecting patient privacy in distributed collaborative healthcare environments by retaining access control of shared information.

Access control and privacy policies change during the course of collaboration. Information is often shared with collaborators outside of the traditional “perimeterized” organizational computer network. At this point the information owner (in the legal data protection sense) loses persistent control over their information. They cannot modify the policy that controls who accesses it, and have that enforced on the information wherever it resides. However, if patient consent is withdrawn or if the collaboration comes to an end naturally, or prematurely, the owner may be required to withdraw further access to their information. This paper presents a system that enhances the way access control technology is currently deployed so that information owners retain control of their access control and privacy policies, even after information has been shared. [ABSTRACT FROM PUBLISHER]