Access and Privacy Control for Healthcare Decision Support System: A Smart Medical Data Exchange Engine (SMDEE)

Imran Khan , Javed Rashid , Anwar Ghani , Muhammad Shoaib Saleem , Muhammad Faheem , Humera Khan

CAAI Transactions on Intelligence Technology ›› 2025, Vol. 10 ›› Issue (6) : 1616 -1632.

PDF (3840KB)
CAAI Transactions on Intelligence Technology ›› 2025, Vol. 10 ›› Issue (6) :1616 -1632. DOI: 10.1049/cit2.70077
ORIGINAL RESEARCH
research-article

Access and Privacy Control for Healthcare Decision Support System: A Smart Medical Data Exchange Engine (SMDEE)

Author information +
History +
PDF (3840KB)

Abstract

Secure and automated sharing of medical information among different medical entities/stakeholders like patients, hospitals, doctors, law enforcement agencies, health insurance companies etc., in a standard format has always been a challenging problem. Current methods for ensuring compliance with medical privacy laws require specialists who are deeply familiar with these laws' complex requirements to verify the lawful exchange of medical information. This article introduces a Smart Medical Data Exchange Engine (SDEE) designed to automate the extracting of logical rules from medical privacy legislation using advanced techniques. These rules facilitate the secure extraction of information, safeguarding patient privacy and confidenti-ality. In addition, SMDEE can generate standardised clinical documents according to Health Level 7 (HL7) standards and also standardise the nomenclature of requested medical data, enabling accurate decision-making when accessing patient data. All access requests to patient information are processed through SMDEE to ensure authorised access. The proposed system's ef-ficacy is evaluated using the Health Insurance Portability and Accountability Act (HIPAA), a fundamental privacy law in the United States. However, SMDEE's fiexibility allows its application worldwide, accommodating various medical privacy laws. Beyond facilitating global information exchange, SMDEE aims to enhance international patients' timely and appropriate treatment.

Keywords

data protection / decision making / information retrieval / intelligent information processing / medical applications / privacy issues / security / security of data

Cite this article

Download citation ▾
Imran Khan, Javed Rashid, Anwar Ghani, Muhammad Shoaib Saleem, Muhammad Faheem, Humera Khan. Access and Privacy Control for Healthcare Decision Support System: A Smart Medical Data Exchange Engine (SMDEE). CAAI Transactions on Intelligence Technology, 2025, 10(6): 1616-1632 DOI:10.1049/cit2.70077

登录浏览全文

4963

注册一个新账户 忘记密码

References

Publishing order | Descend order by publishing year | Descend order by cited within
[1]

J. M. Marchibroda, “Health Information Exchange Policy and Eval-uation,” Journal of Biomedical Informatics 40, no. 6 (2007): S11-S16, https://doi.org/10.1016/j.jbi.2007.08.008.
[2]

H. Administrative, HIPAA Administrative 45 CFR, Parts 160, 162 and 164. Department of Health and Human Services, Office for Civil Rights, (2009), http://www.hhs.gov.
[3]

J. C. Maxwell and A. I. Anton, “Developing Production Rule Models to Aid in Acquiring Requirements From Legal Texts,” IEEE (2009): 101-110, https://doi.org/10.1109/re.2009.21.
[4]

P. E. Lam, J. C. Mitchell, and S. Sundaram, A Formalization of HIPAA for a Medical Messaging System (Springer, 2009),73-85.
[5]

H. DeYoung, D. Garg, L. Jia,D. Kaynar, and A. Datta, “Experiences in the Logical Specification of the HIPAA and GLBA Privacy Laws,” in ACM, (2010), 73-82.
[6]

J. C. Maro, R. Platt, J. H. Holmes, et al., “Design of a National Distributed Health Data Network,” Annals of Internal Medicine 151, no. 5 (2009): 341-344, https://doi.org/10.7326/0003-4819-151-5-200909010-00139.
[7]

T. Takemura, K. Araki, K. Arita, et al., “Development of Funda-mental Infrastructure for Nationwide EHR in Japan,” Journal of Medical Systems 36, no. 4 (2012): 2213-2218, https://doi.org/10.1007/s10916-011-9688-z.
[8]

M. S. Qazi and M. Ali, “Pakistan’s Health Management Information System: Health Managers’ Perspectives,” Journal of the Pakistan Medical Association 59, no. 1 (2009): 10-14.
[9]

H. People, “Conclusion and Future Directions:CDC Health Dispar-ities and Inequalities Report United States, 2013,” CDC Health Dispar-ities and Inequalities Report United States 62, no. 3 (2013): 184.
[10]

K. Sebelius, US Department of Health and Human Services Strategic Plan; Fiscal Years 2010- 2015 (Online Publication, 2012).
[11]

S. Albagmi, “The Effectiveness of EMR Implementation Regarding Reducing Documentation Errors and Waiting Time for Patients in Outpatient Clinics: A Systematic Review,” F1000Research 10, no. 514 (2021): 514, https://doi.org/10.12688/f1000research.45039.2.
[12]

P. Anthonysamy and A. Rashid, “Software Engineering for Privacy in-the-large,” 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, no 2 (2015), 947-948, https://doi.org/10.1109/icse.2015.300.
[13]

D. M. West and A. Friedman,Health Information Exchanges and Megachange (Governance Studies at Brookings, 2012).
[14]

J. R. Vest, “Health Information Exchange: National and Interna-tional Approaches,” Advances in Health Care Management 12 (2012): 3-24, https://doi.org/10.1108/s1474-8231(2012)0000012005.
[15]

H. C. Huang,W. C. Fang, and W. H. Lai, “Secure Medical Infor-mation Exchange With Reversible Data Hiding,” in IEEE, (2012), 1424-1427.
[16]

Z. Ts, J. Chu, K. Araki, and H. Yoshihara, “Design and Development of an International Clinical Data Exchange System: The International Layer Function of the Dolphin Project,” Journal of the American Medical Informatics Association 18, no. 5 (2014): 683-689, https://doi.org/10.1136/amiajnl-2011-000111.
[17]

J. D. Young, “Commitment Analysis to Operationalize Software Requirements From Privacy Policies,” Requirements Engineering 16, no. 1 (2011): 33-46, https://doi.org/10.1007/s00766-010-0108-6.
[18]

J. Liu, C. Wang, and S. Liu, “Utility of ChatGPT in Clinical Prac-tice,” Journal of Medical Internet Research 25 (2023): e48568, https://doi.org/10.2196/48568.
[19]

A. Čartolovni, A. Tomičić and E. L. Mosler, “Ethical, Legal, and Social Considerations of AI-Based Medical Decision-Support Tools: A Scoping Review,” International Journal of Medical Informatics 161 (2022): 104738, https://doi.org/10.1016/j.ijmedinf.2022.104738.
[20]

J. M. Balkin, “The Hohfeldian Approach to Law and Semiotics,” University of Miami Law Review 44 (1990): 1119.
[21]

J. C. Maxwell and A. I. Anton, “A Refined Production Rule Model for Aiding in Regulatory Compliance,” tech. rep. North Carolina State University. Dept. of Computer Science (2010).
[22]

M. Hashmi, “A Methodology for Extracting Legal Norms From Regulatory Documents,” in IEEE, (2015), 41-50.
[23]

A. O Neill, “An Action Framework for Compliance and Gover-nance,” Clinical Governance: An International Journal 19, no. 4 (2014): 342-359, https://doi.org/10.1108/cgij-07-2014-0022.
[24]

T. Alshugran and J. Dichter, “Toward a Privacy Preserving HIPAA-Compliant Access Control Model for Web Services,” in IEEE, (2014), 163-167.
[25]

T. Alshugran and J. Dichter, “Extracting and Modeling the Privacy Requirements From HIPAA for Healthcare Applications,” in IEEE (Long Island, 2014), 1-5.
[26]

T. Alshugran,J. Dichter, and M. Faezipour, “Formally Expressing HIPAA Privacy Policies for Web Services,” in IEEE (2015), 295-299.
[27]

T. Benson and G. Grieve, Standards Development Organizations (Springer, 2021),427-442.
[28]

A. J. Moy, J. M. Schwartz, R. Chen, et al., “Measurement of Clinical Documentation Burden Among Physicians and Nurses Using Electronic Health Records: A Scoping Review,” Journal of the American Medical Informatics Association 28, no. 5 (2021): 998-1008, https://doi.org/10.1093/jamia/ocaa325.
[29]

T. K. Colicchio and J. J. Cimino, “Clinicians Reasoning as Refiected in Electronic Clinical Note-Entry and Reading/Retrieval: A Systematic Review and Qualitative Synthesis,” Journal of the American Medical Informatics Association 26, no. 2 (2019): 172-184, https://doi.org/10.1093/jamia/ocy155.
[30]

E. Joukes, A. Abu-Hanna, R. Cornet, and N. F. Keizer, “Time Spent on Dedicated Patient Care and Documentation Tasks Before and After the Introduction of a Structured and Standardized Electronic Health Record,” Applied Clinical Informatics 9, no. 1 (2018): 046-053, https://doi.org/10.1055/s-0037-1615747.
[31]

B. G. Arndt, J. W. Beasley, M. D. Watkinson, et al., “Tethered to the EHR: Primary Care Physician Workload Assessment Using EHR Event Log Data and Time-Motion Observations,” Annals of Family Medicine 15, no. 5 (2017): 419-426, https://doi.org/10.1370/afm.2121.
[32]

P. Mishra, J. C. Kiang, and R. W. Grant, “Association of Medical Scribes in Primary Care With Physician Workfiow and Patient Experi-ence,” JAMA Internal Medicine 178, no. 11 (2018): 1467-1472, https://doi.org/10.1001/jamainternmed.2018.3956.
[33]

R. H. Dolin, L. Alschuler, S. Boyer, et al., “HL7 Clinical Document Architecture, Release 2,” Journal of the American Medical Informatics Association 13, no. 1 (2006): 30-39, https://doi.org/10.1197/jamia.m1888.
[34]

J. M. Ferranti, R. C. Musser, K. Kawamoto, and W. E. Hammond, “The Clinical Document Architecture and the Continuity of Care Re-cord,” Journal of the American Medical Informatics Association 13, no. 3 (2006): 245-252, https://doi.org/10.1197/jamia.m1963.
[35]

E. W. Huang, T. L. Tseng, M. L. Chang, M. L. Pan, and D. M. Liou, “Generating Standardized Clinical Documents for Medical Information Exchanges,” IT professional 12, no. 2 (2010): 26-32, https://doi.org/10.1109/mitp.2010.56.
[36]

P. Poba-Nzaou, S. Uwizeyemungu, M. Dakouo, A. Tchibozo, and B. Mboup, “Patterns of Health Information Exchange Strategies Underly-ing Health Information Technologies Capabilities Building,” Health Systems 11, no. 3 (2021): 1-21, https://doi.org/10.1080/20476965.2021.1952113.
[37]

P. Taber, C. Radloff, G. Del Fiol, C. Staes, and K. Kawamoto, “New Standards for Clinical Decision Support: A Survey of the State of Implementation,” Yearbook of medical informatics 30, no. 1 (2021): 159-171, https://doi.org/10.1055/s-0041-1726502.
[38]

E. Karaarslan and E. Konacaklı Decentralized Solutions for Data Collection and Privacy in Healthcare, Vol. 167-190 (De Gruyter, 2021).
[39]

S. Biswas, K. Sharif, F. Li, A. K. Bairagi, Z. Latif, and S. P. Mohanty, “Globechain: An Interoperable Blockchain for Global Sharing of Healthcare Data-A COVID-19 Perspective,” IEEE Consumer Electronics Magazine 10, no. 5 (2021): 64-69, https://doi.org/10.1109/MCE.2021.3074688.
[40]

A. A. Abdellatif, L. Samara, A. Mohamed, et al., “MEdge-Chain: Leveraging Edge Computing and Blockchain for Efficient Medical Data Exchange,” IEEE Internet of Things Journal (2021): 1, https://doi.org/10.1109/JIOT.2021.3052910.
[41]

C. Dhasaratha, M. K. Hasan, S. Islam, et al., “Data Privacy Model Using Blockchain Reinforcement Federated Learning Approach for Scalable Internet of Medical Things,” CAAI Transactions on Intelligence Technology (2024): cit2.12287, https://doi.org/10.1049/cit2.12287.
[42]

V. Thakkar, V. Shah, and A. Khang, Electronic Health Records Se-curity and Privacy Enhancement Using Blockchain Technology (CRC Press, 2023), 1-13.
[43]

I. Masood, A. Daud, Y. Wang, A. Banjar, and R. Alharbey, “A Blockchain-Based System for Patient Data Privacy and Security,” Multimedia Tools and Applications 83, no. 21 (2024): 60443-60467, https://doi.org/10.1007/s11042-023-17941-y.
[44]

R. K. Saripalle, “Fast Health Interoperability Resources (FHIR): Current Status in the Healthcare System,” International Journal of E-Health and Medical Communications 10, no. 1 (2019): 76-93, https://doi.org/10.4018/ijehmc.2019010105.
[45]

S. Maxhelaku and A. Kika, “Improving Interoperability in Health-care Using HL7 FHIR,” in International Institute of Social and Economic Sciences (2019), 35-42.
[46]

T. Takeda, D. Zhang, S. Wada, et al., The Acquisition of Structured Clinical Data From a Document-Based Electronic Medical Record System (IOS Press, 2019), 1600-1601.
[47]

A. Almalawi, A. I. Khan, F. Alsolami, Y. B. Abushark, and A. S. Alfakeeh, “Managing Security of Healthcare Data for a Modern Healthcare System,” Sensors 23, no. 7 (2023): 3612, https://doi.org/10.3390/s23073612.
[48]

Z. Wu, H. Wang, J. Wan, L. Zhang, and J. Huang, “An Inner Product Predicate-Based Medical Data-Sharing and Privacy Protection System,” IEEE Access 12 (2024): 68680-68696, https://doi.org/10.1109/access.2024.3400611.
[49]

H. Rafik, A. Ettaoufik, and A. Maizate, “Securing Medical Data Exchange: A Decentralized Approach Based on the e-IPGPChain Framework,” International Journal of Safety & Security Engineering 14, no. 3 (2024): 815-829, https://doi.org/10.18280/ijsse.140314.
[50]

M. Xie, Z. Zhang, H. Hong, G. Zhang, and Y. Qin, “Secure Medical Data Sharing Featuring Traceable Data Usage and Automatic Audit Mechanism,” IEEE Internet of Things Journal 12, no. 13 (2025): 25587-25600, https://doi.org/10.1109/jiot.2025.3559926.
[51]

S. Arefin and N. T. Zannat, “Securing AI in Global Health Research: A Framework for Cross-Border Data Collaboration,” Clinical Medicine And Health Research Journal 5, no. 2 (2025): 1187-1193, https://doi.org/10.18535/cmhrj.v5i02.457.
[52]

T. K. Alhasan, “Managing Legal Risks in Health Information Ex-changes: A Comprehensive Approach to Privacy, Consent, and Liabil-ity,” Journal of Healthcare Risk Management 44, no. 4 (2025): 12-24, https://doi.org/10.1002/jhrm.70002.
[53]

I. Khan,M. Alwarsh, and J. I. Khan, “A Comprehension Approach for Formalizing Privacy Rules of HIPAA for Decision Support,” IEEE, (2013), 390-395.
[54]

I. Khan, M. Sher, J. I. Khan, et al., “Conversion of Legal Text to a Logical Rules Set From Medical Law Using the Medical Relational Model and the World Rule Model for a Medical Decision Support System,” Informatics 3, no. 1 (2016): 2, https://doi.org/10.3390/informatics3010002.
[55]

I. Khan, M. Sher, S. Aslam, et al., “MEDICAL DROP BOX (MDB),” Professional Medical Journal 23, no. 4 (2016): 489-498, https://doi.org/10.29309/tpmj/2016.23.04.1538.
[56]

I. Khan, M. Sher, J. I. Khan, S. M. Saqlain, A. Ghani, and M. U. Ashraf, “Clinical Document Construction Using HL7 With Medical Drop Box for Exchange of Electronic Health Records Under Country Medical Law,” International Journal of Computer Science and Informa-tion Security 14, no. 10 (2016): 559-576.
[57]

I. Khan, M. Sher, S. M. Saqlain, et al., “Role-Based Efficient Infor-mation Extraction Using Rule-Based Decision Tree,” International Journal of Advanced and Applied Sciences 4, no. 1 (2017): 74-83, https://doi.org/10.21833/ijaas.2017.01.011.
[58]

L. Lenert, D. Sundwall, and M. E. Lenert, “Shifts in the Architecture of the Nationwide Health Information Network,” Journal of the Amer-ican Medical Informatics Association 19, no. 4 (2012): 498-502, https://doi.org/10.1136/amiajnl-2011-000442.
AI Summary AI Mindmap
PDF (3840KB)

33

Accesses

0

Citation

Detail
Sections
Recommended

AI思维导图

/