Authorization in cross-border eHealth systems

Modern eHealth systems require collaborations between individual social entities such as hospitals, medical centers, emergency services and community services. Security and privacy are critical issues in this interoperability challenge. In an eHealth system that crosses different administrative domains, individual organisations usually define their authorization control policies independently. When a collaboration opportunity arises a number of issues may be raised. For example, is the collaboration possible given the authorization policies of collaboration participants? How can policy inconsistencies among collaboration participants be identified and resolved? What kind of authorization control support is needed as the collaboration proceeds? In this paper, we analyze different types of collaborations and provide insights into authorization control in individual organisations as well as in collaboration activities. We propose a model to capture the necessary elements for specifying authorization policy for cross-border collaboration. Based on the model, various inconsistencies between authorization policies from different business units are discussed and handling strategies are suggested according to the intended collaboration types. We also briefly discuss how a description logic reasoner can be used to test whether two set of policies are suitable for collaboration. This work lays a foundation for policy development, negotiation and enforcement for cross-border collaboration.