Patient-Centric Data Governance in Austria using FHIR

  • Clara Diesenreiter

    Student thesis: Master's Thesis

    Abstract

    In the contemporary healthcare setting, the principle of patient-centredness has become
    increasingly significant, emphasising the significance of enabling patients to take an
    active role in their care processes. This work investigates the implementation of patientcentric data governance using the Fast Healthcare Interoperability Resource (FHIR)
    framework, with the primary goal of improving patient autonomy, addressing privacy
    concerns and building trust in the healthcare system through improved control over
    health data access.
    The main focus of this work is the design and evaluation of a patient-centric access control model that integrates Attribute-based Access Control (ABAC) with FHIR,
    utilising the Extensible Access Control Markup Language (XACML) to enforce consent
    policies. The model accommodates nuanced consent scenarios and exceptions, ensuring
    a flexible and precise data governance. The proposed solution design includes a detailed
    architecture and workflow. A reference implementation is developed using Balana and
    the HAPI-FHIR framework, showcasing the practical feasibility of the proposed architecture. The implementation includes the design of FHIR Consent Resources, which
    record patient consent as well as XACML policies to accommodate nuanced consent
    directives and patient authority exceptions.
    The evaluation includes resource verification and test cases that demonstrate the
    system’s ability to handle scenarios such as open access, restricted access, selective
    access, entity-specific blocks and the overruling of a patient’s consent decision.
    The results of this work indicate that the integrated XACML-FHIR model successfully addresses the challenges of patient data privacy and access control, providing an
    automated framework for patient-centric data governance.
    By allowing patients to have authority over their health data and ensuring secure
    and appropriate access, this research contributes to the advancement of patient-centric
    healthcare and the establishment of a trusted healthcare data exchange ecosystem.
    Date of Award2024
    Original languageEnglish (American)
    SupervisorHerwig Mayr (Supervisor)

    Cite this

    '