Abstract
Modern healthcare systems require collaborations between individual social entities such as hospitals, medical centers, emergency services and community services. One of the most critical issues in this setting is security and privacy, i.e., who can access what and based on which condition(s). In the healthcare system that crosses different administrative domains, each business unit has its own security policies defined and enforced. Therefore the challenge is how security policies shall be specified, compared and integrated if necessary depending on the nature of the inter-domain collaboration. In this paper, we discuss the challenging access control issues in cross-domain healthcare systems. A framework is provided to support authorization control in such an environment, which takes collaboration semantics into account, as well as individual participant’s authorization policies.