Submitted:
15 May 2026
Posted:
18 May 2026
You are already at the latest version
Abstract
Keywords:
1. Introduction
1.1. Mission and Vision
1.2. Problem Statement and Solution

2. Related Work
2.1. Federated Healthcare Architectures and FHIR-Based Interoperability
2.2. Master Patient Index and Probabilistic Record Linkage
2.3. Access Control Models for Electronic Health Records
2.4. Patient Consent and Privacy Frameworks
3. Methods
3.1. Technologies, Tools, and Algorithms
3.2. Database Design and Justification

3.3. Relational Schema
- Federated_Node (Node_ID PK, Node_Name, Node_Type, State, Address, Is_Active, Joined_Date)
- Patient (Patient_ID PK, SSN, First_Name, Last_Name, DOB, Blood_Type, Node_ID FK)
- Health_Center (Center_ID PK, Node_ID FK, Name, Center_Type, State, Address)
- Provider (Provider_ID PK, Name, Specialty, License_No, Center_ID FK, Is_Active)
- Diagnosis_Ref (ICD_Code PK, Description, Risk_Level)
- Encounter (Encounter_ID PK, Patient_ID FK, Provider_ID FK, Date_Time, Visit_Type, Clinical_Notes, Is_Emergency, Node_ID FK)
- Encounter_Diagnosis (Entry_ID PK, Encounter_ID FK, ICD_Code FK, Severity_Notes).
- MPI_Local_Link (MPI_Local_ID PK, Patient_ID FK, Node_ID FK, Match_Confidence, Linked_Date)
- MPI_Remote_Link (MPI_Remote_ID PK, Patient_ID FK, Node_ID FK, Remote_Patient_ID, Match_Confidence, Linked_Date).
3.4. Views
3.5. Access Control Implementation
3.5.1. ABAC Workflows
3.6. Test Query Design and Relational Algebra
4. Results
4.1. Schema Deployment
4.2. Data Population and Table Verification
4.3. Query and Access Control Testing

5. Discussion
6. Conclusion
6.1. Limitations
6.2. Future Work
- Implementation in a real multi-node-federated architecture with independent database servers with secure API gateway.
- Probabilistic matching engine (Fellegi-Sunter or supervised learning) integration for the further enhancement of MPI confidence scores.
- Enforcement of ABAC policies at the application level to stored-procedure gateways or row-level security policies in MySQL.
- All PHI columns encrypted with key management in accordance with the HIPAA Security Rule (U.S. HHS, 2023).
- Optimize the queries by load testing and checking query performance at national scale using millions of records (AHA, 2022).
6.3. Summary
Data Availability Statement
AI Tools Disclosure
Conflicts of Interest
References
- Atlam, H. F.; Yang, Y. Enhancing healthcare security: A unified RBAC and ABAC risk-aware access control approach. Future Internet 2025, 17(6), 262. [Google Scholar] [CrossRef]
- Adelusi, B. S.; Osamika, D.; Kelvin-Agwu, M. C.; Yetunde, A.; Mustapha, A. Y. F.; Ikhalea, N. A federated interoperability framework for seamless health data exchange using FHIR standards across multi-hospital systems. Engineering and Technology Journal 2025, 10(05), 4672–4695. [Google Scholar] [CrossRef]
- American Hospital Association. AHA annual survey: Information technology supplement. 2022. https://www.aha.org/statistics/fast-facts-us-hospitals.
- Bossenko, I.; Randmaa, R.; Piho, G.; Ross, P. Interoperability of health data using FHIR Mapping Language: transforming HL7 CDA to FHIR with reusable visual components. Frontiers in Digital Health 2024, 6, 1480600. [Google Scholar] [CrossRef] [PubMed]
- Centers for Disease Control and Prevention. Public health surveillance and informatics program office. 2023. https://www.cdc.gov/surveillance/index.html.
- Codd, E. F. A relational model of data for large shared data banks. Communications of the ACM 1970, 13(6), 377–387. [Google Scholar] [CrossRef]
- Cobrado, U. N.; Sharief, S.; Regahal, N. G.; Zepka, E.; Mamauag, M.; Velasco, L. C. Access control solutions in electronic health record systems: A systematic review. Informatics in Medicine Unlocked 2024, 49, 101552. [Google Scholar] [CrossRef]
- Elmasri, R.; Navathe, S. B. Fundamentals of database systems, 7th ed.; Pearson, 2015. [Google Scholar]
- Health Level Seven International. HL7 FHIR R4 specification. 2023. https://hl7.org/fhir/R4/.
- Heryawan, L.; Mori, Y.; Yamamoto, G.; Kume, N.; Lazuardi, L.; Fuad, A.; Kuroda, T. Fast Healthcare Interoperability Resources (FHIR)-based interoperability design in Indonesia: Content analysis of developer hub's social networking service; JMIR Formative Research, 2025. [Google Scholar] [CrossRef]
- IBM Security. Cost of a data breach report 2023. 2023. https://www.ibm.com/reports/data-breach.
- Li, R.; Niu, Y.; Scott, S. R.; Zhou, C.; Lan, L.; Liang, Z.; Li, J. Using electronic medical record data for research in a healthcare information and management systems society (HIMSS) analytics electronic medical record adoption model (EMRAM) stage 7 hospital in Beijing: cross-sectional study. JMIR Medical Informatics 2021, 9(8), e24405. [Google Scholar] [CrossRef] [PubMed]
- Nagels, J.; Wu, S.; Gorokhova, V. Deterministic vs. probabilistic: Best practices for patient matching based on a comparison of two implementations. Journal of Digital Imaging 2019, 32(6), 919–924. [Google Scholar] [CrossRef] [PubMed]
- Nelson, W.; Khanna, N.; Ibrahim, M.; Fyfe, J.; Geiger, M.; Edwards, K.; Petch, J. Optimizing patient record linkage in a master patient index using machine learning: Algorithm development and validation. JMIR Formative Research 2023, 7, e44331. [Google Scholar] [CrossRef] [PubMed]
- National Academies of Sciences; Engineering; and Medicine. Transit Technical Training, Volume 2: Guide to Overcoming Barriers to Implementing Best and Innovative Training. 2018. [Google Scholar]
- Oliveira, M. T.; et al. AC-ABAC: Attribute-based access control for electronic medical records during acute care. Expert Systems with Applications 2023, 211, 119271. [Google Scholar] [CrossRef]
- Office of the National Coordinator for Health Information Technology (ONC). 21st Century Cures Act: Interoperability, information blocking, and the ONC Health IT Certification Program. Federal Register 2020, 85(25), 25642–25961. [Google Scholar]
- Tabari, P.; Costagliola, G.; De Rosa, M.; Boeker, M. State-of-the-art fast healthcare interoperability resources (fhir)–based data model and structure implementations: Systematic scoping review. JMIR medical informatics 2024, 12(1), e58445. [Google Scholar] [CrossRef] [PubMed]
- Ramakrishnan, R.; Gehrke, J. Database management systems, 3rd ed.; McGraw-Hill, 2003. [Google Scholar]
- U.S. Department of Health and Human Services. HIPAA security rule guidance. 2023. https://www.hhs.gov/hipaa/for-professionals/security/index.html.
- Vasileiou, N.; Giannakopoulou, O.; Manta, O.; Bromis, K.; Vagenas, T. P.; Kouris, I.; Koutsouris, D. D. A Federated FHIR-Based Interoperability Framework for Multi-Site Heart Failure Monitoring: The RETENTION Project. Computers 2026, 15(4), 212. [Google Scholar] [CrossRef]
- World Health Organization. ICD-10: International statistical classification of diseases and related health problems, 10th rev. ed; 2023; https://www.who.int/standards/classifications/classification-of-diseases.
| Role | User Type | Access Level | Privileges |
|---|---|---|---|
| cdhms_dba_role | Database Admin | Full | ALL PRIVILEGES on entire database; schema changes, user management, compliance review |
| cdhms_emergency_role | Emergency Physician | Break-Glass | SELECT on ALL tables; INSERT on Audit_Log and Break_Glass_Event only; cannot modify clinical data |
| cdhms_provider_role | General Practitioner | Contextual R/W | SELECT+INSERT+UPDATE on Encounter/Encounter_Diagnosis; SELECT on Patient, Patient_Consent; ABAC specialty-scoped |
| cdhms_public_health_role | CDC / Public Health | Aggregated Read | SELECT on View_Public_Health_Trends only (no PII); INSERT on Audit_Log |
| cdhms_insurance_role | Insurance Auditor | Validated Read | SELECT on View_Insurance_Validation (consent-filtered); INSERT on Audit_Log |
| cdhms_patient_role | Patient (App User) | Own Data Only | SELECT on View_Patient_Own_Records & View_Patient_Access_Log; S/I/U on Patient_Consent; cannot modify clinical records |
| Workflow / Role | Objective | Result |
|---|---|---|
| DBA – Security Audit | Raw Audit_Log review for break-glass activity | PASS |
| Emergency – Break-Glass Read | Emergency patient record retrieval with justification logging | PASS |
| Break-Glass Audit Trail | Retrieve all Break_Glass_Event records linked to Audit_Log | PASS |
| Provider – Standard Clinical Read | Patient demographic and clinical data for admitted patient | PASS |
| CDC – Anonymized Trends | Regional disease trends filtered by Research_Consent opt-in | PASS |
| Insurance – Claim Validation | Encounter verification via consent-filtered view | PASS |
| Patient – Own Record View | Patient self-review of encounter history | PASS |
| Patient – Access Log Review | Patient audit of who accessed their records | PASS |
| MPI Duplicate Check | Cross-node patient identity linkage verification | PASS |
| Interop Mapping Lookup | Local code to ICD-10 translation via Interop_Mapping | PASS |
| Consent Filter Test | Encounters returned only for GRANTED insurance consent rows | PASS |
| Set Difference – No Active Consent | Patients with no active GRANTED consent rows identified | PASS |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2026 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).