46 Copyright © 2011, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited. Chapter 3 A Context-Aware Authorization Model for Process-Oriented Personal Health Record Systems Eleni Mytilinaiou University of Piraeus, Greece Vassiliki Kouf University of Piraeus, Greece Flora Malamateniou University of Piraeus, Greece George Vassilacopoulos University of Piraeus, Greece abstraCt Healthcare delivery is a highly complex process involving a broad range of healthcare services, typically performed by a number of geographically distributed and organizationally disparate healthcare provid- ers requiring increased collaboration and coordination of their activities in order to provide shared and integrated care. Under an IT-enabled, patient-centric model, health systems can integrate care delivery across the continuum of services, from prevention to follow-up, and also coordinate care across all set- tings. In particular, much potential can be realized if cooperation among disparate healthcare organiza- tions is expressed in terms of cross-organizational healthcare processes, where information support is provided by means of Personal Health Record (PHR) systems. This chapter assumes a process-oriented PHR system and presents a security framework that addresses the authorization and access control issues arisen in these systems. The proposed framework ensures provision of tight, just-in-time permissions so that authorized users get access to specifc objects according to the current context. These permissions are subject to continuous adjustments triggered by the changing context. Thus, the risk of compromising information integrity during task executions is reduced. DOI: 10.4018/978-1-61692-895-7.ch003