Role-Based Access Control Models
Computer
Qualitative research in information systems
MIS Quarterly
The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Object-Process Methodology: A Holistic Systems Paradigm
Object-Process Methodology: A Holistic Systems Paradigm
Emerging paradigms of cognition in medical decision-making
Journal of Biomedical Informatics
k-anonymity: a model for protecting privacy
International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems
Privacy enhanced technologies: methods – markets – misuse
TrustBus'05 Proceedings of the Second international conference on Trust, Privacy, and Security in Digital Business
A contextual role-based access control authorization model for electronic patient record
IEEE Transactions on Information Technology in Biomedicine
Patient-centric authorization framework for sharing electronic health records
Proceedings of the 14th ACM symposium on Access control models and technologies
Editorial: Using OWL and SWRL to represent and reason with situation-based access control policies
Data & Knowledge Engineering
HealthSec'12 Proceedings of the 3rd USENIX conference on Health Security and Privacy
Privacy management in dynamic groups: understanding information privacy in medical practices
Proceedings of the 2013 conference on Computer supported cooperative work
Mining Deviations from Patient Care Pathways via Electronic Medical Record System Audits
ACM Transactions on Management Information Systems (TMIS) - Special Issue on Informatics for Smart Health and Wellbeing
Hi-index | 0.01 |
Access control is a central problem in privacy management. A common practice in controlling access to sensitive data, such as electronic health records (EHRs), is Role-Based Access Control (RBAC). RBAC is limited as it does not account for the circumstances under which access to sensitive data is requested. Following a qualitative study that elicited access scenarios, we used Object-Process Methodology to structure the scenarios and conceive a Situation-Based Access Control (SitBAC) model. SitBAC is a conceptual model, which defines scenarios where patient's data access is permitted or denied. The main concept underlying this model is the Situation Schema, which is a pattern consisting of the entities Data-Requestor, Patient, EHR, Access Task, Legal-Authorization, and Response, along with their properties and relations. The various data access scenarios are expressed via Situation Instances. While we focus on the medical domain, the model is generic and can be adapted to other domains.