Situation-Based Access Control: Privacy management via modeling of patient data access scenarios

Authors:
Mor Peleg;Dizza Beimel;Dov Dori;Yaron Denekamp
Affiliations:
Department of Management Information systems, University of Haifa, Israel;Information Systems Area, Faculty of Industrial Engineering and Management, Technion-Israel Institute of Technology, Haifa 32000, Israel;Information Systems Area, Faculty of Industrial Engineering and Management, Technion-Israel Institute of Technology, Haifa 32000, Israel;Carmel Medical Center, Faculty of Medicine, Technion, Israel Institute of Technology, Haifa, Israel
Venue:
Journal of Biomedical Informatics
Year:
2008

Citing 8
Cited 7

Role-Based Access Control Models

Computer
Qualitative research in information systems

MIS Quarterly
The NIST model for role-based access control: towards a unified standard

RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Object-Process Methodology: A Holistic Systems Paradigm

Object-Process Methodology: A Holistic Systems Paradigm
Emerging paradigms of cognition in medical decision-making

Journal of Biomedical Informatics
k-anonymity: a model for protecting privacy

International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems
Privacy enhanced technologies: methods – markets – misuse

TrustBus'05 Proceedings of the Second international conference on Trust, Privacy, and Security in Digital Business
A contextual role-based access control authorization model for electronic patient record

IEEE Transactions on Information Technology in Biomedicine

Patient-centric authorization framework for sharing electronic health records

Proceedings of the 14th ACM symposium on Access control models and technologies
Editorial: Using OWL and SWRL to represent and reason with situation-based access control policies

Data & Knowledge Engineering
Development of a system framework for implementation of an enhanced role-based access control model to support collaborative processes

HealthSec'12 Proceedings of the 3rd USENIX conference on Health Security and Privacy
An enhancement of the Role-Based Access Control model to facilitate information access management in context of team collaboration and workflow

Journal of Biomedical Informatics
Privacy management in dynamic groups: understanding information privacy in medical practices

Proceedings of the 2013 conference on Computer supported cooperative work
Mining Deviations from Patient Care Pathways via Electronic Medical Record System Audits

ACM Transactions on Management Information Systems (TMIS) - Special Issue on Informatics for Smart Health and Wellbeing
An Enhanced Security Solution for Electronic Medical Records Based on AES Hybrid Technique with SOAP/XML and SHA-1

Journal of Medical Systems

Quantified Score

Hi-index	0.01

Visualization

Abstract

Access control is a central problem in privacy management. A common practice in controlling access to sensitive data, such as electronic health records (EHRs), is Role-Based Access Control (RBAC). RBAC is limited as it does not account for the circumstances under which access to sensitive data is requested. Following a qualitative study that elicited access scenarios, we used Object-Process Methodology to structure the scenarios and conceive a Situation-Based Access Control (SitBAC) model. SitBAC is a conceptual model, which defines scenarios where patient's data access is permitted or denied. The main concept underlying this model is the Situation Schema, which is a pattern consisting of the entities Data-Requestor, Patient, EHR, Access Task, Legal-Authorization, and Response, along with their properties and relations. The various data access scenarios are expressed via Situation Instances. While we focus on the medical domain, the model is generic and can be adapted to other domains.