Role-Based Access Control Models
Computer
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Context sensitivity in role-based access control
ACM SIGOPS Operating Systems Review
Purpose based access control of complex data for privacy protection
Proceedings of the tenth ACM symposium on Access control models and technologies
Context-Aware Adaptation of Access-Control Policies
IEEE Internet Computing
Aligning Requirements with HIPAA in the iTrust System
RE '08 Proceedings of the 2008 16th IEEE International Requirements Engineering Conference
IEEE Security and Privacy
Evaluating existing security and privacy requirements for legal compliance
Requirements Engineering - Special Issue on RE'09: Security Requirements Engineering; Guest Editors: Eric Dubois and Haralambos Mouratidis
Privacy-aware role-based access control
ACM Transactions on Information and System Security (TISSEC)
A contextual role-based access control authorization model for electronic patient record
IEEE Transactions on Information Technology in Biomedicine
Hi-index | 0.00 |
Incentives and penalties for healthcare providers as laid out in the American Recovery and Reinvestment Act of 2009 have caused tremendous growth in the development and installation of electronic health record (EHR) systems in the US. For the benefit of protecting patient privacy, regulations and certification criteria related to EHR systems stipulate the use of access control of protected health information. The goal of this research is to guide development teams, regulators, and certification bodies by assessing the state of the practice in EHR access control. In this paper, we present a compilation of 25 criteria relative to access control in EHR systems found in the Health Insurance Portability and Accountability Act (HIPAA) regulation, meaningful use certification criteria, best practices embodied in the National Institute for Standards and Technology (NIST) role-based access control standard, and other best practices found in the literature. We then examine the state of the practice in access control by evaluating four open source EHR systems using these 25 evaluation criteria. Our research indicates that the NIST Meaningful Use criteria provide HIPAA compliance, but none of the regulatory and certification criteria address the implementation standards, and best practices related to access control. Additionally, our results indicate that open source EHR system designers are not implementing robust access control mechanisms for the adequate protection of patient data.