Situation-Based Access Control: Privacy management via modeling of patient data access scenarios
Journal of Biomedical Informatics
RBAC-based access control for privacy protection in pervasive environments
Proceedings of the 3rd International Conference on Ubiquitous Information Management and Communication
Reaction Policy Model Based on Dynamic Organizations and Threat Context
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
An ontology-based approach to react to network attacks
International Journal of Information and Computer Security
Context RBAC/MAC access control for ubiquitous environment
DASFAA'07 Proceedings of the 12th international conference on Database systems for advanced applications
Access control requirements for processing electronic health records
BPM'07 Proceedings of the 2007 international conference on Business process management
Activity-oriented access control to ubiquitous hospital information and services
Information Sciences: an International Journal
Editorial: Using OWL and SWRL to represent and reason with situation-based access control policies
Data & Knowledge Engineering
Evaluating access control of open source electronic health record systems
Proceedings of the 3rd Workshop on Software Engineering in Health Care
Emergency Access Authorization for Personally Controlled Online Health Care Data
Journal of Medical Systems
A tag-based data model for privacy-preserving medical applications
EDBT'06 Proceedings of the 2006 international conference on Current Trends in Database Technology
HealthSec'12 Proceedings of the 3rd USENIX conference on Health Security and Privacy
Privacy in mobile technology for personal healthcare
ACM Computing Surveys (CSUR)
Mining Deviations from Patient Care Pathways via Electronic Medical Record System Audits
ACM Transactions on Management Information Systems (TMIS) - Special Issue on Informatics for Smart Health and Wellbeing
| Hi-index | 0.00 |
The design of proper models for authorization and access control for electronic patient record (EPR) is essential to a wide scale use of EPR in large health organizations. In this paper, we propose a contextual role-based access control authorization model aiming to increase the patient privacy and the confidentiality of patient data, whereas being flexible enough to consider specific cases. This model regulates user's access to EPR based on organizational roles. It supports a role-tree hierarchy with authorization inheritance; positive and negative authorizations; static and dynamic separation of duties based on weak and strong role conflicts. Contextual authorizations use environmental information available at access time, like user/patient relationship, in order to decide whether a user is allowed to access an EPR resource. This enables the specification of a more flexible and precise authorization policy, where permission is granted or denied according to the right and the need of the user to carry out a particular job function.