An enhancement of the Role-Based Access Control model to facilitate information access management in context of team collaboration and workflow

Authors:
Xuan Hung Le;Terry Doll;Monica Barbosu;Amneris Luque;Dongwen Wang
Affiliations:
University of Rochester Medical Center, Rochester, NY 14642, USA;University of Rochester Medical Center, Rochester, NY 14642, USA;University of Rochester Medical Center, Rochester, NY 14642, USA;University of Rochester Medical Center, Rochester, NY 14642, USA;University of Rochester Medical Center, Rochester, NY 14642, USA
Venue:
Journal of Biomedical Informatics
Year:
2012

Citing 24
Cited 3

Proposed NIST standard for role-based access control

ACM Transactions on Information and System Security (TISSEC)
PBDM: a flexible delegation model in RBAC

Proceedings of the eighth ACM symposium on Access control models and technologies
Representation and reasoning for DAML-based policy and domain services in KAoS and nomads

AAMAS '03 Proceedings of the second international joint conference on Autonomous agents and multiagent systems
A rule-based framework for role-based delegation and revocation

ACM Transactions on Information and System Security (TISSEC)
Incorporating ideas from computer-supported cooperative work

Journal of Biomedical Informatics
Design and implementation of the GLIF3 guideline execution engine

Journal of Biomedical Informatics
Access control in collaborative systems

ACM Computing Surveys (CSUR)
Evaluation Methods in Biomedical Informatics (Health Informatics)

Evaluation Methods in Biomedical Informatics (Health Informatics)
Access control in collaborative commerce

Decision Support Systems
ROWLBAC: representing role based access control in OWL

Proceedings of the 13th ACM symposium on Access control models and technologies
Security Challenges in Adaptive e-Health Processes

SAFECOMP '08 Proceedings of the 27th international conference on Computer Safety, Reliability, and Security
Situation-Based Access Control: Privacy management via modeling of patient data access scenarios

Journal of Biomedical Informatics
Dynamic protection structures

AFIPS '69 (Fall) Proceedings of the November 18-20, 1969, fall joint computer conference
Activity-oriented access control to ubiquitous hospital information and services

Information Sciences: an International Journal
A method to implement fine-grained access control for personal health records through standard relational database queries

Journal of Biomedical Informatics
MetDAT

Bioinformatics
Editorial: Using OWL and SWRL to represent and reason with situation-based access control policies

Data & Knowledge Engineering
Patterns for collaborative work in health care teams

Artificial Intelligence in Medicine
A semantic context-aware access control framework for secure collaborations in pervasive computing environments

ISWC'06 Proceedings of the 5th international conference on The Semantic Web
Computer-supported collaborative work (CSCW) in biomedical signal visualization and processing

IEEE Transactions on Information Technology in Biomedicine
A contextual role-based access control authorization model for electronic patient record

IEEE Transactions on Information Technology in Biomedicine
Location-aware access to hospital information and services

IEEE Transactions on Information Technology in Biomedicine
ABACS: An Attribute-Based Access Control System for Emergency Services over Vehicular Ad Hoc Networks

IEEE Journal on Selected Areas in Communications
Development of a system framework for implementation of an enhanced role-based access control model to support collaborative processes

HealthSec'12 Proceedings of the 3rd USENIX conference on Health Security and Privacy

Development of a system framework for implementation of an enhanced role-based access control model to support collaborative processes

HealthSec'12 Proceedings of the 3rd USENIX conference on Health Security and Privacy
Mobi-CoSWAC: an access control approach for collaborative scientific workflow in mobile environment

ICPCA/SWS'12 Proceedings of the 2012 international conference on Pervasive Computing and the Networked World
Mining Deviations from Patient Care Pathways via Electronic Medical Record System Audits

ACM Transactions on Management Information Systems (TMIS) - Special Issue on Informatics for Smart Health and Wellbeing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Although information access control models have been developed and applied to various applications, few of the previous works have addressed the issue of managing information access in the combined context of team collaboration and workflow. To facilitate this requirement, we have enhanced the Role-Based Access Control (RBAC) model through formulating universal constraints, defining bridging entities and contributing attributes, extending access permissions to include workflow contexts, synthesizing a role-based access delegation model to target on specific objects, and developing domain ontologies as instantiations of the general model to particular applications. We have successfully applied this model to the New York State HIV Clinical Education Initiative (CEI) project to address the specific needs of information management in collaborative processes. An initial evaluation has shown this model achieved a high level of agreement with an existing system when applied to 4576 cases (kappa=0.801). Comparing to a reference standard, the sensitivity and specificity of the enhanced RBAC model were at the level of 97-100%. These results indicate that the enhanced RBAC model can be effectively used for information access management in context of team collaboration and workflow to coordinate clinical education programs. Future research is required to incrementally develop additional types of universal constraints, to further investigate how the workflow context and access delegation can be enriched to support the various needs on information access management in collaborative processes, and to examine the generalizability of the enhanced RBAC model for other applications in clinical education, biomedical research, and patient care.