Abstract
In EHR systems, most of the data are confidential concerning the health of a patient. Therefore, it is necessary to provide a mechanism for access control. This has not only to ensure the confidentiality and integrity of the data, but also to allow the definition of security policies which reflect the need for privacy of the patient who the documents refer to. In this paper we define a new Access Control (AC) model for EHR systems, that allows the patient to define access policies based on her/his need for privacy. Our model starts from the RBAC model, and extends it by adding characteristics and components to manage the access policies in a simple and dynamic manner. It ensures patient privacy, and for this reason we refer to it as a patient-centric AC model.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ferraiolo, D.F., Cugini, J., Kuhn, D.R.: Role-Based Access Control (RBAC): Features and Motivations. In: Proceedings of the 11th Annual Computer Security Application Conference, New Orleans, LA, December 11-15, pp. 241–248 (1995)
Iakovidis, I.: Towards Personal Health Record: “Current Situation, Obstacles and Trends in Implementation of Electronic Healthcare Record in Europe”. International Journal of Medical Informatics 52(1-3), 105–115 (1998)
Ferreira, A., Chadwick, D., Farinha, P., Correia, R., Zao, G., Chilro, R., Antunes, L.: How to Securely Break into RBAC: The BTG-RBAC Model. In: Annual Computer Security Applications Conference, ACSAC 2009, pp. 23–31, 7–11 (2009)
http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf
Sandhu, R., Ferraiolo, D.F., Kuhn, D.R.: The NIST Model for Role Based Access Control: Toward a Unified Standard. In: Postscript PDF Proceedings of the 5th ACM Workshop on Role Based Access Control, Berlin, July 26-27, pp. 47–63 (2000)
Kuhn, D.R., Coyne, E.J., Weil, T.R.: Adding Attributes to Role-Based Access Control. Computer 43(6), 79–81 (2010), doi:10.1109/MC.2010.155
Haux, R.: Health information systems - past, present, future. Int. J. Med. Inform. 75(3-4), 268–281 (2006)
Sicuranza, M., Ciampi, M., De Pietro, G., Esposito, C.: Secure Medical Data Sharing among Federated Health Information Systems. To be printed in the International Journal of Critical Computer-Based Systems (in press, 2013)
Ciampi, M., De Pietro, G., Esposito, C., Sicuranza, M., Donzelli, P.: On federating Health Information Systems. In: 2012 International Conference on Green and Ubiquitous Technology (GUT), July 7-8, pp. 139–143 (2012), doi:10.1109/GUT.2012.6344168
Amato, F., Casola, V., Mazzocca, N., Romano, S.: A semantic-based document processing framework: a security perspective. In: 2011 International Conference on Complex, Intelligent and Software Intensive Systems (CISIS), pp. 197–202. IEEE (2011)
Kim, Y., Song, E.: Privacy-Aware Role Based Access Control Model: Revisited for Multi-Policy Conflict Detection. In: ICISA 2010 International Conference, April 21-23, pp. 1–7 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing Switzerland
About this paper
Cite this paper
Esposito, A., Sicuranza, M., Ciampi, M. (2013). A Patient Centric Approach for Modeling Access Control in EHR Systems. In: Aversa, R., Kołodziej, J., Zhang, J., Amato, F., Fortino, G. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2013. Lecture Notes in Computer Science, vol 8286. Springer, Cham. https://doi.org/10.1007/978-3-319-03889-6_26
Download citation
DOI: https://doi.org/10.1007/978-3-319-03889-6_26
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-03888-9
Online ISBN: 978-3-319-03889-6
eBook Packages: Computer ScienceComputer Science (R0)