Skip to main content
SpringerLink
Log in
Book cover

Intelligent Distributed Computing VIII pp 443–452Cite as

A View-Based Acces Control Model for EHR Systems

  • Conference paper

Part of the book series: Studies in Computational Intelligence ((SCI,volume 570))

Abstract

Electronic Health Record (EHR) systems have the aim to collect clinical documents about patients, which typically contain very sensitive information. In order to manage who can do what on such clinical documents in the system, it is necessary to use a security mechanism. The Access Control (AC) goal is to guarantee the confidentiality and integrity of the data, and to allow the definition of security policies which reflect the need for privacy. In this paper, we define an innovative access control model that allows, on one hand, to meet the main requirements for EHR systems, and on the other hand to permit patients to define in detailed and clear manner the privacy policies on their clinical documents. The main innovation of this work is the principle of least privilege philosophy usage in the information content of the clinical documents. This feature allows to define an access control model that increases the patients’ trust in the EHR system.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Kilic, O., Dogac, A.: Achieving Clinical Statement Interoperability Using R-MIM and Archetype-Based Semantic Transformations. IEEE Transactions on Information Technology in Biomedicine 13(4), 467–477 (2009), doi:10.1109/TITB.2008.904647

    Article  Google Scholar 

  2. Sicuranza, M., Esposito, A.: An Access Control Model for easy management of patient privacy in EHR systems. In: In the 8th International Conference for Internet Technology and Secured Transactions, ICITST-2013 (2013)

    Google Scholar 

  3. Schneider, F.B.: Least Privilege and More, http://www.cs.cornell.edu/fbs/publications/leastPrivNeedham.pdf (access date: February 14, 2014)

  4. Sicuranza, M., Ciampi, M., De Pietro, G., Esposito, C.: Secure Healthcare Data Sharing among Federated Health Information Systems. International Journal of Critical Computer-Based Systems 4(4), 349–373 (2014), doi:10.1504/IJCCBS.2013.059023

    Article  Google Scholar 

  5. Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST Model for Role-Based Access Control: Towards A Unified Standard (2000), http://csrc.nist.gov/rbac/sandhu-ferraiolo-kuhn-00.pdf (access date: July 11, 2013)

  6. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. Computer 29, 38–47 (1996), http://dx.doi.org/10.1109/2.485845 , doi:10.1109/2.485845

    Article  Google Scholar 

  7. Shen, H.-B., Hong, F.: An Attribute-Based Access Control Model for Web Services. In: Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT 2006, pp. 74–79 (December 2006), doi:10.1109/PDCAT.2006.28

    Google Scholar 

  8. Kim, Y., Song, E.: Privacy-Aware Role Based Access Control Model: Revisited for Multi-Policy Conflict Detection. In: 2010 International Conference on Information Science and Applications (ICISA), April 21-23, pp. 1–7 (2010), doi:10.1109/ICISA.2010.5480349

    Google Scholar 

  9. Bertino, E., Bonatti, P., Ferrari, E.: TRBAC: a temporal role-based access control model. In: Proceedings of the ACM Workshop on Role-Based Access Control, pp. 21–30. ACM Press, New York (2000)

    Chapter  Google Scholar 

  10. General Data Protection Regulation, European Commission, regulation of the european parliament and of the council (2012), http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf (access date: September 13, 2013)

  11. Ferraiolo, D.F., Cugini, J., Kuhn, D.R.: Role-Based Access Control (RBAC): Features and Motivations. In: Proceedings of the 11th Annual Computer Security Application Conference, New Orleans, LA, December 11-15, pp. 241–248 (1995)

    Google Scholar 

  12. HL7 Version 3 Clinical Document Architecture (CDA) Release 2, https://www.hl7.org/implement/standards/product_brief.cfm?product_id=7 (access date: March 24, 2014)

  13. Ciampi, M., De Pietro, G., Esposito, C., Sicuranza, M., Donzelli, P.: On Federating Health Information Systems. In: Proceedings of the International Conference Healthcare Informatics and Biomedical Engineering, HiBES (July 2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Engineering, University of Naples “Parthenope”, Naples, Italy

    Mario Sicuranza & Angelo Esposito

  2. Institute of High Performance Computing and Networking, National Research Council of Italy, ICAR-CNR, Naples, Italy

    Mario Sicuranza, Angelo Esposito & Mario Ciampi

Authors
  1. Mario Sicuranza
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Angelo Esposito
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mario Ciampi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mario Sicuranza .

Editor information

Editors and Affiliations

  1. Computer Science Department, Technical School of Engineering, Universidad Autónoma de Madrid, Madrid, Spain

    David Camacho

  2. University of Hamburg, Hamburg, Germany

    Lars Braubach

  3. Department of Industrial and Information Engineering, Second University of Naples, Aversa, Italy

    Salvatore Venticinque

  4. Software Engineering Department, Faculty of Automatics, Computers and Ele, University of Craiova, Craiova, Romania

    Costin Badica

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Sicuranza, M., Esposito, A., Ciampi, M. (2015). A View-Based Acces Control Model for EHR Systems. In: Camacho, D., Braubach, L., Venticinque, S., Badica, C. (eds) Intelligent Distributed Computing VIII. Studies in Computational Intelligence, vol 570. Springer, Cham. https://doi.org/10.1007/978-3-319-10422-5_46

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-10422-5_46

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-10421-8

  • Online ISBN: 978-3-319-10422-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation