Privacy Access Control Model for Aggregated e-Health Services

Abstract

Information privacy typically concerns the confidentiality of personal identifiable information (PII) and protected health information (PHI) such as electronic medical records. Thus, the information access control mechanism for e-health services must be embedded with privacy-enhancing technologies. Role-based access control (RBAC) model has been widely investigated and applied to various applications for a period of time. This paper presents an extended framework of RBAC with privacy-based extensions to tackle such a need. With the context of e-health care informatics, this paper proposes an aggregation decision-making layer interacted with a set of autonomous RBAC models to aggregate PHI.