Continuous and transparent access control framework for electronic health records: A preliminary study

2017 2nd International conferences on Information Technology, Information Systems and Electrical Engineering (ICITISEE) Pub Date : 2017-11-01 DOI:10.1109/ICITISEE.2017.8285487

M. Jayabalan, T. O'Daniel

{"title":"Continuous and transparent access control framework for electronic health records: A preliminary study","authors":"M. Jayabalan, T. O'Daniel","doi":"10.1109/ICITISEE.2017.8285487","DOIUrl":null,"url":null,"abstract":"The thrust of technological advancement in healthcare today lies in improving the quality and timeliness of patient services. Medical information is accessed through various means that require efficient methods for protecting patient privacy and security. Healthcare providers implement a set of information security mechanisms such as access control, authentication, log analysis etc. to protect disclosure of data to the unauthorized person. This research proposes a continuous and transparent access control framework based on a preliminary study. The proposed framework has three core components: adaptive authentication, risk analysis and data transparency mapped with Role Based Access Control. The adaptive authentication validates the user through behavior profiling, risk analysis measures the amount of risk in user data access, and data transparency allows patients and administrators to monitor data consumption and detect deviation from patient consent.","PeriodicalId":130873,"journal":{"name":"2017 2nd International conferences on Information Technology, Information Systems and Electrical Engineering (ICITISEE)","volume":"54 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 2nd International conferences on Information Technology, Information Systems and Electrical Engineering (ICITISEE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICITISEE.2017.8285487","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

The thrust of technological advancement in healthcare today lies in improving the quality and timeliness of patient services. Medical information is accessed through various means that require efficient methods for protecting patient privacy and security. Healthcare providers implement a set of information security mechanisms such as access control, authentication, log analysis etc. to protect disclosure of data to the unauthorized person. This research proposes a continuous and transparent access control framework based on a preliminary study. The proposed framework has three core components: adaptive authentication, risk analysis and data transparency mapped with Role Based Access Control. The adaptive authentication validates the user through behavior profiling, risk analysis measures the amount of risk in user data access, and data transparency allows patients and administrators to monitor data consumption and detect deviation from patient consent.

查看原文本刊更多论文

持续和透明的电子健康记录访问控制框架:初步研究

当今医疗保健技术进步的关键在于提高患者服务的质量和及时性。医疗信息通过各种方式访问，需要有效的方法来保护患者的隐私和安全。医疗保健提供商实现一组信息安全机制，如访问控制、身份验证、日志分析等，以保护向未经授权的人员披露数据。本研究在初步研究的基础上，提出了一个连续透明的访问控制框架。该框架有三个核心组件:自适应认证、风险分析和基于角色的访问控制映射的数据透明度。自适应身份验证通过行为分析验证用户，风险分析测量用户数据访问中的风险量，数据透明度允许患者和管理员监控数据消耗并检测偏离患者同意的情况。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 2nd International conferences on Information Technology, Information Systems and Electrical Engineering (ICITISEE)

自引率

0.00%

发文量