A framework for access control model in enterprise healthcare via SAML

Abstract

In modern healthcare systems, information sharing among different individuals or organizations is a crucial aspect of everyday operations. The ability to send and receive data over a large inter-organizational network while protecting the privacy of vital electronic medical records is a challenge that has to be met and resolved. To address this problem, several Electronic Healthcare Record (EHR) standards are being developed to enable organizations to exchange clinical data. This paper provides a framework of using Security Assertion Markup Language (SAML) in an inter-organizational E-Healthcare system. Previous studies have shown that a Role-Based Access Control Model is a suitable security model for a single E-Healthcare system. The main goal of this paper focuses on communication and data sharing EHR component among the inter-organizations without comprising any privacy.