Fine-grained access control to medical records in digital healthcare enterprises

M. F. F. Khan, K. Sakamura
{"title":"Fine-grained access control to medical records in digital healthcare enterprises","authors":"M. F. F. Khan, K. Sakamura","doi":"10.1109/ISNCC.2015.7238590","DOIUrl":null,"url":null,"abstract":"Adopting IT as an integral part of business and operation is certainly making the healthcare industry more efficient and cost-effective. With the widespread digitalization of personal health information, coupled with big data revolution and advanced analytics, security and privacy related to medical data - especially ensuring authorized access thereto - is facing a huge challenge. In this paper, we argue that a fine-grained approach is needed for developing access control mechanisms contingent upon various environmental and application-dependent contexts along with provision for secure delegation of access-control rights. In particular, we propose a context-sensitive approach to access control, building on conventional discretionary access control (DAC) and role-based access control (RBAC) models. Taking a holistic view to access control, we effectively address the precursory authentication part as well. The eTRON architecture - which advocates use of tamper-resistant chips equipped with functions for mutual authentication and encrypted communication - is used for authentication and implementing the DAC-based delegation of access-control rights. For realizing the authorization and access decision, we used the RBAC model and implemented context verification on top of it. Our approach closely follows regulatory and technical standards of the healthcare domain. Evaluation of the proposed system in terms of various security and performance showed promising results.","PeriodicalId":430315,"journal":{"name":"2015 International Symposium on Networks, Computers and Communications (ISNCC)","volume":"76 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-05-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"24","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 International Symposium on Networks, Computers and Communications (ISNCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISNCC.2015.7238590","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 24

Abstract

Adopting IT as an integral part of business and operation is certainly making the healthcare industry more efficient and cost-effective. With the widespread digitalization of personal health information, coupled with big data revolution and advanced analytics, security and privacy related to medical data - especially ensuring authorized access thereto - is facing a huge challenge. In this paper, we argue that a fine-grained approach is needed for developing access control mechanisms contingent upon various environmental and application-dependent contexts along with provision for secure delegation of access-control rights. In particular, we propose a context-sensitive approach to access control, building on conventional discretionary access control (DAC) and role-based access control (RBAC) models. Taking a holistic view to access control, we effectively address the precursory authentication part as well. The eTRON architecture - which advocates use of tamper-resistant chips equipped with functions for mutual authentication and encrypted communication - is used for authentication and implementing the DAC-based delegation of access-control rights. For realizing the authorization and access decision, we used the RBAC model and implemented context verification on top of it. Our approach closely follows regulatory and technical standards of the healthcare domain. Evaluation of the proposed system in terms of various security and performance showed promising results.
在数字医疗保健企业中对医疗记录进行细粒度访问控制
将IT作为业务和运营的一个组成部分,无疑会提高医疗保健行业的效率和成本效益。随着个人健康信息的广泛数字化,再加上大数据革命和高级分析,与医疗数据相关的安全和隐私,特别是确保授权访问医疗数据,正面临着巨大的挑战。在本文中,我们认为需要一种细粒度的方法来开发基于各种环境和应用程序相关上下文的访问控制机制,并提供访问控制权限的安全委托。特别是,我们提出了一种上下文敏感的访问控制方法,建立在传统的自主访问控制(DAC)和基于角色的访问控制(RBAC)模型的基础上。从整体的角度来看待访问控制,我们也有效地解决了预先认证部分。eTRON架构提倡使用具有相互认证和加密通信功能的防篡改芯片,用于身份验证和实现基于dac的访问控制权限委托。为了实现授权和访问决策,我们使用了RBAC模型,并在其上实现了上下文验证。我们的方法严格遵循医疗保健领域的法规和技术标准。从各种安全性和性能方面对所提出的系统进行了评估,结果令人鼓舞。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信