SGAC: A patient-centered access control method

2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS) Pub Date : 2016-06-01 DOI:10.1109/RCIS.2016.7549286

N. Huynh, M. Frappier, Herman Pooda, A. Mammar, Régine Laleau

{"title":"SGAC: A patient-centered access control method","authors":"N. Huynh, M. Frappier, Herman Pooda, A. Mammar, Régine Laleau","doi":"10.1109/RCIS.2016.7549286","DOIUrl":null,"url":null,"abstract":"This paper presents SGAC(Solution de Gestion Automatisée du Consentement, automatised consent management solution), a new healthcare access control model and its support tool, that manages patient wishes regarding access to their electronic health record (EHR). The development of this model has been achieved in the scope of a project with the Sherbrooke University Hospital, and thus has been adapted to take into account laws and regulations applicable in Québec and Canada, as they set bounds to patient wishes: under strictly defined contexts, patient consent can be overridden to protect his/her life. Moreover, since patient wishes and laws can be in conflict, SGAC provides a mechanism to address this problem. Besides, laws do not cover all cases where consent should be overridden to ensure patient safety. To this end, we define a formal model of SGAC which allows for property verification, making it possible to detect these cases. A performance comparison with XACML (WSO2/Balana) is presented and demonstrates the superior performances of SGAC.","PeriodicalId":344289,"journal":{"name":"2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RCIS.2016.7549286","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

This paper presents SGAC(Solution de Gestion Automatisée du Consentement, automatised consent management solution), a new healthcare access control model and its support tool, that manages patient wishes regarding access to their electronic health record (EHR). The development of this model has been achieved in the scope of a project with the Sherbrooke University Hospital, and thus has been adapted to take into account laws and regulations applicable in Québec and Canada, as they set bounds to patient wishes: under strictly defined contexts, patient consent can be overridden to protect his/her life. Moreover, since patient wishes and laws can be in conflict, SGAC provides a mechanism to address this problem. Besides, laws do not cover all cases where consent should be overridden to ensure patient safety. To this end, we define a formal model of SGAC which allows for property verification, making it possible to detect these cases. A performance comparison with XACML (WSO2/Balana) is presented and demonstrates the superior performances of SGAC.

查看原文本刊更多论文

SGAC:以患者为中心的访问控制方法

本文介绍了SGAC(自动同意管理解决方案)，这是一种新的医疗保健访问控制模型及其支持工具，用于管理患者对其电子健康记录(EHR)的访问意愿。这一模式是在与舍布鲁克大学医院合作的一个项目范围内开发的，因此已经进行了调整，以考虑到科威特和加拿大适用的法律和条例，因为这些法律和条例对病人的愿望设定了界限:在严格界定的情况下，可以不考虑病人的同意，以保护他/她的生命。此外，由于患者的愿望和法律可能存在冲突，SGAC提供了一种解决这一问题的机制。此外，法律并没有涵盖所有为了确保病人安全而不考虑同意的情况。为此，我们定义了一个正式的SGAC模型，该模型允许进行属性验证，从而可以检测到这些情况。通过与XACML (WSO2/Balana)的性能比较，证明了SGAC的优越性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS)

自引率

0.00%

发文量