Behavior-Based Access Control for Distributed Healthcare Environment

2008 21st IEEE International Symposium on Computer-Based Medical Systems Pub Date : 2008-06-17 DOI:10.1109/CBMS.2008.14

Mohammad H. Yarmand, K. Sartipi, D. Down

{"title":"Behavior-Based Access Control for Distributed Healthcare Environment","authors":"Mohammad H. Yarmand, K. Sartipi, D. Down","doi":"10.1109/CBMS.2008.14","DOIUrl":null,"url":null,"abstract":"Privacy and security are critical requirements for using patient profiles in distributed healthcare environments. The amalgamation of new information technology with traditional healthcare workflows for sharing patient profiles has made the entire system vulnerable to security and privacy breaches. In this paper we present a novel access control model based on a framework designed for data and service interoperability in the healthcare domain. The proposed model for customizable access control captures the dynamic behavior of the user and determines access rights accordingly. The model is generic and flexible in the sense that an access control engine dynamically receives security effective factors from the subject user, and identifies the privilege level in accessing clinical data using different specialized components within the engine. Standard data representation formats are used to make the model compatible with different healthcare environments. The access control engine uses a flow-based approach to follow the user's behavior. The proposed model is supported by a real world case study.","PeriodicalId":377855,"journal":{"name":"2008 21st IEEE International Symposium on Computer-Based Medical Systems","volume":"68 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 21st IEEE International Symposium on Computer-Based Medical Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CBMS.2008.14","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 16

Abstract

Privacy and security are critical requirements for using patient profiles in distributed healthcare environments. The amalgamation of new information technology with traditional healthcare workflows for sharing patient profiles has made the entire system vulnerable to security and privacy breaches. In this paper we present a novel access control model based on a framework designed for data and service interoperability in the healthcare domain. The proposed model for customizable access control captures the dynamic behavior of the user and determines access rights accordingly. The model is generic and flexible in the sense that an access control engine dynamically receives security effective factors from the subject user, and identifies the privilege level in accessing clinical data using different specialized components within the engine. Standard data representation formats are used to make the model compatible with different healthcare environments. The access control engine uses a flow-based approach to follow the user's behavior. The proposed model is supported by a real world case study.

查看原文本刊更多论文

分布式医疗保健环境中基于行为的访问控制

隐私和安全性是在分布式医疗保健环境中使用患者配置文件的关键需求。将新信息技术与传统医疗保健工作流程相结合以共享患者资料，使得整个系统容易受到安全和隐私泄露的影响。在本文中，我们提出了一种新的访问控制模型，该模型基于为医疗保健领域的数据和服务互操作性而设计的框架。提出的可定制访问控制模型捕获用户的动态行为，并据此确定访问权限。该模型具有通用性和灵活性，因为访问控制引擎动态地接收来自主题用户的安全有效因子，并使用引擎中不同的专用组件识别访问临床数据的权限级别。使用标准数据表示格式使模型与不同的医疗保健环境兼容。访问控制引擎使用基于流的方法来跟踪用户的行为。所提出的模型得到了实际案例研究的支持。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2008 21st IEEE International Symposium on Computer-Based Medical Systems

自引率

0.00%

发文量