医疗保健环境中的多所有者多利益相关者访问控制模型

2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC) Pub Date : 2017-10-01 DOI:10.1109/CIC.2017.00053

Leila Karimi, J. Joshi

{"title":"医疗保健环境中的多所有者多利益相关者访问控制模型","authors":"Leila Karimi, J. Joshi","doi":"10.1109/CIC.2017.00053","DOIUrl":null,"url":null,"abstract":"Pervasive usage and wide-spread sharing of Electronic Health Records (EHRs) in modern healthcare environments has resulted in high availability of patients' medical history from any location and at any time, which has potential to make health care services both cheaper and of higher quality. However, EHRs contain huge amounts of sensitive information which should be protected from unauthorized accesses, otherwise allowing these records to be accessed by multiple parties may put patient privacy at high risk. Access control solutions must assure to reflect access control policies of all healthcare providers who are involved in generating such critical records as well as authorization policies of the patient as the primary stakeholder. In this paper, we propose a fine-grained semantic-based access control model that supports multi-owner multi-stakeholder policy specification and enforcement. In the proposed scheme, a trusted Policy Server is responsible for evaluating access requests to patients' health information. We also handle the policy conflicts that might arise at the time of access control policy enforcement. A proof-of-concept prototype is also implemented to demonstrate the feasibility of our model.","PeriodicalId":156843,"journal":{"name":"2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Multi-Owner Multi-Stakeholder Access Control Model for a Healthcare Environment\",\"authors\":\"Leila Karimi, J. Joshi\",\"doi\":\"10.1109/CIC.2017.00053\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Pervasive usage and wide-spread sharing of Electronic Health Records (EHRs) in modern healthcare environments has resulted in high availability of patients' medical history from any location and at any time, which has potential to make health care services both cheaper and of higher quality. However, EHRs contain huge amounts of sensitive information which should be protected from unauthorized accesses, otherwise allowing these records to be accessed by multiple parties may put patient privacy at high risk. Access control solutions must assure to reflect access control policies of all healthcare providers who are involved in generating such critical records as well as authorization policies of the patient as the primary stakeholder. In this paper, we propose a fine-grained semantic-based access control model that supports multi-owner multi-stakeholder policy specification and enforcement. In the proposed scheme, a trusted Policy Server is responsible for evaluating access requests to patients' health information. We also handle the policy conflicts that might arise at the time of access control policy enforcement. A proof-of-concept prototype is also implemented to demonstrate the feasibility of our model.\",\"PeriodicalId\":156843,\"journal\":{\"name\":\"2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC)\",\"volume\":\"18 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CIC.2017.00053\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CIC.2017.00053","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

在现代医疗保健环境中，电子健康记录(EHRs)的广泛使用和广泛共享导致了患者在任何地点和任何时间的病史的高可用性，这有可能使医疗保健服务既便宜又高质量。然而，电子病历中包含大量敏感信息，这些信息应该受到保护，防止未经授权的访问，否则允许多方访问这些记录可能会给患者的隐私带来高风险。访问控制解决方案必须确保反映所有参与生成此类关键记录的医疗保健提供者的访问控制策略，以及作为主要利益相关者的患者的授权策略。在本文中，我们提出了一个细粒度的基于语义的访问控制模型，该模型支持多所有者多利益相关者的策略规范和实施。在该方案中，可信策略服务器负责评估对患者健康信息的访问请求。我们还处理在执行访问控制策略时可能出现的策略冲突。一个概念验证原型也被实现，以证明我们的模型的可行性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Multi-Owner Multi-Stakeholder Access Control Model for a Healthcare Environment

Pervasive usage and wide-spread sharing of Electronic Health Records (EHRs) in modern healthcare environments has resulted in high availability of patients' medical history from any location and at any time, which has potential to make health care services both cheaper and of higher quality. However, EHRs contain huge amounts of sensitive information which should be protected from unauthorized accesses, otherwise allowing these records to be accessed by multiple parties may put patient privacy at high risk. Access control solutions must assure to reflect access control policies of all healthcare providers who are involved in generating such critical records as well as authorization policies of the patient as the primary stakeholder. In this paper, we propose a fine-grained semantic-based access control model that supports multi-owner multi-stakeholder policy specification and enforcement. In the proposed scheme, a trusted Policy Server is responsible for evaluating access requests to patients' health information. We also handle the policy conflicts that might arise at the time of access control policy enforcement. A proof-of-concept prototype is also implemented to demonstrate the feasibility of our model.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC)

自引率

0.00%

发文量