Skip to main content
Hauptrubriken
CME Facharzt-Training Webinare Zeitschriften Bücher e.Medpedia Podcast
Service
Jobbörse Info & Hilfe
Fachgebiete
Anästhesiologie Allgemeinmedizin Arbeitsmedizin Augenheilkunde Chirurgie Dermatologie Gynäkologie und Geburtshilfe HNO Innere Medizin Kardiologie Neurologie Onkologie und Hämatologie Orthopädie und Unfallchirurgie Pädiatrie Pathologie Psychiatrie Radiologie Rechtsmedizin Urologie Zahnmedizin
Themen
Klimawandel und Gesundheit Neues aus dem Markt COVID-19 Praxis und Beruf Seltene Erkrankungen GOÄ & EBM Panorama
Sammlungen
Kasuistiken Algorithmen & Infografiken Blickdiagnosen Arthropedia FlapFinder (für Dermatochirurgen) Videos Kongressberichterstattung Medizin für Apothekerinnen und Apotheker Für Ärztinnen und Ärzte in Weiterbildung Für Medizinstudierende
Erweiterte Suche
Anmelden
nach oben
Journal of Medical Systems
Erschienen in: Journal of Medical Systems 11/2016

01.11.2016 | Patient Facing Systems

A Novel Reference Security Model with the Situation Based Access Policy for Accessing EPHR Data

verfasst von: Prosanta Gope, Ruhul Amin

Erschienen in: Journal of Medical Systems | Ausgabe 11/2016

Einloggen, um Zugang zu erhalten

Abstract

Electronic Patient Health Record (EPHR) systems may facilitate a patient not only to share his/her health records securely with healthcare professional but also to control his/her health privacy, in a convenient and easy way even in case of emergency. In order to fulfill these requirements, it is greatly desirable to have the access control mechanism which can efficiently handle every circumstance without negotiating security. However, the existing access control mechanisms used in healthcare to regulate and restrict the disclosure of patient data are often bypassed in case of emergencies. In this article, we propose a way to securely share EPHR data under any situation including break-the-glass (BtG) without compromising its security. In this regard, we design a reference security model, which consists of a multi-level data flow hierarchy, and an efficient access control framework based on the conventional Role-Based Access Control (RBAC) and Mandatory Access Control (MAC) policies.
Literatur
1.
Sandhu, R.S., and Samarati, P., Access control: principle and practice. IEEE Commun. Mag. 32(9):40–48, 1994.CrossRef
2.
Ferraiolo, D.F., and Kuhn, D.R., Role Based Access Control, In: 15th National Computer Security Conf, 554–563, 1992.
3.
Sandhu, R.S., et al., Role-based access control models. Computer. 29(2):38–47, 1996.CrossRef
4.
5.
Ferraiolo, D.F., et al., Proposed NIST standard for Role-based Access Control. ACM Trans. Inf. Syst. Secur. (TISSEC). 4(3):224–274, 2001.CrossRef
6.
Sandhu, R. S. et al., The NIST model for role based access control: Toward a Unified Standard, In: Proc. 5th ACM Workshop on Role Based Access Control, New York, pp: 47–63, 2000.
7.
Thomas, R. K., Team-based Access Control (TMAC): A primitive for applying role-based access controls in collaborative environments”, In: Proc. 2nd ACM Workshop on Role based Access Control, New York, pp. 13–19, 1997.
8.
Joshi, J.B.D. et al., A generalized temporal role-based access control model, In Knowledge and Data Engineering IEEE Transactions, pp. 4–23, 2005.
9.
Kulkarni, D., and Tripathi, A., Context-aware role-based access control in pervasive computing systems, In: Proc. 13th ACM Symp. on Access Control Models and Technologies, New York, pp: 113–122, 2008.
10.
Bertino, E. et al., GEORBAC: A Spatially Aware RBAC, In: Proc. 10th ACM Symp. on Access Control Models and Technologies, New York, pp. 29–37, 2005.
11.
Bertino, E. et al., TRBAC: A temporal role based access control model, In: ACM Transactions on Information and System Security (TISSEC), pp. 191–233, 2001.
12.
Covington, M. J., Generalized role based access control for securing future applications, In: Proc. of the Nat. Information Systems Security Conf., 2000.
13.
Park, S.H., et al., Context-role based access control for context-aware application. In: High Performance Computing and Communications. Springer Berlin, Heidelberg, pp. 572–580, 2006.CrossRef
14.
Moyer, M. J. and Ahamad, M., Generalized role-based access control”, In: Proc. of the 21st IEEE Int. Conf. on Distributed Computing Systems, Mesa, AZ, pp. 391–398, 2001.
15.
Motta, G. et al., A contextual role-based access control authorization model for electronic patient record, In: Information Technology in Biomedicine, IEEE Transactions, , pp. 202–207, 2001.
16.
Russell, D., and Gangemi, G.T., Computer System Security and Access Control. In: Computer Security Basics, 2nd edn. O’Reilly, California, pp. 61–69, 2006 ch.3.
17.
Georgiadis, C.K. et al., Flexible team-based access control using contexts, In: Proc. 6th ACM Symp. on Access Control Models and Technologies, New York, pp. 21–27, 2001.
18.
Karp, A.H. et al, From ABAC to ZBAC: the evolution of access control models In: Hewlett-Packard Development Company, LP 21, 2009.
19.
Kuhn, D.R., et al., Adding attribute to role-based access control. Computer. 43(6):79–81, 2010.CrossRef
20.
Pelega, M., et al., Situation-based access control: privacy management via modeling of patient data access scenarios. J. Biomed. Inform.:1028–1040, 2008.
21.
Rissanen, E. et al., Towards a Mechanism for Discretionary Overriding of Access Control, In: Proc. 12th Int. Workshop on Security Protocols, Cambridge, 2004.
22.
Povey, D., Optimistic security: a new access control paradigm, In: Proc. 1999 workshop on New Security Paradigms, ACM Press, pp. 40–45, 2000.
23.
Ferreira, A. et al., How to break access control in a controlled manner, In: Proc. 19th IEEE Symp. on Computer-Based Medical Systems, pp. 847–851, 2006.
24.
Break-glass: An approach to granting emergency access to healthcare systems, White paper, Joint –NEMA/COCIR/JIRA Security and Privacy Committee (SPC), 2004.
25.
Juan, Y., Simon, D., and Susan, M., Situation identification techniques in pervasive computing: a review. Pervasive Mob. Comput. 8(1):36–66, 2012.CrossRef
26.
Zhang, R., Liu, L., and Xue, R., Role-based and time-bound access and management of EHR data, Security and Communication Networks, doi:10.​1002/​sec, 2010.
27.
Schefer-Wenzl, S. and Strembeck, M., Generic support for RBAC breakglass policies in process-aware information systems. Proceedings of the 28th Annual ACM Symposium on Applied Computing, pages 1441–1446, 2013.
28.
Rostad, L., An Initial Model and a Discussion of Access Control inPatient Controlled Health Records”, In: The 3rd Int. Conf. on Availability, Reliability and Security, pp. 935–942, 2008.
29.
30.
Ardagna, C.A., et al., Access control for smarter healthcare using policy spaces. Computers & Security. 29(8):848–858, 2010.CrossRef
31.
Zhao, G. et al., Obligation for Role Based Access Control, In: IEEE Int. Symp. on Security in Networks and Distributed Systems (SSNDS07), 2007.
32.
Ferreira, A. et al., How to Securely Break into RBAC: The BTG-RBAC Model, Computer Security Applications Conference, 2009. ACSAC ‘09. Annual, Honolulu, pp. 23–31, 2009. doi:10.​1109/​ACSAC.​2009.​12
33.
Maw, H. A., Xiao, H., Christianson, B., Malcolm, J. A. An evaluation of break-the-glass access control model for medical data in wireless sensor networks, e-Health Networking, Applications and Services (Healthcom), IEEE 16th International Conference on, On page(s): pp. 130–135, 2014.
34.
Adriansyah, A., van Dongen, B-F., Zannone, N., Controlling Break-the-Glass through Alignment. SocialCom, pp. 606–611, 2013.
35.
Randike, G., Iannella, R., and Sahama, T.,Privacy oriented access control for electronic health records. electronic Journal of Health Informatics 8.2 (2014): 15.
36.
P. Gope, T. Hwang, “BSN-Care: A Secure IoT-based Modern Healthcare System Using Body Sensor Network,” IEEE Sensors Journal, Vol. 16 (5), pp. 1368–1376, 2016.
37.
Amin, R., Biswas, G. P., A Novel User Authentication and Key Agreement Protocol for Accessing Multi-Medical Server Usable in TMIS, J. Medical Systems 39(3) 2015.
38.
39.
Metadaten
Titel
A Novel Reference Security Model with the Situation Based Access Policy for Accessing EPHR Data
verfasst von
Prosanta Gope
Ruhul Amin
Publikationsdatum
01.11.2016
Verlag
Springer US
Erschienen in
Journal of Medical Systems / Ausgabe 11/2016
Print ISSN: 0148-5598
Elektronische ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-016-0620-4

Weitere Artikel der Ausgabe 11/2016

Journal of Medical Systems 11/2016 Zur Ausgabe

Mobile & Wireless Health

A Robust and Anonymous Two Factor Authentication and Key Agreement Protocol for Telecare Medicine Information Systems

Mobile Systems

A Pathophysiological Model-Driven Communication for Dynamic Distributed Medical Best Practice Guidance Systems

Patient Facing Systems

A bilinear pairing based anonymous authentication scheme in wireless body area networks for mHealth

Patient Facing Systems

Mining Health Social Media with Sentiment Analysis

Patient Facing Systems

Secured Medical Images - a Chaotic Pixel Scrambling Approach

Systems-Level Quality Improvement

Simulation of Trauma Incidents