SGAC: A Multi-Layered Access Control Model with Conflict Resolution Strategy

2019 ◽  
Vol 62 (12) ◽  
pp. 1707-1733 ◽  
Author(s):  
Nghi Huynh ◽  
Marc Frappier ◽  
Herman Pooda ◽  
Amel Mammar ◽  
Régine Laleau
Keyword(s):  
Access Control ◽  
Healthcare Access ◽  
Control Model ◽  
Patient Privacy ◽  
Access Control Model ◽  
Support Tool ◽  
Patient Consent ◽  
Order Of Magnitude ◽  
Property Verification ◽  
Gestion Automatisée

AbstractThis paper presents SGAC (Solution de Gestion Automatisée du Consentement / automated consent management solution), a new healthcare access control model and its support tool, which manages patient wishes regarding access to their electronic health records (EHR). This paper also presents the verification of access control policies for SGAC using two first-order-logic model checkers based on distinct technologies, Alloy and ProB. The development of SGAC has been achieved within the scope of a project with the University of Sherbrooke Hospital (CHUS), and thus has been adapted to take into account regional laws and regulations applicable in Québec and Canada, as they set bounds to patient wishes: for safety reasons, under strictly defined contexts, patient consent can be overriden to protect his/her life (break-the-glass rules). Since patient wishes and those regulations can be in conflict, SGAC provides a mechanism to address this problem based on priority, specificity and modality. In order to protect patient privacy while ensuring effective caregiving in safety-critical situations, we check four types of properties: accessibility, availability, contextuality and rule effectivity. We conducted performance tests comparison: implementation of SGAC versus an implementation of another access control model, XACML, and property verification with Alloy versus ProB. The performance results show that SGAC performs better than XACML and that ProB outperforms Alloy by two order of magnitude thanks to its programmable approach to constraint solving.

scholarly journals Evolution of access control models for protection of patient details: a survey

2018 ◽  
Vol 7 (2.8) ◽  
pp. 554
Author(s):  
Geetanjali Sinha ◽  
Prabhu Shankar K.C ◽  
Shaurya Jain
Keyword(s):  
Access Control ◽  
Control Model ◽  
Role Based Access Control ◽  
Patient Privacy ◽  
Access Control Model ◽  
Access Control Models ◽  
Control Models ◽  
Role Hierarchy ◽  
Role Based ◽  
Electronic Hospital

Hospitals across the world are adapting to Electronic Hospital Information Systems and are moving away from the manual paper systems to provide patients efficient services. Numerous Access ControlModels have been deployed for securing patient privacy one of them being Role Based Access Control Model (RBAC). The current models merely allow access on the basis of roles and role hierarchy without actually understanding the real intention of the person accessing the system. This could lead to a compromise of patient privacy and thus new methods have been evolving. In this survey we will see an evolution of the access control models which lead to the discovery of KC-RBAC (Knowledge Constrained Role Based Access Control) Model which takes into consideration the knowledge related to the medical domain along with the role to provide authorization.

scholarly journals An Intelligent Control Model of Credit Line Computing in Intelligence Health-Care Systems

2021 ◽  
Vol 9 ◽  
Author(s):  
Rong Jiang ◽  
Wenxuan Wu ◽  
Yimin Yu ◽  
Feng Ma
Keyword(s):  
Machine Learning ◽  
Health Care ◽  
Access Control ◽  
Intelligent Control ◽  
Private Information ◽  
Control Model ◽  
Patient Privacy ◽  
Access Control Model ◽  
Credit Line ◽  
Biomedical Computing

Technologies such as machine learning and artificial intelligence have brought about a tremendous change to biomedical computing and intelligence health care. As a principal component of the intelligence healthcare system, the hospital information system (HIS) has provided great convenience to hospitals and patients, but incidents of leaking private information of patients through HIS occasionally occur at times. Therefore, it is necessary to properly control excessive access behavior. To reduce the risk of patient privacy leakage when medical data are accessed, this article proposes a dynamic permission intelligent access control model that introduces credit line calculation. According to the target given by the doctor in HIS and the actual access record, the International Classification of Diseases (ICD)-10 code is used to describe the degree of correlation, and the rationality of the access is formally described by a mathematical formula. The concept of intelligence healthcare credit lines is redefined with relevance and time Windows. The access control policy matches the corresponding credit limit and credit interval according to the authorization rules to achieve the purpose of intelligent control. Finally, with the actual data provided by a Grade-III Level-A hospital in Kunming, the program code is written through machine learning and biomedical computing-related technologies to complete the experimental test. The experiment proves that the intelligent access control model based on credit computing proposed in this study can play a role in protecting the privacy of patients to a certain extent.

G-R_TRBAC access control model in grid environment

2009 ◽  
Vol 28 (12) ◽  
pp. 3214-3216
Author(s):  
Yi DING ◽  
Yong FANG ◽  
An-min ZHOU ◽  
Jiao ZENG ◽  
Yu FAN
Keyword(s):  
Access Control ◽  
Control Model ◽  
Grid Environment ◽  
Access Control Model
Sign in / Sign up

Export Citation Format

Share Document