Access control to the electronic health records: a case study of an Algerian health organisation

2021 ◽  
Vol 13 (3) ◽  
pp. 181
Author(s):  
Asma Belaidi ◽  
Mohammed El Amine Abderrahim
Keyword(s):  
Access Control ◽  
Electronic Health Records ◽  
Health Records ◽  
Electronic Health

scholarly journals Secure Exchange of Electronic Health Records

2012 ◽  
pp. 1403-1424
Author(s):  
Alejandro Enrique Flores ◽  
Khin Than Win ◽  
Willy Susilo
Keyword(s):  
Health Care ◽  
Access Control ◽  
Electronic Health Records ◽  
Shared Care ◽  
Health Records ◽  
Discretionary Access Control ◽  
Attribute Based Encryption ◽  
Electronic Health ◽  
Role Based ◽  
Traditional Approaches

Protecting the confidentiality of a patient’s information in a shared care environment could become a complex task. Correct identification of users, assigning of access permissions, and resolution of conflict rise as main points of interest in providing solutions for data exchange among health care providers. Traditional approaches such as Mandatory Access Control, Discretionary Access control and Role-Based Access Control policies do not always provide a suitable solution for health care settings, especially for shared care environments. The core of this contribution consists in the description of an approach which uses attribute-based encryption to protect the confidentiality of patients’ information during the exchange of electronic health records among healthcare providers. Attribute-based encryption allows the reinforcing of access policies and reduces the risk of unauthorized access to sensitive information; it also provides a set of functionalities which are described using a case study. Attribute-based encryption provides an answer to restrictions presented by traditional approaches and facilitate the reinforcing of existing security policies over the transmitted data.

Hierarchy Similarity Analyser-An Approach to Securely Share Electronic Health Records

2020 ◽  
pp. 1485-1501
Author(s):  
Shalini Bhartiya ◽  
Deepti Mehrotra ◽  
Anup Girdhar
Keyword(s):  
Access Control ◽  
Electronic Health Records ◽  
Control Policy ◽  
Healthcare Organizations ◽  
Health Records ◽  
Role Hierarchy ◽  
Access Control Policies ◽  
Electronic Health ◽  
Policy Testing ◽  
Organizational Rules

Health professionals need an access to various dimensions of Electronic Health Records (EHR). Depending on technical constraints, each organization defines its own access control schema exhibiting heterogeneity in organizational rules and policies. Achieving interoperability between such schemas often result in contradictory rules thereby exposing data to undue disclosures. Permitting interoperable sharing of EHRs and simultaneously restricting unauthorized access is the major objective of this paper. An Extensible Access Control Markup Language (XACML)-based framework, Hierarchy Similarity Analyser (HSA), is proposed which fine-grains access control policies of disparate healthcare organizations to achieve interoperable and secured sharing of EHR under set authorizations. The proposed framework is implemented and verified using automated Access Control Policy Testing (ACPT) tool developed by NIST. Experimental results identify the users receive secured and restricted access as per their authorizations and role hierarchy in the organization.

scholarly journals Privacy-aware relationship semantics–based XACML access control model for electronic health records in hybrid cloud

2019 ◽  
Vol 15 (6) ◽  
pp. 155014771984605 ◽  
Author(s):  
Tehsin Kanwal ◽  
Ather Abdul Jabbar ◽  
Adeel Anjum ◽  
Saif UR Malik ◽  
Abid Khan ◽  
...  
Keyword(s):  
Access Control ◽  
Electronic Health Records ◽  
Cloud Service ◽  
Control Model ◽  
Hybrid Cloud ◽  
Access Control Model ◽  
Health Records ◽  
Fine Grained ◽  
Electronic Health ◽  
Records Access

State-of-the-art progress in cloud computing encouraged the healthcare organizations to outsource the management of electronic health records to cloud service providers using hybrid cloud. A hybrid cloud is an infrastructure consisting of a private cloud (managed by the organization) and a public cloud (managed by the cloud service provider). The use of hybrid cloud enables electronic health records to be exchanged between medical institutions and supports multipurpose usage of electronic health records. Along with the benefits, cloud-based electronic health records also raise the problems of security and privacy specifically in terms of electronic health records access. A comprehensive and exploratory analysis of privacy-preserving solutions revealed that most current systems do not support fine-grained access control or consider additional factors such as privacy preservation and relationship semantics. In this article, we investigated the need of a privacy-aware fine-grained access control model for the hybrid cloud. We propose a privacy-aware relationship semantics–based XACML access control model that performs hybrid relationship and attribute-based access control using extensible access control markup language. The proposed approach supports fine-grained relation-based access control with state-of-the-art privacy mechanism named Anatomy for enhanced multipurpose electronic health records usage. The proposed (privacy-aware relationship semantics–based XACML access control model) model provides and maintains an efficient privacy versus utility trade-off. We formally verify the proposed model (privacy-aware relationship semantics–based XACML access control model) and implemented to check its effectiveness in terms of privacy-aware electronic health records access and multipurpose utilization. Experimental results show that in the proposed (privacy-aware relationship semantics–based XACML access control model) model, access policies based on relationships and electronic health records anonymization can perform well in terms of access policy response time and space storage.

Hierarchy Similarity Analyser-An Approach to Securely Share Electronic Health Records

2016 ◽  
Vol 7 (2) ◽  
pp. 14-29 ◽  
Author(s):  
Shalini Bhartiya ◽  
Deepti Mehrotra ◽  
Anup Girdhar
Keyword(s):  
Access Control ◽  
Electronic Health Records ◽  
Control Policy ◽  
Healthcare Organizations ◽  
Health Records ◽  
Role Hierarchy ◽  
Access Control Policies ◽  
Electronic Health ◽  
Policy Testing ◽  
Organizational Rules

Health professionals need an access to various dimensions of Electronic Health Records (EHR). Depending on technical constraints, each organization defines its own access control schema exhibiting heterogeneity in organizational rules and policies. Achieving interoperability between such schemas often result in contradictory rules thereby exposing data to undue disclosures. Permitting interoperable sharing of EHRs and simultaneously restricting unauthorized access is the major objective of this paper. An Extensible Access Control Markup Language (XACML)-based framework, Hierarchy Similarity Analyser (HSA), is proposed which fine-grains access control policies of disparate healthcare organizations to achieve interoperable and secured sharing of EHR under set authorizations. The proposed framework is implemented and verified using automated Access Control Policy Testing (ACPT) tool developed by NIST. Experimental results identify the users receive secured and restricted access as per their authorizations and role hierarchy in the organization.

Sign in / Sign up

Export Citation Format

Share Document