scholarly journals Accessing electronic health records in critical incidents using context-aware attribute-based access control

2021 ◽  
pp. 1-13
Author(s):  
Evgenia Psarra ◽  
Yiannis Verginadis ◽  
Ioannis Patiniotakis ◽  
Dimitris Apostolou ◽  
Gregoris Mentzas
Keyword(s):  
Access Control ◽  
Electronic Health Records ◽  
Contextual Information ◽  
Access To Healthcare ◽  
Context Aware ◽  
Health Records ◽  
Healthcare Data ◽  
Emergency Situations ◽  
Attribute Based Access Control ◽  
Critical Situations

In emergency situations, different actors involved in first aid services should be authorized to retrieve information from the patient’s Electronic Health Records (EHRs). The research objectives of this work involve the development and implementation of methods to characterise emergency situations requiring extraordinary access to healthcare data. The aim is to implement such methods based on contextual information pertaining to specific patients and emergency situations and also leveraging personalisation aspects which enable the efficient access control on sensitive data during emergencies. The Attribute Based Access Control paradigm is used in order to grant access to EHRs based on contextual information. We introduce an ABAC approach using personalized context handlers, in which raw contextual information can be uplifted in order to recognize critical situations and grant access to healthcare data. Results indicate that context-aware ABAC is a very effective method for detecting critical situations that require emergency access to personal health records. In comparison to RBAC implementations of emergency access control to EHRs, the proposed ABAC implementation leverages contextual information pertaining to the specific patient and emergency situations. Contextual information increases the capability of ABAC to recognize critical situations and grant access to healthcare data.

scholarly journals Secure Exchange of Electronic Health Records

2012 ◽  
pp. 1403-1424
Author(s):  
Alejandro Enrique Flores ◽  
Khin Than Win ◽  
Willy Susilo
Keyword(s):  
Health Care ◽  
Access Control ◽  
Electronic Health Records ◽  
Shared Care ◽  
Health Records ◽  
Discretionary Access Control ◽  
Attribute Based Encryption ◽  
Electronic Health ◽  
Role Based ◽  
Traditional Approaches

Protecting the confidentiality of a patient’s information in a shared care environment could become a complex task. Correct identification of users, assigning of access permissions, and resolution of conflict rise as main points of interest in providing solutions for data exchange among health care providers. Traditional approaches such as Mandatory Access Control, Discretionary Access control and Role-Based Access Control policies do not always provide a suitable solution for health care settings, especially for shared care environments. The core of this contribution consists in the description of an approach which uses attribute-based encryption to protect the confidentiality of patients’ information during the exchange of electronic health records among healthcare providers. Attribute-based encryption allows the reinforcing of access policies and reduces the risk of unauthorized access to sensitive information; it also provides a set of functionalities which are described using a case study. Attribute-based encryption provides an answer to restrictions presented by traditional approaches and facilitate the reinforcing of existing security policies over the transmitted data.

Hierarchy Similarity Analyser-An Approach to Securely Share Electronic Health Records

2020 ◽  
pp. 1485-1501
Author(s):  
Shalini Bhartiya ◽  
Deepti Mehrotra ◽  
Anup Girdhar
Keyword(s):  
Access Control ◽  
Electronic Health Records ◽  
Control Policy ◽  
Healthcare Organizations ◽  
Health Records ◽  
Role Hierarchy ◽  
Access Control Policies ◽  
Electronic Health ◽  
Policy Testing ◽  
Organizational Rules

Health professionals need an access to various dimensions of Electronic Health Records (EHR). Depending on technical constraints, each organization defines its own access control schema exhibiting heterogeneity in organizational rules and policies. Achieving interoperability between such schemas often result in contradictory rules thereby exposing data to undue disclosures. Permitting interoperable sharing of EHRs and simultaneously restricting unauthorized access is the major objective of this paper. An Extensible Access Control Markup Language (XACML)-based framework, Hierarchy Similarity Analyser (HSA), is proposed which fine-grains access control policies of disparate healthcare organizations to achieve interoperable and secured sharing of EHR under set authorizations. The proposed framework is implemented and verified using automated Access Control Policy Testing (ACPT) tool developed by NIST. Experimental results identify the users receive secured and restricted access as per their authorizations and role hierarchy in the organization.

Privacy-Friendly Management of Electronic Health Records in the eHealth Context

2015 ◽  
pp. 251-264
Author(s):  
Milica Milutinovic ◽  
Bart De Decker
Keyword(s):  
Electronic Health Records ◽  
Large Scale ◽  
Patient Data ◽  
Health Records ◽  
Privacy Concerns ◽  
Ubiquitous Technology ◽  
Emergency Situations ◽  
User Centric ◽  
Electronic Health

Electronic Health Records (EHRs) are becoming the ubiquitous technology for managing patients' records in many countries. They allow for easier transfer and analysis of patient data on a large scale. However, privacy concerns linked to this technology are emerging. Namely, patients rarely fully understand how EHRs are managed. Additionally, the records are not necessarily stored within the organization where the patient is receiving her healthcare. This service may be delegated to a remote provider, and it is not always clear which health-provisioning entities have access to this data. Therefore, in this chapter the authors propose an alternative where users can keep and manage their records in their existing eHealth systems. The approach is user-centric and enables the patients to have better control over their data while still allowing for special measures to be taken in case of emergency situations with the goal of providing the required care to the patient.

The Context-Security Nexus in Ubiquitous Computing

2016 ◽  
pp. 660-679
Author(s):  
M. Fahim Ferdous Khan ◽  
Ken Sakamura
Keyword(s):  
Access Control ◽  
Ubiquitous Computing ◽  
Context Awareness ◽  
Contextual Information ◽  
Healthcare Services ◽  
Context Aware ◽  
Context Sensitive ◽  
Access Control Models ◽  
Spatio Temporal ◽  
The Right

Context-awareness is a quintessential feature of ubiquitous computing. Contextual information not only facilitates improved applications, but can also become significant security parameters – which in turn can potentially ensure service delivery not to anyone anytime anywhere, but to the right person at the right time and place. Specially, in determining access control to resources, contextual information can play an important role. Access control models, as studied in traditional computing security, however, have no notion of context-awareness; and the recent works in the nascent field of context-aware access control predominantly focus on spatio-temporal contexts, disregarding a host of other pertinent contexts. In this paper, with a view to exploring the relationship of access control and context-awareness in ubiquitous computing, the authors propose a comprehensive context-aware access control model for ubiquitous healthcare services. They explain the design, implementation and evaluation of the proposed model in detail. They chose healthcare as a representative application domain because healthcare systems pose an array of non-trivial context-sensitive access control requirements, many of which are directly or indirectly applicable to other context-aware ubiquitous computing applications.

scholarly journals Privacy-aware relationship semantics–based XACML access control model for electronic health records in hybrid cloud

2019 ◽  
Vol 15 (6) ◽  
pp. 155014771984605 ◽  
Author(s):  
Tehsin Kanwal ◽  
Ather Abdul Jabbar ◽  
Adeel Anjum ◽  
Saif UR Malik ◽  
Abid Khan ◽  
...  
Keyword(s):  
Access Control ◽  
Electronic Health Records ◽  
Cloud Service ◽  
Control Model ◽  
Hybrid Cloud ◽  
Access Control Model ◽  
Health Records ◽  
Fine Grained ◽  
Electronic Health ◽  
Records Access

State-of-the-art progress in cloud computing encouraged the healthcare organizations to outsource the management of electronic health records to cloud service providers using hybrid cloud. A hybrid cloud is an infrastructure consisting of a private cloud (managed by the organization) and a public cloud (managed by the cloud service provider). The use of hybrid cloud enables electronic health records to be exchanged between medical institutions and supports multipurpose usage of electronic health records. Along with the benefits, cloud-based electronic health records also raise the problems of security and privacy specifically in terms of electronic health records access. A comprehensive and exploratory analysis of privacy-preserving solutions revealed that most current systems do not support fine-grained access control or consider additional factors such as privacy preservation and relationship semantics. In this article, we investigated the need of a privacy-aware fine-grained access control model for the hybrid cloud. We propose a privacy-aware relationship semantics–based XACML access control model that performs hybrid relationship and attribute-based access control using extensible access control markup language. The proposed approach supports fine-grained relation-based access control with state-of-the-art privacy mechanism named Anatomy for enhanced multipurpose electronic health records usage. The proposed (privacy-aware relationship semantics–based XACML access control model) model provides and maintains an efficient privacy versus utility trade-off. We formally verify the proposed model (privacy-aware relationship semantics–based XACML access control model) and implemented to check its effectiveness in terms of privacy-aware electronic health records access and multipurpose utilization. Experimental results show that in the proposed (privacy-aware relationship semantics–based XACML access control model) model, access policies based on relationships and electronic health records anonymization can perform well in terms of access policy response time and space storage.

Sign in / Sign up

Export Citation Format

Share Document