A Comparative Analysis of Chain-Based Access Control and Role-Based Access Control in the Healthcare Domain

2013 ◽  
Vol 7 (3) ◽  
pp. 36-52 ◽  
Author(s):  
Esraa Omran ◽  
Tyrone Grandison ◽  
David Nelson ◽  
Albert Bokma
Keyword(s):  
Comparative Analysis ◽  
Access Control ◽  
Personal Information ◽  
Security And Privacy ◽  
Role Based Access Control ◽  
Patient Privacy ◽  
Privacy Policies ◽  
Healthcare Applications ◽  
Seamless Integration ◽  
Role Based

The importance of electronic healthcare has caused numerous changes in both substantive and procedural aspects of healthcare processes. These changes have produced new challenges for patient privacy and information secrecy. Traditional privacy policies cannot respond to rapidly increased privacy needs of patients in electronic healthcare. Technically enforceable privacy policies are needed in order to protect patient privacy in modern healthcare with its cross-organizational information sharing and decision making. This paper proposes a personal information flow model that proposes a limited number of acts on this type of information. Ontology-classified chains of these acts can be used instead of the “intended business purposes” in the context of privacy access control. This enables the seamless integration of security and privacy into existing healthcare applications and their supporting infrastructures. In this paper, the authors present their idea of a Chain-Based Access Control (ChBAC) mechanism and provide a comparative analysis of it to Role-Based Access Control (RBAC). The evaluation is grounded in the healthcare domain and examines a range of typical access scenarios and approaches.

scholarly journals Evolution of access control models for protection of patient details: a survey

2018 ◽  
Vol 7 (2.8) ◽  
pp. 554
Author(s):  
Geetanjali Sinha ◽  
Prabhu Shankar K.C ◽  
Shaurya Jain
Keyword(s):  
Access Control ◽  
Control Model ◽  
Role Based Access Control ◽  
Patient Privacy ◽  
Access Control Model ◽  
Access Control Models ◽  
Control Models ◽  
Role Hierarchy ◽  
Role Based ◽  
Electronic Hospital

Hospitals across the world are adapting to Electronic Hospital Information Systems and are moving away from the manual paper systems to provide patients efficient services. Numerous Access ControlModels have been deployed for securing patient privacy one of them being Role Based Access Control Model (RBAC). The current models merely allow access on the basis of roles and role hierarchy without actually understanding the real intention of the person accessing the system. This could lead to a compromise of patient privacy and thus new methods have been evolving. In this survey we will see an evolution of the access control models which lead to the discovery of KC-RBAC (Knowledge Constrained Role Based Access Control) Model which takes into consideration the knowledge related to the medical domain along with the role to provide authorization.

scholarly journals A Security Framework for Electronic Medical Record

2020 ◽  
pp. 01-11
Author(s):  
Obaloje Nkem Daniel
Keyword(s):  
Access Control ◽  
Medical Record ◽  
Electronic Medical Record ◽  
Health Sector ◽  
Security And Privacy ◽  
Role Based Access Control ◽  
Security Framework ◽  
Record System ◽  
Wide Range ◽  
Role Based

Electronic Medical Record (EMR) is basically the digital equivalent of paper records, or charts at a clinician’s office. EMR assist and make easier the services rendered by a wide range of medical practitioners such as physicians, nurses, pharmacists and many others, hence, increasing the safety of patients. It's importance in the health sector cannot be overemphasized. The designed framework aims at identifying security challenges in the use and adoption of EMR, to design and implement a framework that will address issues identified in the use and adoption of EMR. This study presented a security framework to improve the security and privacy issues of EMRs by adopting Role Based Access Control and RSA cryptography. Role Based Access Control (RBAC) model was used because of its flexibility to support minimal functionality and its simplistic mode of assigning roles and permissions to users. In conclusion, this research was able to improve the security of EMRs and hence will increase its acceptance by health institutions which will bring about improved health services, especially in developing countries were manual record system are still prominent.

Deploying Privacy Improved RBAC in Web Information Systems

2011 ◽  
Vol 4 (2) ◽  
pp. 70-87
Author(s):  
Ioannis Mavridis
Keyword(s):  
Information Systems ◽  
Access Control ◽  
System Development ◽  
Security And Privacy ◽  
Just In Time ◽  
Role Based Access Control ◽  
Fine Grained ◽  
Web Information ◽  
Web Information Systems ◽  
Role Based

Access control technology holds a central role in achieving trustworthy management of personally identifiable information in modern information systems. In this article, a privacy-sensitive model that extends Role-Based Access Control (RBAC) to provide privacy protection through fine-grained and just-in-time access control in Web information systems is proposed. Moreover, easy and effective mapping of corresponding components is recognized as an important factor for succeeding in matching security and privacy objectives. Such a process is proposed to be accomplished by capturing and modeling privacy requirements in the early stages of information system development. Therefore, a methodology for deploying the mechanisms of an access control system conforming to the proposed Privacy Improved Role-Based Access Control (PIRBAC) model is presented. To illustrate the application of the proposed methodology, an application example in the healthcare domain is described.

Deploying Privacy Improved RBAC in Web Information Systems

2012 ◽  
pp. 298-315
Author(s):  
Ioannis Mavridis
Keyword(s):  
Information Systems ◽  
Access Control ◽  
System Development ◽  
Security And Privacy ◽  
Just In Time ◽  
Role Based Access Control ◽  
Fine Grained ◽  
Web Information ◽  
Web Information Systems ◽  
Role Based

Access control technology holds a central role in achieving trustworthy management of personally identifiable information in modern information systems. In this article, a privacy-sensitive model that extends Role-Based Access Control (RBAC) to provide privacy protection through fine-grained and just-in-time access control in Web information systems is proposed. Moreover, easy and effective mapping of corresponding components is recognized as an important factor for succeeding in matching security and privacy objectives. Such a process is proposed to be accomplished by capturing and modeling privacy requirements in the early stages of information system development. Therefore, a methodology for deploying the mechanisms of an access control system conforming to the proposed Privacy Improved Role-Based Access Control (PIRBAC) model is presented. To illustrate the application of the proposed methodology, an application example in the healthcare domain is described.

scholarly journals A Comparative Study to the Semantics of Ontology Chain-Based Data Access Control versus Conventional Methods in Healthcare Applications

2017 ◽  
Vol 10 (4) ◽  
pp. 1
Author(s):  
Esraa Omran ◽  
David Nelson ◽  
Ali M. Roumani
Keyword(s):  
Access Control ◽  
Data Access ◽  
Healthcare Sector ◽  
Role Based Access Control ◽  
Healthcare Applications ◽  
Data Access Control ◽  
Control Versus ◽  
Conventional Methods ◽  
Role Based ◽  
The State Of Kuwait

The necessity of having intelligent methodology to access databases in networks has become more apparent in the age of distributed networks. Using semantics and ontologies can be highly helpful in developing such methodologies, as they provide the required classifications and mined information. The necessities that are required by the database administrator to build durable, reliable, and flexible data access methodology have been highly appreciated. This study that compares between the proposed system and conventional methods, for example Role Based Access Control (RBAC) and classical chain-based methods. The comparison is done using applications in the healthcare sector. This study is based on real surveys that have been conducted in an active hospital in the State of Kuwait.

A Clark-Wilson and ANSI role-based access control model

2020 ◽  
Vol 28 (3) ◽  
pp. 373-395
Author(s):  
Tamir Tsegaye ◽  
Stephen Flowerday
Keyword(s):  
Content Analysis ◽  
Access Control ◽  
Patient Information ◽  
Secondary Data ◽  
Security And Privacy ◽  
Role Based Access Control ◽  
Content Type ◽  
Wilson Model ◽  
Key Concepts ◽  
Role Based

Purpose An electronic health record (EHR) enables clinicians to access and share patient information electronically and has the ultimate goal of improving the delivery of healthcare. However, this can create security and privacy risks to patient information. This paper aims to present a model for securing the EHR based on role-based access control (RBAC), attribute-based access control (ABAC) and the Clark-Wilson model. Design/methodology/approach A systematic literature review was conducted which resulted in the collection of secondary data that was used as the content analysis sample. Using the MAXQDA software program, the secondary data was analysed quantitatively using content analysis, resulting in 2,856 tags, which informed the discussion. An expert review was conducted to evaluate the proposed model using an evaluation framework. Findings The study found that a combination of RBAC, ABAC and the Clark-Wilson model may be used to secure the EHR. While RBAC is applicable to healthcare, as roles are linked to an organisation’s structure, its lack of dynamic authorisation is addressed by ABAC. Additionally, key concepts of the Clark-Wilson model such as well-formed transactions, authentication, separation of duties and auditing can be used to secure the EHR. Originality/value Although previous studies have been based on a combination of RBAC and ABAC, this study also uses key concepts of the Clark-Wilson model for securing the EHR. Countries implementing the EHR can use the model proposed by this study to help secure the EHR while also providing EHR access in a medical emergency.

Sign in / Sign up

Export Citation Format

Share Document