RBTBAC: Secure access and management of EHR data

Security and privacy are widely recognized as important and personalized requirements for access and management of Electric Health Record (EHR) data. Different patients may have different privacy and security policies for their EHR data in different context. In this paper we argue that EHR data needs to be managed with customizable access control in both spatial and temporal dimension. We present a role-based and time-bound access control model (RBTBAC) that provides more flexibility of both roles (spatial capability) and temporal capability to control the access of sensitive data from time dimension. Through algorithmic combination of role-based access control and time-bound key management, RBTBAC model has three salient features. First, we have developed a privacy-aware and dynamic key structure for role-based privacy aware access and management of EHR data, focusing on the consistency of access authorization (including data and time interval) with the activated role of user. In addition to role-based access, a path-invisible EHR structure is build for preserving privacy of patients. Second, we have employed a time tree method for generating time granule values, offering fine granularity of time-bound access authorization and control. Our experimental results show that tree-like time structure can improve the performance of the key management scheme significantly and RBTBAC model is more suitable than existing solutions for EHR data management since it offers high-efficiency and better security and privacy for patients.