Title :
A contextual role-based access control authorization model for electronic patient record
Author :
Motta, Gustavo H M B ; Furuie, Sergio S.
Author_Institution :
Dept. of Informatics, Fed. Univ. of Paraiba, Joao Pessoa, Brazil
Abstract :
The design of proper models for authorization and access control for electronic patient record (EPR) is essential to a wide scale use of EPR in large health organizations. In this paper, we propose a contextual role-based access control authorization model aiming to increase the patient privacy and the confidentiality of patient data, whereas being flexible enough to consider specific cases. This model regulates user´s access to EPR based on organizational roles. It supports a role-tree hierarchy with authorization inheritance; positive and negative authorizations; static and dynamic separation of duties based on weak and strong role conflicts. Contextual authorizations use environmental information available at access time, like user/patient relationship, in order to decide whether a user is allowed to access an EPR resource. This enables the specification of a more flexible and precise authorization policy, where permission is granted or denied according to the right and the need of the user to carry out a particular job function.
Keywords :
authorisation; data privacy; medical information systems; records management; authorization model; contextual role-based access control; data confidentiality; electronic patient record; large health organizations; organizational roles; patient privacy; role-tree hierarchy; Access control; Authorization; Biomedical informatics; Context modeling; Data privacy; Heart; Helium; NIST; Paramagnetic resonance; Permission; Algorithms; Computer Security; Confidentiality; Database Management Systems; Decision Support Techniques; Information Storage and Retrieval; Medical Records Systems, Computerized; Professional-Patient Relations;
Journal_Title :
Information Technology in Biomedicine, IEEE Transactions on
DOI :
10.1109/TITB.2003.816562