Skip to main content
Key Specialties
Cardiology Diabetology Endocrinology Gastroenterology Geriatrics and Gerontology Gynecology and Obstetrics Hematology Infectious Disease Internal Medicine Nephrology Neurology Oncology Pediatrics Respiratory Medicine Rheumatology Surgery
Congress Coverage
2024 ACC Congress 2023 ESMO Congress 2023 EASD Congress 2023 ERS Congress 2023 ESC Congress
Clinical Collections
Advances in Alzheimer’s

At a glance: The STEP trials

A round-up of the STEP phase 3 clinical trials evaluating semaglutide for weight loss in people with overweight or obesity.
ADVANCED SEARCH
Log in
Top
Journal of Medical Systems
Published in: Journal of Medical Systems 11/2016

01-11-2016 | Patient Facing Systems

A Novel Reference Security Model with the Situation Based Access Policy for Accessing EPHR Data

Authors: Prosanta Gope, Ruhul Amin

Published in: Journal of Medical Systems | Issue 11/2016

Login to get access

Abstract

Electronic Patient Health Record (EPHR) systems may facilitate a patient not only to share his/her health records securely with healthcare professional but also to control his/her health privacy, in a convenient and easy way even in case of emergency. In order to fulfill these requirements, it is greatly desirable to have the access control mechanism which can efficiently handle every circumstance without negotiating security. However, the existing access control mechanisms used in healthcare to regulate and restrict the disclosure of patient data are often bypassed in case of emergencies. In this article, we propose a way to securely share EPHR data under any situation including break-the-glass (BtG) without compromising its security. In this regard, we design a reference security model, which consists of a multi-level data flow hierarchy, and an efficient access control framework based on the conventional Role-Based Access Control (RBAC) and Mandatory Access Control (MAC) policies.
Literature
1.
Sandhu, R.S., and Samarati, P., Access control: principle and practice. IEEE Commun. Mag. 32(9):40–48, 1994.CrossRef
2.
Ferraiolo, D.F., and Kuhn, D.R., Role Based Access Control, In: 15th National Computer Security Conf, 554–563, 1992.
3.
Sandhu, R.S., et al., Role-based access control models. Computer. 29(2):38–47, 1996.CrossRef
4.
5.
Ferraiolo, D.F., et al., Proposed NIST standard for Role-based Access Control. ACM Trans. Inf. Syst. Secur. (TISSEC). 4(3):224–274, 2001.CrossRef
6.
Sandhu, R. S. et al., The NIST model for role based access control: Toward a Unified Standard, In: Proc. 5th ACM Workshop on Role Based Access Control, New York, pp: 47–63, 2000.
7.
Thomas, R. K., Team-based Access Control (TMAC): A primitive for applying role-based access controls in collaborative environments”, In: Proc. 2nd ACM Workshop on Role based Access Control, New York, pp. 13–19, 1997.
8.
Joshi, J.B.D. et al., A generalized temporal role-based access control model, In Knowledge and Data Engineering IEEE Transactions, pp. 4–23, 2005.
9.
Kulkarni, D., and Tripathi, A., Context-aware role-based access control in pervasive computing systems, In: Proc. 13th ACM Symp. on Access Control Models and Technologies, New York, pp: 113–122, 2008.
10.
Bertino, E. et al., GEORBAC: A Spatially Aware RBAC, In: Proc. 10th ACM Symp. on Access Control Models and Technologies, New York, pp. 29–37, 2005.
11.
Bertino, E. et al., TRBAC: A temporal role based access control model, In: ACM Transactions on Information and System Security (TISSEC), pp. 191–233, 2001.
12.
Covington, M. J., Generalized role based access control for securing future applications, In: Proc. of the Nat. Information Systems Security Conf., 2000.
13.
Park, S.H., et al., Context-role based access control for context-aware application. In: High Performance Computing and Communications. Springer Berlin, Heidelberg, pp. 572–580, 2006.CrossRef
14.
Moyer, M. J. and Ahamad, M., Generalized role-based access control”, In: Proc. of the 21st IEEE Int. Conf. on Distributed Computing Systems, Mesa, AZ, pp. 391–398, 2001.
15.
Motta, G. et al., A contextual role-based access control authorization model for electronic patient record, In: Information Technology in Biomedicine, IEEE Transactions, , pp. 202–207, 2001.
16.
Russell, D., and Gangemi, G.T., Computer System Security and Access Control. In: Computer Security Basics, 2nd edn. O’Reilly, California, pp. 61–69, 2006 ch.3.
17.
Georgiadis, C.K. et al., Flexible team-based access control using contexts, In: Proc. 6th ACM Symp. on Access Control Models and Technologies, New York, pp. 21–27, 2001.
18.
Karp, A.H. et al, From ABAC to ZBAC: the evolution of access control models In: Hewlett-Packard Development Company, LP 21, 2009.
19.
Kuhn, D.R., et al., Adding attribute to role-based access control. Computer. 43(6):79–81, 2010.CrossRef
20.
Pelega, M., et al., Situation-based access control: privacy management via modeling of patient data access scenarios. J. Biomed. Inform.:1028–1040, 2008.
21.
Rissanen, E. et al., Towards a Mechanism for Discretionary Overriding of Access Control, In: Proc. 12th Int. Workshop on Security Protocols, Cambridge, 2004.
22.
Povey, D., Optimistic security: a new access control paradigm, In: Proc. 1999 workshop on New Security Paradigms, ACM Press, pp. 40–45, 2000.
23.
Ferreira, A. et al., How to break access control in a controlled manner, In: Proc. 19th IEEE Symp. on Computer-Based Medical Systems, pp. 847–851, 2006.
24.
Break-glass: An approach to granting emergency access to healthcare systems, White paper, Joint –NEMA/COCIR/JIRA Security and Privacy Committee (SPC), 2004.
25.
Juan, Y., Simon, D., and Susan, M., Situation identification techniques in pervasive computing: a review. Pervasive Mob. Comput. 8(1):36–66, 2012.CrossRef
26.
Zhang, R., Liu, L., and Xue, R., Role-based and time-bound access and management of EHR data, Security and Communication Networks, doi:10.​1002/​sec, 2010.
27.
Schefer-Wenzl, S. and Strembeck, M., Generic support for RBAC breakglass policies in process-aware information systems. Proceedings of the 28th Annual ACM Symposium on Applied Computing, pages 1441–1446, 2013.
28.
Rostad, L., An Initial Model and a Discussion of Access Control inPatient Controlled Health Records”, In: The 3rd Int. Conf. on Availability, Reliability and Security, pp. 935–942, 2008.
29.
30.
Ardagna, C.A., et al., Access control for smarter healthcare using policy spaces. Computers & Security. 29(8):848–858, 2010.CrossRef
31.
Zhao, G. et al., Obligation for Role Based Access Control, In: IEEE Int. Symp. on Security in Networks and Distributed Systems (SSNDS07), 2007.
32.
Ferreira, A. et al., How to Securely Break into RBAC: The BTG-RBAC Model, Computer Security Applications Conference, 2009. ACSAC ‘09. Annual, Honolulu, pp. 23–31, 2009. doi:10.​1109/​ACSAC.​2009.​12
33.
Maw, H. A., Xiao, H., Christianson, B., Malcolm, J. A. An evaluation of break-the-glass access control model for medical data in wireless sensor networks, e-Health Networking, Applications and Services (Healthcom), IEEE 16th International Conference on, On page(s): pp. 130–135, 2014.
34.
Adriansyah, A., van Dongen, B-F., Zannone, N., Controlling Break-the-Glass through Alignment. SocialCom, pp. 606–611, 2013.
35.
Randike, G., Iannella, R., and Sahama, T.,Privacy oriented access control for electronic health records. electronic Journal of Health Informatics 8.2 (2014): 15.
36.
P. Gope, T. Hwang, “BSN-Care: A Secure IoT-based Modern Healthcare System Using Body Sensor Network,” IEEE Sensors Journal, Vol. 16 (5), pp. 1368–1376, 2016.
37.
Amin, R., Biswas, G. P., A Novel User Authentication and Key Agreement Protocol for Accessing Multi-Medical Server Usable in TMIS, J. Medical Systems 39(3) 2015.
38.
39.
Metadata
Title
A Novel Reference Security Model with the Situation Based Access Policy for Accessing EPHR Data
Authors
Prosanta Gope
Ruhul Amin
Publication date
01-11-2016
Publisher
Springer US
Published in
Journal of Medical Systems / Issue 11/2016
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-016-0620-4

Other articles of this Issue 11/2016

Journal of Medical Systems 11/2016 Go to the issue

Systems-Level Quality Improvement

Opportunities and Accountable Care Organizations

Mobile & Wireless Health

A Secure Dynamic Identity and Chaotic Maps Based User Authentication and Key Agreement Scheme for e-Healthcare Systems

Patient Facing Systems

An Automatic Prediction of Epileptic Seizures Using Cloud Computing and Wireless Sensor Networks

Patient Facing Systems

Secured Medical Images - a Chaotic Pixel Scrambling Approach

Systems-Level Quality Improvement

Enhancement of Structured Reporting – an Integration Reporting Module with Radiation Dose Collection Supporting

Patient Facing Systems

Mining Health Social Media with Sentiment Analysis