A Novel Use of RBAC to Protect Privacy in Distributed Health Care Information Systems
Conference: Information Security and Privacy, 8th Australasian Conference, ACISP 2003, Wollongong, Australia, July 9-11, 2003, Proceedings
This paper examines the access control requirements of distributed health care information networks. Since the electronic sharing of an individual's personal health information requires their informed consent, health care information networks need an access control framework that can capture and enforce individual access policies tailored to the specific circumstances of each consumer. Role Based Access Control (RBAC) is examined as a candidate access control framework. While it is well suited to the task in many regards, we identify a number of shortcomings, particularly in the range of access policy expression types that it can support. For efficiency and comprehensibility, access policies that grant access to a broad range of entities whilst explicitly denying it to subgroups of those entities need to be supported in health information networks. We argue that RBAC does not support policies of this type with sufficient flexibility and propose a novel adaptation of RBAC principles to address this shortcoming. We also describe a prototype distributed medical information system that embodies the improved RBAC model.
Available from: Helen Chen
- "resents a major improvement over trust-based  and role-based-access  medical information exchange frameworks. "
[Show abstract] [Hide abstract]
ABSTRACT: Role based access control mechanisms fall short when applied to rich complex work-flows  such as patient consent management. We propose a dy-namic semantic policy based framework to facilitate exchange of confidential patient information, in ac-cordance with patient consent and other institutional security & privacy policies. All decisions to share information are backed up by semantic proof of au-thorization that can be verified by an independent third party. Therefore pre-established trust mecha-nisms are not required for information exchange, as trust can be dynamically computed from the seman-tic proof of authorization for each request. Also, we utilize cryptographic commitments and zero-knowledge proof of knowledge primitives to ensure that private data is never exposed when semantic proofs of authorizations are validated.
Available from: cs898proj.googlecode.com
[Show abstract] [Hide abstract]
ABSTRACT: Effective management of patient information plays a critical role in providing appropriate health care. As Information Communication Technologies (ICTs) are being integrated into the medical domain, patient information is becoming increasingly managed through electronic systems. This poses the challenge of ensuring patient privacy in accordance with each patient's consent policy. Therefore, there is a need for an electronic patient consent management system which can capture patient consent, process it, and further decide who can access a patient's information. In this paper, we propose such a system, Consentir, where patient information and consent policies, as well as other access policies are represented in Notation 3 (N3). A reasoning engine, Euler, is used to determine if access should be granted or denied, according to the patient's consent policy. We built a prototype to show how semantic web based techniques can be used to solve the issue of patient consent. We currently support five different consent policies: opt in, opt in with exceptions to specific people, opt in with exceptions to sensitive information, opt out, and opt out with emergency override. In our prototype, we demonstrate how these consent policies affect information access in different health care situations through twelve different scenarios.
Data provided are for informational purposes only. Although carefully collected, accuracy cannot be guaranteed. The impact factor represents a rough estimation of the journal's impact factor and does not reflect the actual current impact factor. Publisher conditions are provided by RoMEO. Differing provisions from the publisher's actual policy or licence agreement may be applicable.