A Mobile Based Authorization Mechanism for Patient Managed Role Based Access Control

Santos-Pereira, Cátia; Augusto, Alexandre B.; Correia, Manuel E.; Ferreira, Ana; Cruz‐Correia, Ricardo

doi:10.1007/978-3-642-32395-9_5

Cited by 10 publications

(9 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…OFELIA has the potential to change current eHealth practices and business practices by giving the patients the means by which they can directly manage and exercise revocable access control to their EHR and thus effectively decide with whom to share their EHR, be it healthcare professionals or even family members and caring friends [22].…”

Section: Ehealthmentioning

confidence: 99%

See 1 more Smart Citation

A Mobile-Based Attribute Aggregation Architecture for User-Centric Identity Management

Augusto

Correia

2016

Psychology and Mental Health

Self Cite

View full text Add to dashboard Cite

The massive growth of the Internet and its services is currently being sustained by the mercantilization of users' identities and private data. Traditional services on the Web require the user to disclose many unnecessary sensitive identity attributes like bankcards, geographic position, or even personal health records in order to provide a service. In essence, the services are presented as free and constitute a means by which the user is mercantilized, often without realizing the real value of its data to the market. In this chapter the auhors describe OFELIA (Open Federated Environment for Leveraging of Identity and Authorization), a digital identity architecture designed from the ground up to be user centric. OFELIA is an identity/authorization versatile infrastructure that does not depend upon the massive aggregation of users' identity attributes to offer a highly versatile set of identity services but relies instead on having those attributes distributed among and protected by several otherwise unrelated Attribute Authorities. Only the end user, with his smartphone, knows how to aggregate these scattered Attribute Authorities' identity attributes back into some useful identifiable and authenticated entity identity that can then be used by Internet services in a secure and interoperable way.

show abstract

Section: Ehealthmentioning

confidence: 99%

“…We are also currently implementing and deploying OFELIA in the health sector [22] with a very specific user-empowering usage case scenario in a real healthcare institution, more precisely on São João hospital centre, which is the second biggest hospital in Portugal.…”

Section: Future Workmentioning

confidence: 99%

A Mobile-Based Attribute Aggregation Architecture for User-Centric Identity Management

Augusto

Correia

2016

Psychology and Mental Health

Self Cite

View full text Add to dashboard Cite

show abstract

“…In this integrated view, a patient can select a part of his/her EHR and view in more detail who is accessing it and for what purpose. An example of such a tool was proposed in [20] and its security and privacy requirements have already been studied on previous research [21] [22]. Even less seems to exist about transparency and privacy in EHR.…”

Section: Transparency Enhancing Toolsmentioning

confidence: 99%

“…Examples of purpose of use that can be associated to specific accesses can be: emergency accesses, asking for a second opinion and research usage; EXCEP: Exceptions were proposed by research focusing on devising a patient's access control model [22] and their aim is, for instance, to give more or less permissions to a specific user than his/her role normally detains. Private notes are an example, i.e., healthcare professionals can be allowed to have private compositions relating to a patient's EHR therefore only accessed by the professional who created them and not by all the users that may detain the same role as that professional; TEMPCON: Temporal constraints were also proposed by [22]. These are needed to add a limited timeframe to access control permissions.…”

Section: Access Controlmentioning

confidence: 99%

“…TEMPCON can be specially useful for healthcare professionals that work on shifts. These constraints are also necessary in order to create temporary roles, which are defined for a specific limited time (e.g., delegation or BTG); DELEG: Delegation is also part of the model proposed in [22] and it allows granting temporary access permissions to healthcare professionals who normally do not treat the patient (i.e., asking for a second opinion). OBLS: Obligations in healthcare were proposed in [26].…”

Section: Access Controlmentioning

confidence: 99%

See 1 more Smart Citation

Can Transparency Enhancing Tools Support Patient’s Accessing Electronic Health Records?

Ferreira

Lenzini

2015

New Contributions in Information Systems and Technologies

Self Cite

View full text Add to dashboard Cite

Abstract. Patients that access their health records take more care of their health and, when in therapy, commit more seriously to improve their condition. This leads to a more effective and more efficient healthcare management, and is also in agreement with European directives on data protection. However, accessing medical data can be risky. Security should be assured and it should be evident to the patients, who has access to what data and any violation to patient's privacy requirements should be reported. We call this property transparency. Precisely this work looks into the Transparency Enhancing Tools that have been proposed to increase people's awareness about security and privacy on the Internet, and discusses to which extent these tools can empower transparency in healthcare.

show abstract

A Secure RBAC Mobile Agent Model for Healthcare Institutions - Preliminary Study

Santos-Pereira

Augusto

Cruz‐Correia

et al. 2013

Information Technology in Bio- And Medical Informatics

Self Cite

View full text Add to dashboard Cite

Efficient healthcare is thus highly dependent on doctors being provided with access to patients medical information at the right time and place. However it frequently happens that critical pieces of pertinent information end up not being used because they are located in information systems that do not interoperate in a timely manner. There are many reasons that contribute to this grim state of affairs, but what interests us the most is the lack of enforceable security policies for systems interoperability and data exchange and the existence of many heterogeneous legacy systems that are almost impossible to directly include into any reasonable secure interoperable workflow. The objective of this paper is to establish a mobile agent access control model based on RBAC model that allows the exchange of clinical information between different health institutions that fall within the same circle of trust.

show abstract

A Mobile Based Authorization Mechanism for Patient Managed Role Based Access Control

Cited by 10 publications

References 11 publications

A Mobile-Based Attribute Aggregation Architecture for User-Centric Identity Management

A Mobile-Based Attribute Aggregation Architecture for User-Centric Identity Management

Can Transparency Enhancing Tools Support Patient’s Accessing Electronic Health Records?

A Secure RBAC Mobile Agent Model for Healthcare Institutions - Preliminary Study

Contact Info

Product

Resources

About