A Novel Use of RBAC to Protect Privacy in Distributed Health Care Information Systems

Reid, Jason; Cheong, Ian R; Henricksen, Matthew; Smith, Jason

doi:10.1007/3-540-45067-x_35

Cited by 37 publications

(22 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…As a solution, they propose adding a middle layer of logic, which translates constraints into access rules. Reid et al [10] adapt role-based access control (RBAC) to include explicit consent and denial. Explicit denial is to grant access to a role (e.g., doctors), but deny access to a particular individual (excluding a particular doctor); explicit consent is the converse property: granting access for individuals while denying access to the role.…”

Section: Enabling Patient Privacymentioning

confidence: 99%

“…Currently, (patient) privacy is usually described in terms of protection of information and in terms of controlling access to services. Thus, it is commonly achieved in practice by means of a form of access control or authentication (e.g., see [8][9][10][11][12]). However, typical eHealth systems, especially in future, will be highly distributed and require interoperability of many subsystems.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Challenges in eHealth: From Enabling to Enforcing Privacy

Dong

Jonker

Pang

2012

Foundations of Health Informatics Engineering and Systems

View full text Add to dashboard Cite

Privacy is recognised as a fundamental requirement for eHealth systems. Proposals to achieve privacy have been put forth in literature, most of which approach patient privacy as either an access control or an authentication problem. In this paper, we investigate privacy in eHealth as a communication problem, since future eHealth systems will be highly distributed and require interoperability of many subsystems. In addition, we research privacy needs for others than patients. In our study, we identify two key privacy challenges in eHealth: enforced privacy and privacy in the presence of others. We believe that these privacy challenges are vital for secure eHealth systems, and more research is needed to understand these challenges. We propose to use formal techniques to understand and define these new privacy notions in a precise and unambiguous manner, and to build an efficient verification framework.

show abstract

Section: Enabling Patient Privacymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Challenges in eHealth: From Enabling to Enforcing Privacy

Dong

Jonker

Pang

2012

Foundations of Health Informatics Engineering and Systems

View full text Add to dashboard Cite

show abstract

“…This section illustrates how the qualifications can be constructed for two of the most famous access control models: role-based access control (RBAC) [12] and Bell-LaPadula (BLP) [20], which have been used extensively in the medical [21,24] and the military environments, respectively.…”

Section: Applicationsmentioning

confidence: 99%

An Auto-delegation Mechanism for Access Control Systems

Crampton

Morisset

2011

Security and Trust Management

View full text Add to dashboard Cite

Abstract. Delegation is a widely used and widely studied mechanism in access control systems. Delegation enables an authorized entity to nominate another entity as its authorized proxy for the purposes of access control. Existing delegation mechanisms tend to rely on manual processes initiated by end-users. We believe that systems in which the set of available, authorized entities fluctuates considerably and unpredictably over time require delegation mechanisms that can respond automatically to the absence of appropriately authorized users. To address this, we propose an auto-delegation mechanism and explore the way in which such a mechanism can be used to provide (i) controlled overriding of policy-based authorization decisions (ii) a novel type of access control mechanism based on subject-object relationships.

show abstract

“…There have been some work on security policies in the field of Electronic health records systems in the past years. Reid et al [16] present a model that uses role based access control to restrict the access to the health records on a need-to-know basis. The prototype described maintains databases consisting of explicit allow and explicit denial lists.…”

Section: Related Workmentioning

confidence: 99%

Modelling Context-Aware Security for Electronic Health Records

Shetty

Loke

2007

Encyclopedia of Information Ethics and Security

View full text Add to dashboard Cite

The Internet has proven to be the most convenient and demanding facility for various types of businesses and transactions for the past few years. In recent years, business information systems have expanded into networks, encompassing partners, suppliers, and customers. There has been a global availability (Anderson, 2001; BSI Global, 2003) of resources over the Internet to satisfy different needs in various fields. The availability factor has called for various security challenges in fields where information is very valuable and not meant for all. Potential threats to information and system security come from a variety of sources. These threats may result in violations to confidentiality, interruptions in information integrity, and possible disruption in the delivery of services. So it is essential to manage the flow of information over the network with the required level of security.

show abstract

A Novel Use of RBAC to Protect Privacy in Distributed Health Care Information Systems

Cited by 37 publications

References 12 publications

Challenges in eHealth: From Enabling to Enforcing Privacy

Challenges in eHealth: From Enabling to Enforcing Privacy

An Auto-delegation Mechanism for Access Control Systems

Modelling Context-Aware Security for Electronic Health Records

Contact Info

Product

Resources

About