A secure and flexible e-Health access control system with provisions for emergency access overrides and delegation of access privileges

“…Some papers addressed the need for emergency access and/or access delegation features in addition to RBAC. The Khan and Sakamura [ 14 , 16 , 17 ] work describes an RBAC adaptation based on access context. The scenario described is emergency access needed for EHR system information that is currently common on ambulatory but mostly at hospital facilities.…”

“…The Chen and Hoang [ 20 ] approach is also concerned with the interdomain and cross-border issues related to the use of cloud-based solutions. Similar to [ 14 , 17 ], they propose a context-based access decision that adds the “Role Roaming” and the “Active Auditing” to the scheme. Also using an information segmentation approach to store EHR securely in the cloud environment, Premarathne et al [ 21 ] suggest the use of steganography-cryptography to index protected information.…”

“…Although some articles focused only at describing the need of an additional security layer or different access control model combination [ 26 , 29 , 31 ], we can summarize RBAC current adaptation needs as follows: Conditional or emergency access and authorization are delegated. Context- and situation access-based solutions are advocated to be adapted over original RBAC features [ 14 , 16 – 18 , 32 ] requiring additional user's obligation. Access segmentation and interdomain/federation scenarios are needed.…”

“…Context- and situation access-based solutions are advocated to be adapted over original RBAC features [ 14 , 16 – 18 , 32 ] requiring additional user's obligation.…”

Health Information System Role-Based Access Control Current Security Trends and Challenges

“…Some papers addressed the need for emergency access and/or access delegation features in addition to RBAC. The Khan and Sakamura [ 14 , 16 , 17 ] work describes an RBAC adaptation based on access context. The scenario described is emergency access needed for EHR system information that is currently common on ambulatory but mostly at hospital facilities.…”

“…The Chen and Hoang [ 20 ] approach is also concerned with the interdomain and cross-border issues related to the use of cloud-based solutions. Similar to [ 14 , 17 ], they propose a context-based access decision that adds the “Role Roaming” and the “Active Auditing” to the scheme. Also using an information segmentation approach to store EHR securely in the cloud environment, Premarathne et al [ 21 ] suggest the use of steganography-cryptography to index protected information.…”

“…Although some articles focused only at describing the need of an additional security layer or different access control model combination [ 26 , 29 , 31 ], we can summarize RBAC current adaptation needs as follows: Conditional or emergency access and authorization are delegated. Context- and situation access-based solutions are advocated to be adapted over original RBAC features [ 14 , 16 – 18 , 32 ] requiring additional user's obligation. Access segmentation and interdomain/federation scenarios are needed.…”

“…Context- and situation access-based solutions are advocated to be adapted over original RBAC features [ 14 , 16 – 18 , 32 ] requiring additional user's obligation.…”

Health Information System Role-Based Access Control Current Security Trends and Challenges

A safe architecture for authorisation grant in healthcare ecosystems

Privacy Preserving Dynamic Access Control Model with Access Delegation for eHealth