An attribute based access control scheme for secure sharing of electronic health records

Pussewalage, Harsha S. Gardiyawasam; Oleshchuk, Vladimir

doi:10.1109/healthcom.2016.7749516

Cited by 21 publications

(19 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…erefore, more flexible, adaptive, and dynamic access control models are required; some of which are already available in the literature and try to deal with this issue by including characteristics to cope with specific objectives. Attribute-based access control (ABAC) [24] is more flexible than RBAC because it uses the attributes of subjects and objects (instead of roles), together with environmental attributes, to make access decisions. Situation-based access control (SitBAC) [25] defines a situation as an abstract condition composed of user's contexts and related object contexts where patients' data access is permitted or denied, while location-based access control models use geographic information system (GIS) as a support to make the best evaluation regarding location and related parameters [26].…”

Section: Sotraace and Access Controlmentioning

confidence: 99%

Assessing Access Control Risk for mHealth: A Delphi Study to Categorize Security of Health Data and Provide Risk Assessment for Mobile Apps

Moura

Fazendeiro

Inácio

et al. 2020

Journal of Healthcare Engineering

View full text Add to dashboard Cite

Background. Smartphones can tackle healthcare stakeholders’ diverse needs. Nonetheless, the risk of data disclosure/breach can be higher when using such devices, due to the lack of adequate security and the fact that a medical record has a significant higher financial value when compared with other records. Means to assess those risks are required for every mHealth application interaction, dependent and independent of its goals/content. Objective. To present a risk assessment feature integration into the SoTRAACE (Socio-Technical Risk-Adaptable Access Control) model, as well as the operationalization of the related mobile health decision policies. Methods. Since there is still a lack of a definition for health data security categorization, a Delphi study with security experts was performed for this purpose, to reflect the knowledge of security experts and to be closer to real-life situations and their associated risks. Results. The Delphi study allowed a consensus to be reached on eleven risk factors of information security related to mobile applications that can easily be adapted into the described SoTRAACE prototype. Within those risk factors, the most significant five, as assessed by the experts, and in descending order of risk level, are as follows: (1) security in the communication (e.g., used security protocols), (2) behavioural differences (e.g., different or outlier patterns of behaviour detected for a user), (3) type of wireless connection and respective encryption, (4) resource sensitivity, and (5) device threat level (e.g., known vulnerabilities associated to a device or its operating system). Conclusions. Building adaptable, risk-aware resilient access control models into the most generalized technology used nowadays (e.g., smartphones) is crucial to fulfil both the goals of users as well as security and privacy requirements for healthcare data.

show abstract

Section: Sotraace and Access Controlmentioning

confidence: 99%

Assessing Access Control Risk for mHealth: A Delphi Study to Categorize Security of Health Data and Provide Risk Assessment for Mobile Apps

Moura

Fazendeiro

Inácio

et al. 2020

Journal of Healthcare Engineering

View full text Add to dashboard Cite

show abstract

“…Pussewalage and Oleshchuk in [21] propose an ABAC scheme for secure sharing of EHR. The scheme uses selective [20] disclosure that meets the security requirement of EHR.…”

Section: B Application Of Abac In Electronic Health Record (Ehr)mentioning

confidence: 99%

“…The authors in [15] implement access revocation by re-encrypting the ciphertexts and updating the users' private keys. For the papers in [19], [21], the attribute authority is responsible for the access revocation process.…”

Section: A Comparison Of the Different Approachesmentioning

confidence: 99%

Understanding Attribute-based Access Control for Modelling and Analysing Healthcare Professionals’ Security Practices

Nweke¹,

Yeng²,

Wolthusen³

et al. 2020

IJACSA

View full text Add to dashboard Cite

In recent years, there has been an increase in the application of attribute-based access control (ABAC) in electronic health (e-health) systems. E-health systems are used to store a patient's electronic version of medical records. These records are usually classified according to their usage i.e., electronic health record (EHR) and personal health record (PHR). EHRs are electronic medical records held by the healthcare providers, while PHRs are electronic medical records held by the patients themselves. Both EHRs and PHRs are critical assets that require access control mechanism to regulate the manner in which they are accessed. ABAC has demonstrated to be an efficient and effective approach for providing fine grained access control to these critical assets. In this paper, we conduct a survey of the existing literature on the application of ABAC in e-health systems to understand the suitability of ABAC for e-health systems and the possibility of using ABAC access logs for observing, modelling and analysing security practices of healthcare professionals. We categorize the existing works according to the application of ABAC in PHR and EHR. We then present a discussion on the lessons learned and outline future challenges. This can serve as a basis for selecting and further advancing the use of ABAC in e-health systems.

show abstract

“…In the last few decades, there have been significant efforts in integrating information and communication technologies (ICT) into healthcare practices [3,]. E-Healthcare is an integration of latest technologies with medical infrastructure which includes the continues monitoring and transfer of health-related issues from patient-centric environment to respective services providers [4], [6]. The volume of the data generated in healthcare industry is rapidly growing.…”

Section: Introductionmentioning

confidence: 99%

Data Publishing Techniques and Privacy Preserving

Singh¹

2019

IJISR

View full text Add to dashboard Cite

What is Privacy?-According to the definition from Cambridge dictionary, "Someone's right to keep their personal matters and relationships secret". The term privacy is defined as an action where the data is kept hidden from either anonymous user, server to avoid use of malpractice of the data [2], [3]. Healthcare data is considered as a most significant but sensitive data in the world, since it has all private information about patient such as diseases, treatment, prescription, name, address etc. The volume of the data generated in healthcare industry is rapidly growing. In this patient centric world, to get effective results, we need to increase healthcare data utility. With increasing data utility, the privacy of the same data is compromised which is another important challenge that users and healthcare data publishers are facing, since there is no monitory control on data which is published on internet. Hiding sensitive healthcare data from either untrusted users or thirdparty data publishers is an important concern today. Healthcare Data Publishing is the process where certain transformation (such as anonymization, generalization, suppression etc.) can be applied before publishing healthcare data online. From the available research, it is seen that such transformations are not susceptible to certain attacks like background knowledge, homogeneity etc. This review paper studies all existing Privacy Preserving Data Publishing (PPDP) schemes using data generalization. The literature review also touches recent researches on ARX tool-which is an open source data de-identification tool for analyzing risk and utility factor of healthcare data. The paper finally concludes with feasible research gaps from available literature survey.

show abstract

An attribute based access control scheme for secure sharing of electronic health records

Cited by 21 publications

References 8 publications

Assessing Access Control Risk for mHealth: A Delphi Study to Categorize Security of Health Data and Provide Risk Assessment for Mobile Apps

Assessing Access Control Risk for mHealth: A Delphi Study to Categorize Security of Health Data and Provide Risk Assessment for Mobile Apps

Understanding Attribute-based Access Control for Modelling and Analysing Healthcare Professionals’ Security Practices

Data Publishing Techniques and Privacy Preserving

Contact Info

Product

Resources

About