Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Article type: Research Article
Authors: Yarmand, Mohammad H.a | Sartipi, Kamranb | Down, Douglas G.a; *
Affiliations: [a] Department of Computing and Software, McMaster University, Hamilton, ON, Canada. E-mails: yarmanmh@mcmaster.ca, downd@mcmaster.ca | [b] Faculty of Engineering and Applied Science, University of Ontario Institute of Technology, Oshawa, ON, Canada. E-mail: kamran.sartipi@uoit.ca
Correspondence: [*] Corresponding author: Douglas G. Down, Department of Computing and Software, McMaster University, Hamilton, ON, Canada L8S 4K1. E-mail: downd@mcmaster.ca
Abstract: Sensitivity of clinical data and strict rules regarding data sharing have caused privacy and security to be critical requirements for using patient profiles in distributed healthcare systems. The amalgamation of new information technology with traditional healthcare workflows for sharing patient profiles has made the whole system vulnerable to privacy and security breaches. Standardization organizations are developing specifications to satisfy the required privacy and security requirements. In this paper we present a novel access control model compliant with healthcare standards based on a framework designed for data and service interoperability in the healthcare domain. The proposed model for customizable access control captures the dynamic behavior of the user and determines access rights accordingly. The model is generic and flexible in the sense that an access control engine dynamically receives security effective parameters from the subject user, and identifies the privilege level in accessing data using different specialized components within the engine. Standard data representation formats and ontologies are used to make the model compatible with different healthcare systems. The access control engine employs an approach to follow the user's behavior and navigates among engine components to provide the user's privilege to access a resource. A simulation environment is implemented to evaluate and test the proposed model.
Keywords: Access control, healthcare standards, user behavior, privacy specification, interoperability
DOI: 10.3233/JCS-2012-0454
Journal: Journal of Computer Security, vol. 21, no. 1, pp. 1-39, 2013
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
sales@iospress.com
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
info@iospress.nl
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office info@iospress.nl
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
china@iospress.cn
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
如果您在出版方面需要帮助或有任何建, 件至: editorial@iospress.nl