Towards unobtrusive patient‐centric access‐control for Health Information System. (27th May 2020)
- Record Type:
- Journal Article
- Title:
- Towards unobtrusive patient‐centric access‐control for Health Information System. (27th May 2020)
- Main Title:
- Towards unobtrusive patient‐centric access‐control for Health Information System
- Authors:
- de Carvalho Junior, Marcelo Antonio
Bandiera‐Paiva, Paulo - Abstract:
- Summary: Patient consent is currently a missing piece on Health Information Systems (HIS) access permission. The control is needed to ensure personal data as the property of the individual, not data controllers or health‐care service providers. This is a newly‐designed access‐decision flow for HIS secured by Role‐Based Access Control (RBAC) including patient‐centric control. It makes use of Colored Petri‐Nets (CPN) to model RBAC restrictions. A Discretionary Access Control (DAC) functionality is added to Electronic Health‐Records (EHR) control to convey a patient's explicit authorization to their data in a non‐obstructive access flow. Mutual exclusion was designed to incorporate patient needs so that they could authorize healthcare professionals to access EHR data. Additional information was supplied to a PERMS Access Control matrix and this enabled DAC to be mimicked using existing RBAC Core functions. A minimal addition is proposed to incorporate RBAC‐aware systems with no significant drawbacks when compared with previous CPN simulations. The article also discusses the limitations of this technique and the favorable conditions for implementing new features.
- Is Part Of:
- Concurrency and computation. Volume 32:Number 22(2020)
- Journal:
- Concurrency and computation
- Issue:
- Volume 32:Number 22(2020)
- Issue Display:
- Volume 32, Issue 22 (2020)
- Year:
- 2020
- Volume:
- 32
- Issue:
- 22
- Issue Sort Value:
- 2020-0032-0022-0000
- Page Start:
- n/a
- Page End:
- n/a
- Publication Date:
- 2020-05-27
- Subjects:
- Access control (N04.452.758.849.350) -- Information systems (L01.700.508.300) -- Information security -- RBAC, Privacy (SP9.130.010.010) -- Standards (E05.978.808)
Parallel processing (Electronic computers) -- Periodicals
Parallel computers -- Periodicals
004.35 - Journal URLs:
- http://onlinelibrary.wiley.com/ ↗
- DOI:
- 10.1002/cpe.5845 ↗
- Languages:
- English
- ISSNs:
- 1532-0626
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3405.622000
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 14766.xml