e-health - Privacy Protection in Health Care Systems using...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
Privacy Protection in Health Care Systems using RBAC Mounica Atluri Sruthi Vemulapalli K. Chandra Subhash SaiRajiv Burugapalli CSCE 522
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Electronic Health care systems Improve ability of service providers to exchange information and deliver the service Patients’ personal information is potentially available to large number of people Key challenge – principle of consent is enforced Need to record and enforce individual access policies where patient defines policy details
Background image of page 2
Privacy in Health care Unauthorized disclosure of health information can have serious consequences, damage cannot be undone Prevention better than detection
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Access Policy Requirements Access control framework must be flexible and expressive It must support policy expressions of the following form: General consent qualified by one or more explicit denials General denial qualified by one or more explicit consents Default policy is expressed as broadly expressed consent that grants access to appropriate roles
Background image of page 4
Access Policy Requirements Consider a scenario where consumer wishes to exclude Dr. X from access to his records. Consumer has also given consent for Doctors at Acme Clinic. If Doctor X subsequently comes to work at Acme Clinic, explicit denial ensures that he will not be given access to the consumer's records Such complex policy expressions can be constructed using nesting of different policy expression types
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Contd. Example: Allow all clinicians Except for nurses Except for nurses at Acme Clinic
Background image of page 6
RBAC in Health Care RBAC systems adhere to the principle of general denial with explicit consent RBAC framework is not suitable when individual exceptions to default access policies need to be supported Proposed model enables individually tailored policies through the ability to explicitly grant and deny authorization for a set of privileges
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Explicit Denial in RBAC In RBAC, anything that is not explicitly allowed is implicitly denied Constraints are used in standard RBAC to deny privilege of a role Not an elegant solution when nesting of policy expression types is required
Background image of page 8
Proposed Model Individual's access policy and the personal information it relates to are recorded and enforced through a consumer-centric role that is referred as a care team role.
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Components of care team role 1. Authorization for a role is determined by the contents of the role's allowed and denied lists.
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/13/2011 for the course CSCE 522 taught by Professor Farkas during the Fall '11 term at South Carolina.

Page1 / 44

e-health - Privacy Protection in Health Care Systems using...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online