Multi-domain and Privacy-aware Role Based Access Control in eHealth Lorenzo D. Martino , Qun Ni Dan Lin, Elisa Bertino This work has been supported by IBM OCR project “Privacy and Security Policy Management” and the NSF grant 0712846 “IPS: Security Services for Healthcare Applications”.
16
Embed
Multi-domain and Privacy-aware Role Based Access Control in eHealth
A multi-domain privacy aware access control system based on RBAC extended with role roaming and data profiles
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Multi-domain and Privacy-awareRole Based Access Control in
eHealth
Lorenzo D. Martino, Qun NiDan Lin, Elisa Bertino
This work has been supported by IBM OCR project “Privacy and Security Policy Management” and theNSF grant 0712846 “IPS: Security Services for HealthcareApplications”.
OutlineOutline
• Healthcare is a multi-domain environment
• Privacy in e-Health • Why RBAC?• Core P-RBAC• Multi-domain P-RBAC• Conclusions and future work
Healthcare is a distributed Healthcare is a distributed multimulti--domain environmentdomain environment
HRO
Hospital
Owning Domain
External DomainAnalysis Lab.
External DomainInsurance External Domain
University
External Domain
Contracted service: emergency dept. phyisicians
Contracted service: anasthesiologists
Staff
Clinicians Nurses
Privacy in healthcarePrivacy in healthcare
• Privacy is an important issue–HIPAA – Healthcare Insurance
Portability and Accountability Act (1996)
• Privacy protection policies–Privacy notices, policies by NL or P3P
• P-RBAC extends the RBAC model in order to support privacy-aware access control
• Privacy policies are expressed as permission assignments (PA); these permissions differ from permissions in classical RBAC because of the presence of additional components, representing privacy-related information
Core PCore P--RBACRBAC
• Privacy Sensitive Data Permission (a, d, p, c, o)
Policies Policies –– an examplean example
• For treatment purposes, patients’medical information can be accessed by physicians, nurses, technicians, medical students, or others who are involved in the patients’ care or by other departments of the healthcare organization for the care/therapy coordination or by contracted physician services, such as emergency department physicians, pathologists, anesthesiologists, radiologists.
Permissions in PPermissions in P--RBACRBAC(physician, read, patient.EMR.raw, treatment, subject = patient. duty physician, ;)
• the physician role can read patient EMR content
• for treatment purpose• patient.EMR.raw is a data object specified
according to a condition:– the subject associated to the physician role can
access the data only if the subject is the patient’s on duty physician - subject = patient.duty_physician -
MultiMulti--domain domain PP--RBACRBAC
• It extends P-RBAC with:– Role precondition: a user can be assigned
to a certain role provided that the user is associated to one or more specific roles in his/her home organization
– Data profile: it allows to specify set of data such as patient’s identification data, therapy data, prescriptions and so forth