Title :
A System for Semantic-Based Access Control
Author :
Amato, Flora ; Mazzocca, Nicola ; De Pietro, G. ; Esposito, M.
Author_Institution :
Dipt. di Ing. Elettr. e delle Tecnol. dell´Inf., Univ. of Naples Federico II, Naples, Italy
Abstract :
Security and privacy of patient\´s medical data has more than ever become a critical factor in healthcare and, therefore, has a strong influence on the development of Electronic Health Record (EHR) systems. One of the most challenging aspects regards the possibility of specifying fine-grained access control restrictions over EHRs, not only at a document level but also on their specific sections. In order to face this issue, the paper proposes a semantic-based system aimed at supporting the definition of fine-grained access control policies on EHRs. This system relies on a role-based authorization model, encoded in terms of a formal ontology, and a set of access control restrictions defined as "if-then rules", in order to assign to healthcare workers the necessary privileges to carry out a task on specific EHR sections. A prototype implementation has been realized, by offering simple and intuitive interfaces to the security administrators for writing access control policies and restrictions.
Keywords :
authorisation; electronic health records; health care; ontologies (artificial intelligence); EHR systems; access control restrictions; electronic health record; fine-grained access control; formal ontology; healthcare; patient medical data; role based authorization model; security administrators; semantic based access control system; Authorization; Electronic medical records; Medical services; Ontologies; Privacy; Access Control Policy; Electronic Health Record; Ontology; Role-based Access Control; Rule-based Formalism;
Conference_Titel :
P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), 2013 Eighth International Conference on
Conference_Location :
Compiegne
DOI :
10.1109/3PGCIC.2013.74
