QUT ePrints

A Novel Use of RBAC to Protect Privacy in Distributed Health Care Information Systems

Reid, Jason F., Cheong, Ian, Henricksen, Matthew P., & Smith, Jason (2003) A Novel Use of RBAC to Protect Privacy in Distributed Health Care Information Systems. In Safavi-Naini, Rei & Seberry, Jennifer (Eds.) 8th Australasian Conference on Information Security and Privacy (ACISP 2003), July 9-11, 2003, Wollongong.

View at publisher

Abstract

This paper examines the access control requirements of distributed health care information networks. Since the electronic sharing of an individual's personal health information requires their informed consent, health care information networks need an access control framework that can capture and enforce individual access policies tailored to the specific circumstances of each consumer. Role Based Access Control (RBAC) is examined as a candidate access control framework. While it is well suited to the task in many regards, we identify number of shortcomings, particularly in the range of access policy expression types that it can support. For efficiency and comprehensibility, access policies that grant access to a broad range of entities whilst explicitly denying it to subgroups of those entities need to be supported in health information networks. We argue that RBAC does not support policies of this type with sufficient flexibility and propose a novel adaptation of RBAC principles to address this shortcoming. We also describe a prototype distributed medical information system that embodies the improved RBAC model.

Impact and interest:

5 citations in Scopus
Search Google Scholar™
4 citations in Web of Science®

Citation countsare sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

424 since deposited on 09 Aug 2004
57 in the past twelve months

Full-text downloadsdisplays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

ID Code: 343
Item Type: Conference Paper
Keywords: role based access control, medical records privacy, consent, contraints, Jason Reid, Ian Cheong, Matthew Henricksen, and Jason Smith
DOI: 10.1007/3-540-45067-X_35
ISBN: 3540405151
ISSN: 1611-3349
Subjects: Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > LIBRARY AND INFORMATION STUDIES (080700) > Information Retrieval and Web Search (080704)
Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > DATA FORMAT (080400) > Data Format not elsewhere classified (080499)
Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > INFORMATION SYSTEMS (080600) > Interorganisational Information Systems and Web Services (080612)
Divisions: Past > QUT Faculties & Divisions > Faculty of Science and Technology
Copyright Owner: Copyright 2003 Springer
Copyright Statement: This is the author-version of the work. Conference proceedings published, by Springer Verlag, will be available via SpringerLink: http://www.springer.de/comp/lncs/ Lecture Notes in Computer Science
Deposited On: 09 Aug 2004
Last Modified: 29 Feb 2012 22:59

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page