Security and privacy of patient's medical data has more than ever become a critical factor in healthcare and, therefore, has a strong influence on the development of Electronic Health Record (EHR) systems. One of the most challenging aspects regards the possibility of specifying fine-grained access control restrictions over EHRs, not only at a document level but also on their specific sections. In order to face this issue, the paper proposes a semantic-based system aimed at supporting the definition of fine-grained access control policies on EHRs. This system relies on a role-based authorization model, encoded in terms of a formal ontology, and a set of access control restrictions defined as "if-then rules", in order to assign to healthcare workers the necessary privileges to carry out a task on specific EHR sections. A prototype implementation has been realized, by offering simple and intuitive interfaces to the security administrators for writing access control policies and restrictions. 2013 IEEE.
A system for semantic-based access control / Amato, Flora; Mazzocca, Nicola; G. D., Pietro; M., Esposito. - (2013), pp. 442-446. [10.1109/3PGCIC.2013.74]
A system for semantic-based access control
AMATO, FLORA;MAZZOCCA, NICOLA;
2013
Abstract
Security and privacy of patient's medical data has more than ever become a critical factor in healthcare and, therefore, has a strong influence on the development of Electronic Health Record (EHR) systems. One of the most challenging aspects regards the possibility of specifying fine-grained access control restrictions over EHRs, not only at a document level but also on their specific sections. In order to face this issue, the paper proposes a semantic-based system aimed at supporting the definition of fine-grained access control policies on EHRs. This system relies on a role-based authorization model, encoded in terms of a formal ontology, and a set of access control restrictions defined as "if-then rules", in order to assign to healthcare workers the necessary privileges to carry out a task on specific EHR sections. A prototype implementation has been realized, by offering simple and intuitive interfaces to the security administrators for writing access control policies and restrictions. 2013 IEEE.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.