[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
research-article

RUBAC: Proposed Access Control for Flexible Utility–Privacy Model in Healthcare

Published: 28 February 2024 Publication History

Abstract

With the rapid advancement of healthcare analytics, the need of security of privacy of health data is extremely needed. Electronic health record (abbreviated as EHR) is a communication tool which supports the services such as early prediction of disease, clinical decision support system, and personalized healthcare through intelligent mechanism such as artificial intelligence, and machine and deep learning. With the advent of the ICT and availability of big data in the healthcare systems, the privacy concerns are raised. Developing an access control model EHR is one of the solutions to preserve the privacy and confidentiality of the data. There are umpteen number of access control models such as RBAC and MAC have been invented. The said models are security focused meaning their primary focus is to provide security to health data which differs from safeguarding privacy of personal information in health records. Although tremendous amount of work has been done around access control models for preserving privacy, there a still a space for improvement in terms of effective access of data through better access control model. In addition, most of the access control models for past are static and do not consider the case wherein the privacy–utility of the EHR changes according to the requirement of healthcare organizations. This paper presents a risk- and utility-based access control (henceforth called RUBAC) model for flexible privacy–utility situation in healthcare. The proposed privacy-enabled model consists of three major entities, viz. risk and utility factors (X-axis), data access scenarios (Y-axis) and roles (Z-axis). All the entities are flexible. The model is evaluated against uses case and the 25 criteria given in [1],the model outperformed in accessing the healthcare records efficiently. The proposed model provides dynamic and flexible control through a 3-D framework, exceeding current approaches and opening the door to improved healthcare security practices.

References

[1]
Helms E, Williams L. Evaluating access control of open source electronic health record systems. In: Proceedings of the international conference on software engineering, 2011. p. 63–70.
[2]
Dong N, Jonker H, Pang J. Challenges in eHealth: From enabling to enforcing privacy, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 7151 LNCS(September), 2012. p. 195–206.
[3]
[4]
Jercich K. The biggest healthcare data breaches of 2021. Healthcareitnews. 2021. https://www.healthcareitnews.com/news/biggest-healthcare-data-breaches-2021.
[5]
Bose A. Top 10 data breaches that have occurred in India in 2020–21. Ipleaders. 2021. https://blog.ipleaders.in/top-10-data-breaches-that-have-occurred-in-india-in-2020-21/.
[6]
Jin H, Luo Y, Li P, and Mathew J A review of secure and privacy-preserving medical data sharing IEEE Access 2019 7 61656-61669
[7]
Majeed A Attribute-centric anonymization scheme for improving user privacy and utility of publishing e-health data J King Saud Univ Comput In Sci 2019 31 4 426-435
[8]
Lin JC and Yeh KH Security and privacy techniques in IoT environment Sensors 2021 21 1 2021
[9]
de Carvalho Junior MA and Bandiera-Paiva P Health information system role-based access control current security trends and challenges J Healthc Eng 2018 18 6510249
[10]
Khalid T et al. A survey on privacy and access control schemes in fog computing Int J Commun Syst 2021
[11]
Yang X, Lu R, Shao J, Tang X, and Ghorbani AA Achieving efficient secure deduplication with user-defined access control in cloud IEEE Trans Depend Secure Comput 2022 19 1 591-606
[12]
Seol K, Kim YG, Lee E, Seo YD, and Baik DK Privacy-preserving attribute-based access control model for XML-based electronic health record system IEEE Access 2018 6 9114-9128
[13]
Elgendy R, Morad A, Elmongui HG, Khalafallah A, and Abougabal MS Role-task conditional-purpose policy model for privacy preserving data publishing Alex Eng J 2017 56 4 459-468
[14]
Peleg M, Beimel D, Dori D, and Denekamp Y Situation-based access control: privacy management via modeling of patient data access scenarios J Biomed Inf 2008 41 6 1028-1040
[15]
Tembhare A, SibiChakkaravarthy S, Sangeetha D, Vaidehi V, and VenkataRathnam M Role-based policy to maintain privacy of patient health records in cloud J Supercomput 2019 75 9 5866-5881
[16]
Wang Q, Jin H, Quantified risk-adaptive access control for patient privacy protection in health information systems, Proceedings of the 6th International Symposium on Information, Computer and Communications Security, ASIACCS 2011, 2011;406–10.
[17]
Kumar R and Tripathi R Scalable and secure access control policy for healthcare system using blockchain and enhanced Bell–LaPadula model J Ambient Intell Humaniz Comput 2021 12 2 2321-2338
[18]
Prince PB and Lovesum SPJ Privacy enforced access control model for secured data handling in cloud-based pervasive health care system SN Comput Sci 2020 1 5 1-8
[19]
Sicuranza M and Esposito A An access control model for easy management of patient privacy in EHR systems, 2013 8th International Conference for Internet Technology and Secured Transactions ICITST 2013 2013 463-470
[20]
Dagher GG, Mohler J, Milojkovic M, and Marella PB Ancile: Privacy-preserving framework for access control and interoperability of electronic health records using blockchain technology Sustain Cities Soc 2017 2018 39 283-297
[21]
Rezaeibagha F and Mu Y Distributed clinical data sharing via dynamic access-control policy transformation Int J Med Inf 2016 89 25-31
[22]
Xu J et al. Healthchain: a blockchain-based privacy preserving scheme for large-scale health data IEEE Internet Things J 2019 6 5 8770-8781
[23]
Ming Y and Zhang T Efficient privacy-preserving access control scheme in electronic health records system Sensors (Switzerland) 2018 18 10 3520
[24]
Ding W et al. An extended framework of privacy-preserving computation with flexible access control IEEE Trans Netw Serv Manage 2020 17 2 918-930
[25]
Premarathne U et al. Hybrid cryptographic access control for cloud-based EHR systems IEEE Cloud Comput 2016 3 4 58-64
[26]
Ding W, Yan Z, and Deng RH Privacy-preserving data processing with flexible access control IEEE Trans Depend Secure Comput 2020 17 2 363-376
[27]
Shi M, Jiang R, Hu X, and Shang J A privacy protection method for health care big data management based on risk access control Health Care Manag Sci 2020 23 3 427-442
[28]
Babrahem AS and Monowar MM Preserving confidentiality and privacy of the patient’s EHR using the OrBAC and AES in cloud environment* Int J Comput Appl 2021 43 1 50-61
[29]
Camenisch J, Hohenberger S, Lysyanskaya A. Balancing accountability and privacy using e-cash. In: International conference on security and cryptography for networks. Berlin, Heidelberg: Springer; 2006. p. 141–55.
[30]
Thwin TT and Vasupongayya S Blockchain-based access control model to preserve privacy for personal health record systems Secur Commun Netw 2019 2019 1-15
[31]
Grunwell D, Gajanayake R, Sahama T. Demonstrating accountable-eHealth systems. In: 2014 IEEE international conference on communications (ICC), Sydney, NSW, Australia. 2014. p. 4258–63.
[32]
Mohan K and Aramudhan M Ontology based access control model for healthcare system in cloud computing Indian J Sci Technol 2015 8 S9 218
[33]
Ni Q, Bertino E, Lobo J, and Calo SB Privacy-aware role-based access control IEEE Secur Priv 2009 7 4 35-43
[34]
Liddell K, Simon DA, and Lucassen A Patient data ownership: who owns your health? J Law Biosci 2021 8 2 lsa023
[35]
Levin O, Salido J, The two dimensions of data privacy measures, Brussels Privacy Symposium. 2016;7
[36]
Wagner I and Eckhoff D Technical privacy metrics: a systematic survey ACM Comput Surv 2018 51 3 1-45
[37]
Prasser F, Kohlmayer F, Lautenschläger R, Kuhn KA, ARX--A Comprehensive Tool for Anonymizing Biomedical Data, AMIA ... Annual Symposium proceedings/AMIA Symposium. AMIA Symposium. 2014
[38]
Cormode G, Procopiuc CM, Shen E, Srivastava D, Yu T, Empirical privacy and empirical utility of anonymized data. In: 2013 IEEE 29th International Conference on Data Engineering Workshops (ICDEW). 2013;2013:77–82.
[39]
Elliot M, Domingo-Ferrer J, The future of statistical disclosure control, The National Statistician’s Quality Review. 2018
[40]
Prasser F, Kohlmayer F, and Kuhn K The importance of context: risk-based de-identification of biomedical data Methods Inf Med 2016 55 347-55
[41]
Mai PX, Goknil A, Shar LK, Pastore F, Briand LC, and Shaame S modeling security and privacy requirements: a use case-driven approach Inf Softw Technol 2018 100 165-182
[42]
Ray P, Wimalasiri J, The Need for Technical Solutions for Maintaining the Privacy of HER. In: 2006 International Conference of the IEEE Engineering in Medicine and Biology Society. 2006, 2006:4686–89.
[43]
More SJ, Java Privacy Guard - The OpenPGP Message Format and an Implementation in Java, Bachelor’s Thesis, Graz University of Technology Institute for Applied Information Processing and Communication. 2015
[44]
Ferraiolo DF, Sandhu R, Gavrila S, Kuhn DR, and Chandramouli R Proposed NIST standard for role-based access control ACM Trans Inf Syst Secur 2001 4 3 224-274

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image SN Computer Science
SN Computer Science  Volume 5, Issue 3
Mar 2024
750 pages

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 28 February 2024
Accepted: 08 January 2024
Received: 02 October 2023

Author Tags

  1. Access control
  2. Data access scenarios
  3. Healthcare
  4. Privacy
  5. RUBAC
  6. Utility

Qualifiers

  • Research-article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 0
    Total Downloads
  • Downloads (Last 12 months)0
  • Downloads (Last 6 weeks)0
Reflects downloads up to 21 Dec 2024

Other Metrics

Citations

View Options

View options

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media