Sciweavers

ACISP
2003
Springer

A Novel Use of RBAC to Protect Privacy in Distributed Health Care Information Systems

14 years 5 months ago
A Novel Use of RBAC to Protect Privacy in Distributed Health Care Information Systems
Abstract. This paper examines the access control requirements of distributed health care information networks. Since the electronic sharing of an individual’s personal health information requires their informed consent, health care information networks need an access control framework that can capture and enforce individual access policies tailored to the specific circumstances of each consumer. Role Based Access Control (RBAC) is examined as a candidate access control framework. While it is well suited to the task in many regards, we identify a number of shortcomings, particularly in the range of access policy expression types that it can support. For efficiency and comprehensibility, access policies that grant access to a broad range of entities whilst explicitly denying it to subgroups of those entities need to be supported in health information networks. We argue that RBAC does not support policies of this type with sufficient flexibility and propose a novel adaptation of RBAC ...
Jason Reid, Ian Cheong, Matthew Henricksen, Jason
Added 06 Jul 2010
Updated 06 Jul 2010
Type Conference
Year 2003
Where ACISP
Authors Jason Reid, Ian Cheong, Matthew Henricksen, Jason Smith
Comments (0)