The Secure Authorization Model for Healthcare Information System
- 332 Downloads
Exploring healthcare system for assisting medical services or transmitting patients’ personal health information in web application has been widely investigated. Information and communication technologies have been applied to the medical services and healthcare area for a number of years to resolve problems in medical management. In the healthcare system, not all users are allowed to access all the information. Several authorization models for restricting users to access specific information at specific permissions have been proposed. However, as the number of users and the amount of information grows, the difficulties for administrating user authorization will increase. The critical problem limits the widespread usage of the healthcare system. This paper proposes an approach for role-based and extends it to deal with the information for authorizations in the healthcare system. We propose the role-based authorization model which supports authorizations for different kinds of objects, and a new authorization domain. Based on this model, we discuss the issues and requirements of security in the healthcare systems. The security issues for services shared between different healthcare industries will also be discussed.
KeywordsHealthcare Health information systems Privacy Security Role-based
This project was supported by the National Science Council of Taiwan (Grant No: NSC99-2221-E-320-005).
- 2.Shaikh, A., Memon, M., Misbahuddin, M., and Memon, N., The role of service oriented architecture in telemedicine healthcare system. Presented at the Complex, Intelligent and Software Intensive Systems, IEEE, 2009.Google Scholar
- 3.HIMSS, definition of an electronic health record, http://www.himss.org/ASP/topics_ehr.asp.
- 5.Anderson R. J., Security in clinical information systems. London: British Medical Association; 1996.Google Scholar
- 7.Bertino, E., Bonatti, P. A., and Ferrari, E., TRBAC: a temporal role-based access control model. ACM Trans. Inf. Syst. Secur. 4(3):191–233, 2001.Google Scholar
- 8.Ferraiolo, D., Cugini, J., and Kuhn, D. R., Role based access control: features and motivations. 11th Annual Computer Security Applications Proceedings, IEEE Computer Society Press, 1995.Google Scholar
- 9.Zhang, L., Ahn, G. J., and Chu, B. T., A role-based delegation framework for healthcare information systems. Seventh ACM Symposium on Access Control Models and Technologies, Monterey, pp. 125–134, 2002.Google Scholar
- 11.Tari, Z., and Chan, S. W., A role-based access control for intranet security. IEEE Internet Comput., 1(5):24–34, 1997.Google Scholar
- 12.Evered, M., and Bogeholz, S., A case study in access control requirements for a health information system, ACSW Frontiers '04 Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation - Volume 32 pp. 53–61.Google Scholar
- 13.Meingast, M., Roosta, T., and Sastry, S., Security and privacy issues with health care information technology. Proceedings of the 28th IEEE EMBS Annual International Conference, New York City, USA, Aug 30–Sept 3, pp.5453–5458, 2006.Google Scholar
- 14.Martino, L. D., Ni, Q., Lin, D., and Bertino, E., Multi-domain and Privacy-aware Role Based Access Control in eHealth. Proceedings of 2nd International Conference on Pervasive Computing Technologies for Healthcare, pp.131–134, 2008.Google Scholar
- 15.Li, W., and Hoang, D., A New Security Scheme for E-health System. Proceedings of CTS ’09 Proceedings of the 2009 International Symposium on Collaborative Technologies and Systems, pp.361–366, 2009.Google Scholar
- 16.Hai-bo, S., and Fan, H., An Attribute-Based Access Control Model for Web Services. In the Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT’06), pp. 74–79, 2006.Google Scholar
- 17.Qing-hai, B., and Ying, Z., Study on the access control model in information security. Presented at the Cross Strait Quad-Regional Radio Science and Wireless Technology Conference (CSQRWC), 2011.Google Scholar