Abstract
Exploring healthcare system for assisting medical services or transmitting patients’ personal health information in web application has been widely investigated. Information and communication technologies have been applied to the medical services and healthcare area for a number of years to resolve problems in medical management. In the healthcare system, not all users are allowed to access all the information. Several authorization models for restricting users to access specific information at specific permissions have been proposed. However, as the number of users and the amount of information grows, the difficulties for administrating user authorization will increase. The critical problem limits the widespread usage of the healthcare system. This paper proposes an approach for role-based and extends it to deal with the information for authorizations in the healthcare system. We propose the role-based authorization model which supports authorizations for different kinds of objects, and a new authorization domain. Based on this model, we discuss the issues and requirements of security in the healthcare systems. The security issues for services shared between different healthcare industries will also be discussed.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Haux, R., Health information systems - past, present, future. Int. J. Med. Inform. 75:268–281, 2006.
Shaikh, A., Memon, M., Misbahuddin, M., and Memon, N., The role of service oriented architecture in telemedicine healthcare system. Presented at the Complex, Intelligent and Software Intensive Systems, IEEE, 2009.
HIMSS, definition of an electronic health record, http://www.himss.org/ASP/topics_ehr.asp.
Katehakis, D. G., Sfakianakis, S. G., Kavlentakis, G., Anthoulakis, D. N., and Tsiknakis, M., Delivering a lifelong integrated electronic health record based on a service oriented architecture. IEEE Trans. Inf. Technol. Biomed. 11(6):639–650, 2007.
Anderson R. J., Security in clinical information systems. London: British Medical Association; 1996.
Sandhu, R., Coyne, E. J., Feinstein, H. L., and Youman, C. E., Role based access control models. IEEE Comput. 29(2):38–48, 1996.
Bertino, E., Bonatti, P. A., and Ferrari, E., TRBAC: a temporal role-based access control model. ACM Trans. Inf. Syst. Secur. 4(3):191–233, 2001.
Ferraiolo, D., Cugini, J., and Kuhn, D. R., Role based access control: features and motivations. 11th Annual Computer Security Applications Proceedings, IEEE Computer Society Press, 1995.
Zhang, L., Ahn, G. J., and Chu, B. T., A role-based delegation framework for healthcare information systems. Seventh ACM Symposium on Access Control Models and Technologies, Monterey, pp. 125–134, 2002.
Han, R. F., and Wang, H. X., Research of task-role-based access control model. Comput. Eng. Des. 28(4):800–802, 2007.
Tari, Z., and Chan, S. W., A role-based access control for intranet security. IEEE Internet Comput., 1(5):24–34, 1997.
Evered, M., and Bogeholz, S., A case study in access control requirements for a health information system, ACSW Frontiers '04 Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation - Volume 32 pp. 53–61.
Meingast, M., Roosta, T., and Sastry, S., Security and privacy issues with health care information technology. Proceedings of the 28th IEEE EMBS Annual International Conference, New York City, USA, Aug 30–Sept 3, pp.5453–5458, 2006.
Martino, L. D., Ni, Q., Lin, D., and Bertino, E., Multi-domain and Privacy-aware Role Based Access Control in eHealth. Proceedings of 2nd International Conference on Pervasive Computing Technologies for Healthcare, pp.131–134, 2008.
Li, W., and Hoang, D., A New Security Scheme for E-health System. Proceedings of CTS ’09 Proceedings of the 2009 International Symposium on Collaborative Technologies and Systems, pp.361–366, 2009.
Hai-bo, S., and Fan, H., An Attribute-Based Access Control Model for Web Services. In the Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT’06), pp. 74–79, 2006.
Qing-hai, B., and Ying, Z., Study on the access control model in information security. Presented at the Cross Strait Quad-Regional Radio Science and Wireless Technology Conference (CSQRWC), 2011.
Acknowledgments
This project was supported by the National Science Council of Taiwan (Grant No: NSC99-2221-E-320-005).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Hsu, WS., Pan, JI. The Secure Authorization Model for Healthcare Information System. J Med Syst 37, 9974 (2013). https://doi.org/10.1007/s10916-013-9974-z
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-013-9974-z