Circle of Health Based Access Control for Personal Health Information Systems

  • Ryan HabibiEmail author
  • Jens Weber
  • Morgan Price
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10744)


Patients can track, manage, and share their personal health information (PHI). There are security concerns with the ownership and custodianship of PHI. Traditional provider-facing access control (AC) policies have been applied to many patient-facing applications without consideration as to whether these controls are comprehensible and sufficient. We have conducted a scoping literature review of on AC and patient privacy (n = 31) to identify the state of knowledge and to understand what is being done to address this gap. Synthesizing the results we propose Circle of Health Based AC, a graphical patient-centric AC model. The model has been validated with a panel of user experience, healthcare, and security experts. This work will discuss the scoping literature review and describe the proposed model and justification for it’s applications for user-defined access policy.


Attribute-based access control Personal Health Information Circle of Care Graph transformations 


  1. 1.
    Norman, D.A.: The Design of Everyday Things: Revised and Expanded Edition. Basic Books, New York (2013)Google Scholar
  2. 2.
    Price, M.: Circle of Care Modeling: Seeking Improvements in Continuity of Care for end of life patients. PhD Dissertation, School of Health Information Science, University of Victoria (2009)Google Scholar
  3. 3.
    Pham, H., Schrag, D., O’Malley, A., Wu, B., Bach, P.: Care patterns in Medicare and their implications for pay for performance. New Engl. J. Med. 356(11), 1130 (2007)CrossRefGoogle Scholar
  4. 4.
    Kahn, J.S., Aulakh, V., Bosworth, A.: What it takes: characteristics of the ideal personal health record. Health Aff. 28(2), 369–376 (2009)CrossRefGoogle Scholar
  5. 5.
    Arksey, H., O’Malley, L.: Scoping studies: towards a methodological framework. Int. J. Soc. Res. Methodol. 8(1), 19–32 (2005)CrossRefGoogle Scholar
  6. 6.
    Hue, P.T.B., Wohlgemuth, S., Echizen, I., Thuc, N.D., Thuy, D.T.B.: An experimental evaluation for a new column-level access control mechanism for electronic health record systems. Int. J. U- E-Serv. Sci. Technol. 4(3), 73–86 (2011). CrossRefGoogle Scholar
  7. 7.
    Trojer, T., Katt, B., Ozata, T., Breu, R., Mangesius, P., Schabetsberger, T.: Factors of access control management in electronic healthcare: the patients perspective, pp. 2967–2976. IEEE (2014).
  8. 8.
    Levy, K., Sargent, B., Bai, Y.: A trust-aware tag-based privacy control for eHealth 2.0. In: Proceedings of the 2011 Conference on Information Technology Education. ACM (2011)Google Scholar
  9. 9.
    Margheri, A., et al.: On a formal and user-friendly linguistic approach to access control of electronic health data, pp. 263–268 (2013)Google Scholar
  10. 10.
    Ssembatya, R.: An access control framework for protecting mobile health records: the case study of developing countries. In: Proceedings of the Ninth International Network Conference (INC 2012) (2012).
  11. 11.
    Sicuranza, M., Esposito, A.: An access control model for easy management of patient privacy in EHR systems. In: 2013 8th International Conference for Internet Technology and Secured Transactions (ICITST), pp. 463–470 (2013).
  12. 12.
    Ehrig, H., Ehrig, K., Prange, U., Taentzer, G.: Graph transformation systems. In: Ehrig, H., Ehrig, K., Prange, U., Taentzer, G. (eds.) Fundamentals of Algebraic Graph Transformation. EATCS, pp. 37–71. Springer, Heidelberg (2006). Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  1. 1.LEAD LabUniversity of VictoriaVictoriaCanada

Personalised recommendations