DOrMac: Privacy-aware Organization Based Access Control Model
Abstract
— SIMPLE FAILURES IN PROTECTING MEDICAL DATA
CAN HAVE DRAMATIC CONSEQUENCES ON A PATIENT PRIVACY. IN
THIS ARTICLE, WE FOCUS MAINLY ON ACCESS CONTROL FOR
PROTECTING SENSITIVE DATA WITHIN PATIENT’S ELECTRONIC
HEALTH RECORD (EHR). WE PROPOSE A NEW ACCESS CONTROL
MODEL CALLED DORMAC CAPABLE OF EXPRESSING BOTH A SECURITY
POLICY ESTABLISHED BY A HEALTHCARE PROVIDER AND A PRIVACY
POLICY DEFINED BY A PATIENT. FOR EXPRESSING PRIVACY, WE
ENRICHED THE ORGANIZATION BASED ACCESS CONTROL MODEL
(ORBAC) BY SOME SECURITY CONCEPTS INSPIRED FROM
DISCRETIONARY AND MANDATORY POLICIES. THIS MODEL ACHIEVE A
GOOD BALANCE BETWEEN AVAILABILITY OF DATA DURING CARE AND
PRIVACY PROTECTION.
Description
Keywords
Security, Privacy, Access Control, Electronic Health Record, DOrMac.