A secure data access model for the Mauritian healthcare service

The volume of the data involved in healthcare systems and the sensitivity of the data call for strict, non-obtrusive and efficient access control. This paper presents the design and implementation of a software prototype to demonstrate how Role-Based Access Control (RBAC), supported by context-awareness, can be applied in the Mauritian healthcare service for providing efficient and effective access control to patient's data. The work has consisted of studying different models of Role-Based and Context-Based access control used elsewhere and applying it to the Mauritian healthcare sector. The software prototype is based on information flow in a collaborator healthcare institution. The prototype has been implemented as a distributed system based on the client-server model, with the location of users and time of access being forms of context considered. The prototype has been successfully implemented and tested under different scenarios of data access.

[1]  Roshan K. Thomas,et al.  Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments , 1997, RBAC '97.

[2]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[3]  Maria Luisa Damiani,et al.  Towards movement-aware access control , 2008, SPRINGL '08.

[4]  Shengbo Chen,et al.  Roles-based Access Control Modeling and Testing for Web Applications , 2012, 2012 Third World Congress on Software Engineering.

[5]  Jason Smith,et al.  A Novel Use of RBAC to Protect Privacy in Distributed Health Care Information Systems ? , 2003 .

[6]  Manish Parashar,et al.  Dynamic context-aware access control for grid applications , 2003, Proceedings. First Latin American Web Congress.

[7]  Elisa Bertino,et al.  TRBAC: a temporal role-based access control model , 2000, RBAC '00.

[8]  Ernesto Damiani,et al.  Supporting location-based conditions in access control policies , 2006, ASIACCS '06.

[9]  Chang Nian Zhang,et al.  An XML-based administration method on role-based access control in the enterprise environment , 2003, Inf. Manag. Comput. Secur..

[10]  Xin Jin,et al.  A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC , 2012, DBSec.

[11]  Dov Dori,et al.  Situation-Based Access Control: Privacy management via modeling of patient data access scenarios , 2008, J. Biomed. Informatics.

[12]  SandhuRavi,et al.  Role-based access control on the web , 2001 .

[13]  B. Bouwman,et al.  Rights Management for Role-Based Access Control , 2008, 2008 5th IEEE Consumer Communications and Networking Conference.

[14]  Seog Park,et al.  Context-Aware Role Based Access Control Using User Relationship , 2013 .

[15]  Liang Chen,et al.  Risk-Aware Role-Based Access Control , 2011, STM.

[16]  Mustaque Ahamad,et al.  A context-aware security architecture for emerging applications , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[17]  Stephan Kudyba,et al.  Enhancing efficiency in the health care industry , 2005, CACM.

[18]  Anand R. Tripathi,et al.  Context-aware role-based access control in pervasive computing systems , 2008, SACMAT '08.