An Authorization Model for E-consent Requirement in a Health Care Application

More and more coordination of health care relies on the electronic transmission of confidential information about patients between different health care services. Since the patient data is confidential, patients should be able to delegate, give or withhold e-consent to those who wish to access their electronic health information. Therefore the problem of how to represent and evaluate e-consent becomes quite important in secure health information processing. This paper presents an authorization model for e-consent requirement in a health care application. The model supports well controlled consent delegation, both explicit and implicit consent and denial, individual based or role based consent model, and consent inheritance and exception. A system architecture for e-consent is also presented.

[1]  George Loizou,et al.  A Logic of Access Control , 2001, Comput. J..

[2]  Elisa Bertino,et al.  A logical framework for reasoning on data access control policies , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[3]  Vijay Varadharajan,et al.  Logic-Based Reasoning on Delegatable Authorizations , 2002, ISMIS.

[4]  Silvana Castano,et al.  Database Security , 1997, IFIP Advances in Information and Communication Technology.

[5]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[6]  Vijay Varadharajan,et al.  An Access Control Model and Its Use in Representing Mental Health Application Access Policy , 1996, IEEE Trans. Knowl. Data Eng..

[7]  Dan Thomsen,et al.  Role-Based Application Design and Enforcement , 1990, Database Security.

[8]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.