Security control of Electronic Medical Record (EMR) is a mechanism used to manage electronic medical records files and protect sensitive medical records document from information leakage. Researches proposed the Role-Based Access Control(RBAC). However, with the increasing scale of medical institutions, the access control behavior is difficult to have a detailed declaration among roles in RBAC. Furthermore, with the stringent specifications such as the U.S. HIPAA and Canada PIPEDA etc., patients are encouraged to have the right in regulating the access control of his EMR. In response to these problems, we propose an EMR digital rights management system, which is a RBAC-based extension to a matrix organization of medical institutions, known as RBAC-Matrix. With the aim of authorizing the EMR among roles in the organization, RBAC-Matrix also allow patients to be involved in defining access rights of his records. RBAC-Matrix authorizes access control declaration among matrix organizations of medical institutions by using XrML file in association with each EMR. It processes XrML rights declaration file-based authorization of behavior in the two-stage design, called master & servant stage, thus makes the associated EMR to be better protected. RBAC-Matrix will also make medical record file and its associated XrML declaration to two different EMRA(EMR Authorization)roles, namely, the medical records Document Creator (DC) and the medical records Document Right Setting (DRS). Access right setting, determined by the DRS, is cosigned by the patient, thus make the declaration of rights and the use of EMR to comply with HIPAA specifications.
[1]
Ravi S. Sandhu,et al.
Role-Based Access Control Models
,
1996,
Computer.
[2]
L. Condric,et al.
The importance of project office in matrix organization
,
2005,
Proceedings of the 8th International Conference on Telecommunications, 2005. ConTEL 2005..
[3]
尚弘 島影.
National Institute of Standards and Technologyにおける超伝導研究及び生活
,
2001
.
[4]
Vijay Varadharajan,et al.
Role-based access control and the access control matrix
,
2001,
OPSR.
[5]
Xin Wang,et al.
XrML -- eXtensible rights Markup Language
,
2002,
XMLSEC '02.
[6]
Chien-Ding Lee,et al.
A Cryptographic Key Management Solution for HIPAA Privacy/Security Regulations
,
2008,
IEEE Transactions on Information Technology in Biomedicine.
[7]
Yu-Fang Chung,et al.
A Secure Authentication Scheme for Telecare Medicine Information Systems
,
2012,
Journal of Medical Systems.
[8]
Ramaswamy Chandramouli,et al.
The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms
,
2001,
ACM Trans. Inf. Syst. Secur..
[9]
H. Elsheshtawy,et al.
Personal Information Protection and Electronic Documents Act
,
2015
.
[10]
Yi Mu,et al.
Personal Health Record Systems and Their Security Protection
,
2006,
Journal of Medical Systems.
[11]
Vijayalakshmi Atluri,et al.
Role-based Access Control
,
1992
.