Situation-Based Access Control: privacy management via modeling of patient data access scenarios |
| |
| Authors: | Peleg Mor Beimel Dizza Dori Dov Denekamp Yaron |
| |
| Affiliation: | aDepartment of Management Information systems, University of Haifa, Israel;bInformation Systems Area, Faculty of Industrial Engineering and Management, Technion-Israel Institute of Technology, Haifa 32000, Israel;cCarmel Medical Center, Faculty of Medicine, Technion, Israel Institute of Technology, Haifa, Israel |
| |
| Abstract: | ![]()
Access control is a central problem in privacy management. A common practice in controlling access to sensitive data, such as electronic health records (EHRs), is Role-Based Access Control (RBAC). RBAC is limited as it does not account for the circumstances under which access to sensitive data is requested. Following a qualitative study that elicited access scenarios, we used Object-Process Methodology to structure the scenarios and conceive a Situation-Based Access Control (SitBAC) model. SitBAC is a conceptual model, which defines scenarios where patient’s data access is permitted or denied. The main concept underlying this model is the Situation Schema, which is a pattern consisting of the entities Data-Requestor, Patient, EHR, Access Task, Legal-Authorization, and Response, along with their properties and relations. The various data access scenarios are expressed via Situation Instances. While we focus on the medical domain, the model is generic and can be adapted to other domains. |
| |
| Keywords: | Privacy preservation Access control Conceptual model Ontology Object-Process Methodology |
| 本文献已被 ScienceDirect PubMed 等数据库收录! |
|
