Abstract
In hospital information systems, protecting the confidentiality of health information, whilst at the same time allowing authorized physicians to access it conveniently, is a crucial requirement. The need to deliver health information at the point-of-care is a primary factor to increase healthcare quality and cost efficiency. However, current systems require considerable coordination effort of hospital professionals to locate relevant documents to support a specific activity. This paper presents a flexible and dynamic access control model, Activity-Oriented Access Control (AOAC), which is based on user activity to authorize access permissions. A user is allowed to perform an activity if he/she holds a number of satisfactory attributes (i.e. roles, assignments, etc.) under a specified condition (e.g. time, location). Results of AOAC implementation in a realistic healthcare scenario have shown to meet two important requirements: protecting confidentiality of health information by denying an unauthorized access, and allowing physicians to conveniently browse medical data at the point-of-care. Furthermore, the average execution time was 0.078 s which allows AOAC to work in real-time.
Original language | English |
---|---|
Pages (from-to) | 2979-2990 |
Number of pages | 12 |
Journal | Information Sciences |
Volume | 180 |
Issue number | 16 |
DOIs | |
Publication status | Published - 2010 Aug 15 |
Bibliographical note
Funding Information:This work was supported by a grant from the Kyung Hee University in 2009 ( KHU-20090437 ).
Keywords
- Access control
- Human activity
- Security
- Ubiquitous hospital information system and services
ASJC Scopus subject areas
- Software
- Control and Systems Engineering
- Theoretical Computer Science
- Computer Science Applications
- Information Systems and Management
- Artificial Intelligence