IDEAS home Printed from https://ideas.repec.org/a/igg/jisp00/v7y2013i3p36-52.html
   My bibliography  Save this article

A Comparative Analysis of Chain-Based Access Control and Role-Based Access Control in the Healthcare Domain

Author

Listed:
  • Esraa Omran

    (Gulf University for Science & Technology, Kuwait City, Kuwait)

  • Tyrone Grandison

    (Proficiency Labs, Ashland, OR, USA)

  • David Nelson

    (Faculty of Applied Sciences, University of Sunderland, Sunderland, UK)

  • Albert Bokma

    (Avedas Information Management, Karlsruhe, Germany)

Abstract

The importance of electronic healthcare has caused numerous changes in both substantive and procedural aspects of healthcare processes. These changes have produced new challenges for patient privacy and information secrecy. Traditional privacy policies cannot respond to rapidly increased privacy needs of patients in electronic healthcare. Technically enforceable privacy policies are needed in order to protect patient privacy in modern healthcare with its cross-organizational information sharing and decision making. This paper proposes a personal information flow model that proposes a limited number of acts on this type of information. Ontology-classified chains of these acts can be used instead of the “intended business purposes” in the context of privacy access control. This enables the seamless integration of security and privacy into existing healthcare applications and their supporting infrastructures. In this paper, the authors present their idea of a Chain-Based Access Control (ChBAC) mechanism and provide a comparative analysis of it to Role-Based Access Control (RBAC). The evaluation is grounded in the healthcare domain and examines a range of typical access scenarios and approaches.

Suggested Citation

  • Esraa Omran & Tyrone Grandison & David Nelson & Albert Bokma, 2013. "A Comparative Analysis of Chain-Based Access Control and Role-Based Access Control in the Healthcare Domain," International Journal of Information Security and Privacy (IJISP), IGI Global, vol. 7(3), pages 36-52, July.
    • Handle: RePEc:igg:jisp00:v:7:y:2013:i:3:p:36-52
    as

    Download full text from publisher

    File URL: http://services.igi-global.com/resolvedoi/resolve.aspx?doi=10.4018/jisp.2013070103
    Download Restriction: no
    ---><---

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:igg:jisp00:v:7:y:2013:i:3:p:36-52. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Journal Editor (email available below). General contact details of provider: https://www.igi-global.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.