Research output: Contribution to journal › Article › Academic › peer-review
AC-ABAC : Attribute-based access control for electronic medical records during acute care. / de Oliveira, Marcela T.; Verginadis, Yiannis; Reis, L. cio H. A. et al.
In: Expert Systems with Applications, Vol. 213, 119271, 01.03.2023.Research output: Contribution to journal › Article › Academic › peer-review
}
TY - JOUR
T1 - AC-ABAC
T2 - Attribute-based access control for electronic medical records during acute care
AU - de Oliveira, Marcela T.
AU - Verginadis, Yiannis
AU - Reis, L. cio H. A.
AU - Psarra, Evgenia
AU - Patiniotakis, Ioannis
AU - Olabarriaga, S. lvia D.
N1 - Funding Information: This work was funded by the ASCLEPIOS project (Advanced Secure Cloud Encrypted Platform for Internationally Orchestrated Solutions in Healthcare) of the European Union's Horizon 2020 research and innovation program under grant agreement No. 826093. Funding Information: This work was funded by the ASCLEPIOS project (Advanced Secure Cloud Encrypted Platform for Internationally Orchestrated Solutions in Healthcare) of the European Union’s Horizon 2020 research and innovation program under grant agreement No. 826093 . Publisher Copyright: © 2022 The Author(s)
PY - 2023/3/1
Y1 - 2023/3/1
N2 - Acute care demands fast response and procedures from the healthcare professionals involved in the emergency. The availability of electronic medical records (EMR) enables acute care teams to access patient data promptly, which is critical for proper treatment. The EMR contains sensitive data, so proper access control is a necessity. However, acute care situations entail the introduction of dynamic authorisation techniques that are able to swiftly grant access to the acute care teams during the treatment and that at the same time can revoke it as soon as the treatment is over. In this work, our contributions are threefold. First, we propose a step-by-step methodology that defines dynamic and fine-grained access control in acute care incidents. Then, we applied this methodology with the Amsterdam University Medical Center acute stroke care teams, resulting in a new model coined ’Acute Care Attribute-Based Access Control (AC-ABAC)’. AC-ABAC implements access control policies that take into account contextual attributes for dynamically sharing patient data with the appropriate healthcare professionals during the life cycle of acute care. Finally, we evaluate the performance and show the feasibility and correctness of AC-ABAC through a prototype implementation of the model and simulation of patient data requests in various scenarios. The results show that the most complex policy evaluation takes on average 194.89 ms, which is considered worthwhile when compared to the added value to the system's security and the acute care process.
AB - Acute care demands fast response and procedures from the healthcare professionals involved in the emergency. The availability of electronic medical records (EMR) enables acute care teams to access patient data promptly, which is critical for proper treatment. The EMR contains sensitive data, so proper access control is a necessity. However, acute care situations entail the introduction of dynamic authorisation techniques that are able to swiftly grant access to the acute care teams during the treatment and that at the same time can revoke it as soon as the treatment is over. In this work, our contributions are threefold. First, we propose a step-by-step methodology that defines dynamic and fine-grained access control in acute care incidents. Then, we applied this methodology with the Amsterdam University Medical Center acute stroke care teams, resulting in a new model coined ’Acute Care Attribute-Based Access Control (AC-ABAC)’. AC-ABAC implements access control policies that take into account contextual attributes for dynamically sharing patient data with the appropriate healthcare professionals during the life cycle of acute care. Finally, we evaluate the performance and show the feasibility and correctness of AC-ABAC through a prototype implementation of the model and simulation of patient data requests in various scenarios. The results show that the most complex policy evaluation takes on average 194.89 ms, which is considered worthwhile when compared to the added value to the system's security and the acute care process.
KW - Acute care
KW - Attribute-based access control
KW - Cloud storage
KW - Data privacy
KW - Electronic Medical Records
KW - XACML
UR - http://www.scopus.com/inward/record.url?scp=85142732862&partnerID=8YFLogxK
U2 - 10.1016/j.eswa.2022.119271
DO - 10.1016/j.eswa.2022.119271
M3 - Article
VL - 213
JO - Expert Systems with Applications
JF - Expert Systems with Applications
SN - 0957-4174
M1 - 119271
ER -
ID: 27969251