Abstract
Modern medicine has grown to an insurmountable level over the past decades. Today, this sector of human life is a high-tech industry, where all areas that can save lives of previously hopeless patients are successfully developing. The technical equipment of health care facilities has been substantially improved, it has become possible to diagnose diseases at an early stage and to quickly restore the working capacity of patients. Nevertheless, with all the advantages and capabilities of modern technology in this area, there are many problems. One of the most significant is the provision of privacy of medical information, which should be considered from both sides, both technical and regulatory. Ensuring the confidentiality of data in medical systems depends on the correct and timely organization of managing access to medical information. The US Health Insurance Portability and Accountability Act (HIPAA) is the most widespread and comprehensive regulatory document for the security of medical data. Regarding the Ukrainian normative documents, they realize the rights of the patient to receive information about their state of health, and medical systems do not have a certificate on the compliance of a comprehensive system of protection of information in accordance with the requirements of normative documents on the technical protection of information. In this article, the authors are considering designing an access control model that solves the problem of providing information security for medical systems and is based on access control based on roles with minimal constraints. The model to be developed should determine the actions and resources that are available to the user, as well as provide individual access to resources. The authors examined the existing models of access control, identified the advantages and disadvantages that formed the basis of their own model. The paper describes the creation of a role-based security policy that defines the information flows permitted by the system, based on the international regulatory document HIPAA. With the help of the developed model, it is possible to execute its storage in different ways and in any case, it is very easy to convert into a relational database
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
