Abstract
Delegation of access rights to patients' health records is an important feature for eHealth systems. Often considered an add-on to legacy access control systems, most of the existing delegation schemes are extension of the widely used role-based access control mechanism. However, when it comes to handling patient data in healthcare applications, a growing body of international technical standards, and national and regional healthcare regulations have been suggesting use of individual discretion as the basis, or at least a critical component, of access control. Along this line of access-control strategy, we are of the view that delegation is intrinsically discretionary, and it should be implemented in a way that directly translates user discretion as much as possible. In this paper, we propose a distributed system for delegation management that enables a patient to securely delegate access rights to her health records to someone she trusts. We implemented this discretionary approach using our eTRON enterprise security architecture, cryptographically assuring the authorization of any delegation.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
