A Robust Context and Role-Based Dynamic Access Control for Distributed Healthcare Information Systems

Abstract

Protecting patients’ privacy and enforcing rules for the purpose of granting access only to authorized users to manage patient information and system resources is a growing concern associated with healthcare information systems. In this chapter, a robust context and role-based approach are presented for access control (AC) in healthcare information systems (HIS), which is aimed at solving the AC problems in distributed HIS. This approach is based on the development and implementation of an AC model that extends the core Role-Based Access Control (RBAC) principles. The proposed approach is presented in the form of experimental research, using medical information from the UATH, in Nigeria, and was carried out in four phases. The first phase was to critically study the health information system of UATH, while the second phase was building a computerized database for the health records of the hospital. The third phase was creating and infusing a database AC system based on context using dynamic-RBAC (DRBAC). The fourth phase was to network the servers of the clinical departments (where patients’ health records are generated) into an intranet, such that access can be gained from within the hospital by only authorized officials after they have been authenticated. The results of this study show that there are contextual information and dynamic properties in the UATH healthcare system, which can be ranked according to relevance and usefulness, and utilized in significantly improving existing AC model used in HIS. It was also found that involving end users in the requirement-capturing process provided information that was useful in designing a better AC model. Therefore, this study shows the need for researchers in the field of database AC to continue to identify additional key security elements of computer systems in building efficient AC systems. In addition, AC models should be developed into web-based systems that would allow organizational resources to be accessed from anywhere and at any time in a distributed multi-domain environment.