Abstract
American and European Legislation for protection of medical data agree that the patient has the right to play a pivotal role in the decisions regarding the content and distribution of her/his medical records. The Role Based Access Control (RBAC) model is the most commonly used authorization model in healthcare. The first goal of this work is to review if existing models and standards provide for patients accessing their medical records and customizing access control rules, the second goal is to define and propose an authorization model based on RBAC to be used and customized by the patient. A literature review was performed and encompassed 22 articles and standards from which 12 were included for analysis. Results show that existing standards define guidelines for these issues but they are too generic to be directly applied to real healthcare settings. The proposed authorization model combines characteristics of RBAC, ISO/TS 13606-4, temporal constraints and break the glass. With this model we hope to start bridging the gap between legislation and what really happens in practice in terms of patients controlling and being actively involved in their healthcare. Future work includes the implementation and evaluation of the proposed model in a healthcare setting.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
