Abstract
Abstract The emerging popularity of telemedicine solutions brought an alarming problem due to the lack of proper access control solutions. With the inclusion of multi-tiered, heterogeneous infrastructures containing Internet of things and edge computing elements, the severity and complexity of the problem became even more alarming, calling for an established access control framework and methodology. The goal of the research is to define a possible solution with a focus on native cloud integration, possible deployment at multiple points along the path of the healthcare data, and adaptation of the fast healthcare interoperability resources standard. In this paper, the importance of this issue in offline use cases is presented and the effectiveness of the proposed solution is evaluated.
Highlights
In recent years, the number and variance of telemedicine applications significantly increased
The proposed solution to this problem consists of an adaptation of the Extensible Access Control Markup Language (XACML) standard from the Organization for the Advancement of Structured Information Standards (OASIS) [6], which is used at several points of the data path and even partially in applications, and allows policy enforcement and access control with a unified, portable methodology, whose current state and evaluation in offline use cases I will present in this paper
The elements of the outlined solution were inspired by the XACML standard, but adapted to support resources that implement the Fast Healthcare Interoperability Resources (FHIR) standard, and combined with the Open Policy Agent (OPA) policy evaluating engine [14] as its implementation, has the ability to be deployed at any point in the datapath, as it is shown in Fig. 1, to work efficiently regardless of the actual type of backend and database solutions, determine the user’s access level, allow or deny operations on the data, and even transform it in certain scenarios to hide or remove parts that are unnecessary or dangerous in the context of use
Summary
The number and variance of telemedicine applications significantly increased. This has happened due to several factors: the emergence of well-defined industry standards including the popular Fast Healthcare Interoperability Resources (FHIR) [1], the availability of patient information via smartphones, simple applications and Internet of Things (IoT) devices, and the new opportunities provided by the various cloud providers for development teams. The only problem with this newfound popularity of healthcare application development - besides the challenges and possible bottlenecks of an IoT-based sensor network [2] – has been a general lack of proper definitions and solutions to meet several important aspects of domain requirements for a completely interoperable system, as noted in the comprehensive study by Coppolino et al [3], and by Garai et al [4] in their work, focusing on a possible telemedicine interoperability solution, most notably the issue of security and access control. The proposed solution to this problem consists of an adaptation of the Extensible Access Control Markup Language (XACML) standard from the Organization for the Advancement of Structured Information Standards (OASIS) [6], which is used at several points of the data path and even partially in applications, and allows policy enforcement and access control with a unified, portable methodology, whose current state and evaluation in offline use cases I will present in this paper
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
