Abstract
In the healthcare domain, protecting the electronic health record (EHR) is crucial for preserving the privacy of the patient. To help protect the sensitive data, access control mechanisms can be utilized to restrict access to only legitimate users. However, an issue arises when the authorized users abuse their access privileges and violate privacy preferences of the patients. While traditional access control schemes fall short of defending against the misbehavior of authorized users, risk-aware access control models can provide adaptable access to the system resources based on assessing the risk of an access request. When an access request is deemed risky, but within acceptable thresholds, risk mitigation strategies can be exploited to minimize the risk calculated. This paper proposes a risk-aware, privacy-preserving risk mitigation approach that can be utilized in the healthcare domain. The risk mitigation approach controls the patient’s medical data that can be exposed to healthcare professionals, according to their trust level as well as the risk incurred of such data exposure, by developing a novel Risk Measure formula. The developed Risk Measure is proven to manage the risk effectively. Furthermore, Risk Mitigation Data Disclosure algorithms, RIMIDI0 and RIMIDI1, which utilize the developed risk measures, are proposed. Experimental results show the feasibility and effectiveness of the proposed method in preserving the privacy preferences of the patient. Since the proposed approach exposes the patient’s data that are relevant to the undergoing medical procedure while preserving the privacy preferences, positive outcomes can be realized, which will ultimately bring forth quality healthcare services.
Highlights
This paper proposes a risk-aware, privacy-preserving risk mitigation approach that can be utilized in the healthcare domain
Because the risk mitigation approach assumes the utilization of the Disease Relevance Matrix and trust evaluation, some background is presented for each assumption
Suppose that these three patients already have matching records of already diagnosed health issues. They suffer from the same set of diseases. When they came in for their health issue, doctor u, out of his responsibility to deliver quality healthcare services and to avoid potential repetitive tests and procedures, consulted the Disease Relevance Matrix (DRM) to check for health issues that could possibly be relevant to his treatment effort
Summary
The release or access of such private data by unauthorized entities, whether intentionally or accidentally, can pose serious consequences for those individuals; they could face social judgment and embarrassment, difficulties in getting employed as well as obtaining and maintaining insurance policies [2] To help overcome such consequences, several legislations and regulation rules have been issued in efforts to maintain privacy and bring patients more control over their data such as the Health Insurance and Accountability Act, HIPAA, legislation [3]. Issue 1: Privacy Preferences The main goal of this research is to propose a risk mitigation approach that can protect the patient’s private data while providing the health care provider the required access to their related health records to bring them quality healthcare services. The medical data for the patients does not include the privacy weights
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
