Abstract
Preserving privacy of the electronic health records of the patients has been a fundamental issue in the healthcare domain. Several techniques have been employed to maintain privacy of the sensitive information such as controlling access to the medical records. While acting as a first line of defense against illegitimate access, traditional access control schemes fall short of defending against misbehavior of the already authenticated and authorized users; a risk that can harbor devastating consequences upon potential data release or leak. Several approaches can be implemented to overcome this risk such as establishing the notion of trustworthiness of the system users, which makes the access control scheme more dynamic and adaptable. In effect, as opposed to rigidly denying an access request, an access control model becomes more tolerable towards risky access requests by employing risk mitigation strategies. This paper introduces a novel risk mitigation strategy, for the healthcare domain, through which the risk associated with an access request is evaluated against the privacy preferences of the patient undergoing the medical procedure. The proposed strategy, which is HIPAA compliant, decides the set of data objects that can be safely exposed to the healthcare service provider such that unnecessarily repeated tests and procedures can be avoided and the privacy preferences of the patient are preserved.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
