Abstract

In recent years, there has been an increase in the application of attribute-based access control (ABAC) in electronic health (e-health) systems. E-health systems are used to store a patient’s electronic version of medical records. These records are usually classified according to their usage i.e., electronic health record (EHR) and personal health record (PHR). EHRs are electronic medical records held by the healthcare providers, while PHRs are electronic medical records held by the patients themselves. Both EHRs and PHRs are critical assets that require access control mechanism to regulate the manner in which they are accessed. ABAC has demonstrated to be an efficient and effective approach for providing fine grained access control to these critical assets. In this paper, we conduct a survey of the existing literature on the application of ABAC in e-health systems to understand the suitability of ABAC for e-health systems and the possibility of using ABAC access logs for observing, modelling and analysing security practices of healthcare professionals. We categorize the existing works according to the application of ABAC in PHR and EHR. We then present a discussion on the lessons learned and outline future challenges. This can serve as a basis for selecting and further advancing the use of ABAC in e-health systems

Highlights

  • There has been a growing interest in the application of attribute-based access control (ABAC) in e-health systems

  • E-health systems interact with critical assets like electronic medical records, and ABAC has been shown to offer a promising approach to securing these critical assets

  • We categorize the different applications of ABAC in e-health systems according to those use in personal health record (PHR) and those apply in electronic health record (EHR)

Read more

Summary

INTRODUCTION

There has been a growing interest in the application of ABAC in e-health systems. This is evident by the increasing number of publications and on-going research activities in that direction. E-health systems interact with critical assets like electronic medical records, and ABAC has been shown to offer a promising approach to securing these critical assets. Sharing of electronic medical records raises security and privacy concerns for both EHR and PHR. For EHR, healthcare providers are required by regulatory bodies to ensure that the security and privacy of the electronic medical records are maintained. We present a survey on the application of ABAC in e-health systems. We categorize the different applications of ABAC in e-health systems according to those use in PHR and those apply in EHR.

BACKGROUND
Requirements of E-Health Systems
Access Control Mechanisms
LITERATURE SURVEY
DISCUSSION
Comparison of the Different Approaches
Findings
Towards Modelling and Analysing Healthcare Professionals’ Security Practices
CONCLUSION

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.