1. Activity-oriented access control to ubiquitous hospital information and services
- Author
-
Le, Xuan Hung, Lee, Sungyoung, Lee, Young-Koo, Lee, Heejo, Khalid, Murad, and Sankar, Ravi
- Subjects
- *
UBIQUITOUS computing , *ACCESS control , *HUMAN activity recognition , *PHYSICIAN-patient privilege , *POINT-of-care testing , *MEDICAL informatics , *MEDICAL personnel , *CONFIDENTIAL records - Abstract
Abstract: In hospital information systems, protecting the confidentiality of health information, whilst at the same time allowing authorized physicians to access it conveniently, is a crucial requirement. The need to deliver health information at the point-of-care is a primary factor to increase healthcare quality and cost efficiency. However, current systems require considerable coordination effort of hospital professionals to locate relevant documents to support a specific activity. This paper presents a flexible and dynamic access control model, Activity-Oriented Access Control (AOAC), which is based on user activity to authorize access permissions. A user is allowed to perform an activity if he/she holds a number of satisfactory attributes (i.e. roles, assignments, etc.) under a specified condition (e.g. time, location). Results of AOAC implementation in a realistic healthcare scenario have shown to meet two important requirements: protecting confidentiality of health information by denying an unauthorized access, and allowing physicians to conveniently browse medical data at the point-of-care. Furthermore, the average execution time was 0.078s which allows AOAC to work in real-time. [Copyright &y& Elsevier]
- Published
- 2010
- Full Text
- View/download PDF