A Secure and Flexible e-Health Access Control System with Provisions for Emergency Access Overrides and Delegation of Access Privileges

摘要

Protecting electronic health records (EHR) from unauthorized access and data breaches has been a great challenge for healthcare organizations in recent times. Controlling access to EHR demands a delicate balance between security and flexibility: There are emergency cases where the default access control policy must be circumvented in order to save patients' life - and cases where management of access control rights needs to be delegated to some trusted parties. Therefore, e-Health access control systems must be robust and flexible at the same time. Conventional general-purpose access control schemes like role-based access control (RBAC) and its derivatives emphasize mainly on the robustness of the access control mechanism, and treat flexibility issues like emergency access overrides and delegation management as addenda. However, in order to comply with the care first principle of the healthcare domain, an ideal e-Health access control system should consider such flexibility issues from the ground up. Recognizing these special requirements mandated by the very nature of the healthcare profession, in this paper, we propose a secure and flexible access control system for e-Health. The userrole and object-operation mappings in our proposed system lend themselves to the RBAC model, and we implemented context verification atop this layer in order for the system to make access decision responsive to emergency incidents. For managing delegation of access control rights, we developed a secure mechanism for creation, transfer and verification of a delegation token, presentation of which to the access control system enables a delegatee to access a delegator's EHR. Every access request in our system is preceded by mandatory user authentication which we implemented using eTRON tamper-resistant cards. Security and performance analysis of the proposed system showed promising results for achieving the desired level of balance between security and flexibility required for an e-Health access control system.