A secure data access model for the Mauritian healthcare service

摘要

The volume of the data involved in healthcare systems and the sensitivity of the data call for strict, non-obtrusive and efficient access control. This paper presents the design and implementation of a software prototype to demonstrate how Role-Based Access Control (RBAC), supported by context-awareness, can be applied in the Mauritian healthcare service for providing efficient and effective access control to patient's data. The work has consisted of studying different models of Role-Based and Context-Based access control used elsewhere and applying it to the Mauritian healthcare sector. The software prototype is based on information flow in a collaborator healthcare institution. The prototype has been implemented as a distributed system based on the client-server model, with the location of users and time of access being forms of context considered. The prototype has been successfully implemented and tested under different scenarios of data access.