Abstract
This study presents a systematic literature review of access control for electronic health record systems to protect patient’s privacy. Articles from 2006 to 2016 were extracted from the ACM Digital Library, IEEE Xplore Digital Library, Science Direct, MEDLINE, and MetaPress using broad eligibility criteria, and chosen for inclusion based on analysis of ISO22600. Cryptographic standards and methods were left outside the scope of this review. Three broad classes of models are being actively investigated and developed: access control for electronic health records, access control for interoperability, and access control for risk analysis. Traditional role-based access control models are extended with spatial, temporal, probabilistic, dynamic, and semantic aspects to capture contextual information and provide granular access control. Maintenance of audit trails and facilities for overriding normal roles to allow full access in emergency cases are common features. Access privilege frameworks utilizing ontology-based knowledge representation for defining the rules have attracted considerable interest, due to the higher level of abstraction that makes it possible to model domain knowledge and validate access requests efficiently.
Similar content being viewed by others
References
NHP Admin, Categories for Adoption of Standards | National Health Portal of India. In: NHP CC DC. http://hi.nhp.gov.in/categories-for-adoption-of-standards_mtl. Accessed 19 Aug 2016, 2015.
Ahamed, S. I., Talukder, N., and Haque, M. M., Privacy challenges in context-sensitive access control for pervasive computing environment. 2007 Fourth Annual Int Conf Mob Ubiquitous Syst Netw Serv 1–6. doi: 10.1109/MOBIQ.2007.4451065, 2007.
Al-Muhtadi, J., Hill, R., and Al-Rwais, S., Access control using threshold cryptography for ubiquitous computing environments. J. King Saud Univ. Comput. Inf. Sci. 23:71–78, 2011. doi:10.1016/j.jksuci.2011.05.003.
Alshehri, S., and Raj, R. K., Secure access control for health information sharing systems. In: 2013 I.E. Int. Conf. Healthc. Informatics. pp 277–286, 2013.
Alshugran, T, and Dichter, J., Toward a privacy preserving HIPAA-compliant access control model for web services. In: IEEE Int. Conf. Electro/Information Technol. pp 163–167, 2014.
Amato, F., De Pietro, G., Esposito, M., and Mazzocca, N., An integrated framework for securing semi-structured health records. Knowl.-Based Syst. 79:99–117, 2015. doi:10.1016/j.knosys.2015.02.004.
Anwar, M., Joshi, J., and Tan, J., Anytime, anywhere access to secure, privacy-aware healthcare services: issues: approaches & challenges. Heal Policy Technol, 2015. doi:10.1016/j.hlpt.2015.08.007.
Ardagna, C. A., De Capitani di Vimercati, S., Foresti, S., et al., Access control for smarter healthcare using policy spaces. Comput. Secur. 29:848–858, 2010. doi:10.1016/j.cose.2010.07.001.
Azkia, H., Cuppens-Boulahia, N., Cuppens, F., et al., Deployment of a posteriori access control using IHE ATNA. Int. J. Inf. Secur. 14:471–483, 2014. doi:10.1007/s10207-014-0265-6.
Bhartiya, S., Mehrotra, D., and Girdhar, A., Proposing hierarchy-similarity based access control framework: a multilevel electronic health record data sharing approach for interoperable environment. J. King Saud Univ. Comput. Inf. Sci. 2015. doi:10.1016/j.jksuci.2015.08.005.
Bhatti, R., Moidu, K., and Ghafoor, A., Policy-based security management for federated healthcare databases (or RHIOs). In: Proc. Int. Work. Healthc. Inf. Knowl. Manag. - HIKM ’06. p 41, 2006.
Boonyarattaphan, A., Bai, Y., Chung, S., and Poovendran, R. Spatial-temporal access control for E-health services. In: 2010 I.E. Fifth Int. Conf. Networking, Archit. Storage. pp 269–276, 2010.
BS EN ISO 22600-1:2014, BS EN ISO 22600-1:2014: health informatics. Privilege management and access control. Overview and policy management. Br. Stand. Institute, 2014.
Burnett, C, Chen, L, Edwards, P, and Norman, T. J., TRAAC : trust and risk aware access control. In: Twelfth Annu. Conf. Privacy, Secur. Trust. pp 371–378, 2014.
Chen, K., Chang, Y.-C., and Wang, D.-W., Aspect-oriented design and implementation of adaptable access control for electronic medical records. Int. J. Med. Inform. 79:181–203, 2010. doi:10.1016/j.ijmedinf.2009.12.007.
Chi, H, Jones, E. L., and Zhao, L. Implementation of a security access control model for inter-organizational healthcare information systems. In: Proc. 3rd IEEE Asia-Pacific Serv. Comput. Conf. APSCC 2008. pp 692–696, 2008.
Choi, S., Gutierrez, C., Lim, H.-S., et al., Secure and resilient proximity-based access control. Proc 2013 Int Work Data Manag Anal Healthc - DARE ’13 15–20. doi: 10.1145/2512410.2512425.
Collen, M. F., and Greenes, R. A., Medical informatics: past and future. In: Morris, F., and Collen, M. J. B. (Eds.), Hist. Med. informatics United States, part IV. Springer, London, pp. 725–748, 2015.
Dillema, F. W., and Lupetti, S. Rendezvous-based access control for medical records in the pre-hospital environment. In: Proc. 1st ACM SIGMOBILE Int. Work. Syst. Netw. Support Healthc. Assist. living Environ. - Heal. ’07. p 1, 2007.
Eikey, E. V., Murphy, A. R., Reddy, M. C., and Xu, H., Designing for privacy management in hospitals: Understanding the gap between user activities and IT staff’s understandings. Int. J. Med. Inform. 84:1065–1075, 2015. doi:10.1016/j.ijmedinf.2015.09.006.
El-Aziz, A. A. A., and Kannan, A. Access control for healthcare data using extended XACML-SRBAC model. In: 2012 Int. Conf. Comput. Commun. Informatics. pp 1–4, 2012.
Ferraiolo, D. F., Kuhn, D. R., and Chandramouli, R., Role-based access control. ACM Trans. Inf. Syst. Secur. 4:224–274, 2001. doi:10.1016/S1361-3723(02)01211-3.
Ferreira, A., Chadwick, D., and Farinha, P., et al., How to securely break into RBAC: the BTG-RBAC model. In: 2009 Annu. Comput. Secur. Appl. Conf. pp 23–31, 2009.
Ferreira, A., Correia, R., Brito, M., and Antunes, L., Usable access control policy and model for healthcare. In: 2011 24th Int. Symp. Comput. Med. Syst. pp 1–6, 2011.
Ferreira, A., Cruz-Correia, R., Antunes, L., et al., How to break access control in a controlled manner. In: Proc. - IEEE Symp. Comput. Med. Syst. pp 847–851, 2006.
Georgakakis, E., Nikolidakis S. A., Vergados D. D., and Douligeris, C., Spatio temporal emergency role based access control (STEM-RBAC): a time and location aware role based access control model with a break the glass mechanism. In: IEEE Symp. Comput. Commun. IEEE, Kerkyra, pp 764–770, 2011.
Henzi, D., International delegates meeting report. http://www.standards.org.au/StandardsDevelopment/accreditation/Documents/SDAC-011_International_Delegates_Meeting_Report_for_Accredited_SDOs.pdf. Accessed 20 Aug 2016, 2015.
Hu, V. C., Ferraiolo, D., Kuhn, R., et al., Guide to attribute based access control (abac) definition and considerations. NIST Spec. Publ. 800:162, 2014. doi:10.6028/NIST.SP.800-162.
ISO - Technical committees - ISO_TC 215 - Health informatics. http://www.iso.org/iso/iso_technical_committee?commid=54960. Accessed 20 Aug 2016.
ITI Planning Committee, IHE information technology infrastructure. http://ihe.net/uploadedFiles/Documents/ITI/IHE_ITI_WP_HITStdsforHIMPratices_Rev1.1_2015-09-18.pdf. Accessed 20 Aug 2016, 2015.
Kapsalis, V., Hadellis, L., Karelis, D., and Koubias, S., A dynamic context-aware access control architecture for e-services. Comput. Secur. 25:507–521, 2006. doi:10.1016/j.cose.2006.05.004.
Kayes, A. S. M., Han, J., and Colman, A., PO-SAAC : a purpose-oriented situation-aware access control framework for software services. Adv. Inf. Syst. Eng. Springer. Int. Publ. 58–74, 2014.
Khan, A., and McKillop, I. Privacy-centric access control for distributed heterogeneous medical information systems. In: 2013 I.E. Int. Conf. Healthc. Informatics. pp 297–306, 2013.
Khan, M. F. F, and Sakamura, K., Context-awareness: exploring the imperative shared context of security and ubiquitous computing. Proc 14th Int Conf Inf Integr Web-based Appl Serv 101–110. doi: 10.1145/2428736.2428755, 2012.
Khan, M. F. F., and Sakamura, K., Fine-grained access control to medical records in digital healthcare enterprises. In: 2015 Int. Symp. Networks, Comput. Commun. pp 1–6, 2015.
Kuang, T., and Ibrahim, H., Security privacy access control for policy integration and conflict reconciliation in health care organizations collaborations. In: Proc. 11th Int. Conf. Inf. Integr. Web-based Appl. Serv. pp 750–754, 2009.
Le, X. H., Lee, S., Lee, Y.-K., et al., Activity-oriented access control to ubiquitous hospital information and services. Inf. Sci. 180:2979–2990, 2010. doi:10.1016/j.ins.2010.04.020.
Li, J., Bai, Y., and Zaman, N., A fuzzy modeling approach for risk-based access control in eHealth cloud. In: Proc. - 12th IEEE Int. Conf. Trust. Secur. Priv. Comput. Commun. Trust. 2013. pp 17–23, 2013.
Li, Z., Chu, C.-H. H., and Yao, W., A semantic authorization model for pervasive healthcare. J. Netw. Comput. Appl. 38:76–87, 2014. doi:10.1016/j.jnca.2013.06.006.
Li, F., Zou, X., Liu, P., and Chen, J. Y., New threats to health data privacy. BMC Bioinf. 12:S7, 2011. doi:10.1186/1471-2105-12-S12-S7.
Liberati, A., Altman, D. G., Tetzlaff, J., et al., Annals of internal medicine academia and clinic the PRISMA statement for reporting systematic reviews and meta-analyses of studies that evaluate health care interventions. Ann. Intern. Med. 151:W65–W94, 2009. doi:10.1371/journal.pmed.1000100.
Lin, D., Rao, P., Bertino, E., et al., EXAM: a comprehensive environment for the analysis of access control policies. Int. J. Inf. Secur. 9:253–273, 2010. doi:10.1007/s10207-010-0106-1.
Mallare, I. J. G., and Pancho-Festin, S., Combining task- and role-based access control with multi-constraints for a medical workflow system. In: 2013 Int. Conf. IT Converg. Secur. ICITCS 2013. pp 0–3, 2013.
Oulmakhzoune, S., Cuppens-Boulahia, N., Cuppens, F., et al., Privacy query rewriting algorithm instrumented by a privacy-aware access control model. Ann. Telecommun. 69:3–19, 2014. doi:10.1007/s12243-013-0365-8.
Peleg, M., Beimel, D., Dori, D., and Denekamp, Y., Situation-based access control: privacy management via modeling of patient data access scenarios. J. Biomed. Inform. 41:1028–1040, 2008. doi:10.1016/j.jbi.2008.03.014.
Rashid, A., Kim, I. K., and Khan, O. A., Providing authorization interoperability using rule based HL7 RBAC for CDR (Clinical Data Repository) framework. In: Proc. 2015 12th Int. Bhurban Conf. Appl. Sci. Technol. IBCAST 2015. pp 343–348, 2015.
Record C on I the P, Medicine I of, The computer-based patient record: an essential technology for health care, revised edition. National Academies Press, 1997.
Røstad, L., and Nytro, O., Personalized access control for a personally controlled health record. In: Sci. Technol. pp 9–15, 2008.
Samarati, P., and Di Vimercati, S. D. C., Access control: policies, models, and mechanisms. In: Found. Secur. Anal. Des. pp 137–196, 2001.
Santos-Pereira, C., Augusto, A. B., Cruz-Correia, R., and Correia, M. E., A secure RBAC mobile agent model for healthcare institutions-preliminary study. Inf. Technol. Biomed. Informatics 8060:108–111, 2013. doi:10.1007/978-3-642-40093-3.
Saripalle, R. K., De la Rosa Algarin, A., and Ziminski, T. B., Towards knowledge level privacy and security using RDF / RDFS and RBAC. In: 2015 I.E. 9th Int. Conf. Semant. Comput. (IEEE ICSC 20 IS). pp 264–267, 2015.
Sicuranza, M., and Ciampi, M., A semantic access control for easy management of the privacy for EHR systems. In: Int. Conf. P2P, Parallel, Grid, Cloud Internet Comput. pp 400–405, 2014.
Sicuranza, M., Esposito, A., and Ciampi, M., An access control model to minimize the data exchange in the information retrieval. J. Ambient. Intell. Humaniz. Comput. 6:741–752, 2015. doi:10.1007/s12652-015-0275-x.
Son, J., Kim, J.-D., Na, H.-S., and Baik, D.-K., Dynamic access control model for privacy preserving personalized healthcare in cloud environment. Technol. Health Care 24:S123–S129, 2016. doi:10.3233/THC-151059.
Sujansky, W. V., Faus, S. A., Stone, E., and Brennan, P. F., A method to implement fine-grained access control for personal health records through standard relational database queries. J. Biomed. Inform. 43:S46–S50, 2010. doi:10.1016/j.jbi.2010.08.001.
Sun, L., and Wang, H. A purpose based usage access control model. In: Int. J. Comput. Inf. Eng. pp 44–51, 2010.
Sun, L., Wang, H., Yong, J., and Wu, G., Semantic access control for cloud computing based on e-Healthcare. In: Proc. 2012 I.E. 16th Int. Conf. Comput. Support. Coop. Work Des. CSCWD 2012. pp 512–518, 2012.
Tejero, A., and De La Torre, I., Advances and current state of the security and privacy in electronic health records: survey from a social perspective. J. Med. Syst. 36:3019–3027, 2012. doi:10.1007/s10916-011-9779-x.
Thuy, P. T. T., Lee, Y. K., and Lee, S., S-trans: semantic transformation of XML healthcare data into OWL ontology. Knowl.-Based Syst. 35:349–356, 2012. doi:10.1016/j.knosys.2012.04.009.
Vieira-Marques, P. M., Patriarca-Almeida, J. H., Frade, S., et al., OpenEHR aware multi agent system for inter- institutional health data integration. In: Inf. Syst. Technol. (CISTI), 2014 9th Iber. Conf. pp 683–688, 2014.
Wang, Q., and Jin, H., Quantified risk-adaptive access control for patient privacy protection in health information systems. Proc 6th ACM Symp Information, Comput Commun Secur - ASIACCS ’11 406. doi: 10.1145/1966913.1966969, 2011.
Yarmand, M. H., Sartipi, K., and Down, D. G., Behavior-based access control for distributed healthcare systems. J. Comput. Secur. 21:1–39, 2013. doi:10.3233/JCS-2012-0454.
Zheng, Y., Chiu, D. K. W., Wang, H., and Hung, P. C. K. Towards a privacy policy enforcement middleware with location intelligence. In: Elev. Int. IEEE EDOC Conf. Work. 2007. EDOC ’07. pp 97–104, 2007.
Zickau, S., Thatmann, D., Ermakova, T., and Repschl, J., Enabling location-based policies in a healthcare cloud computing environment. In: IEEE 3rd Int. Conf. Cloud Netw. Enabling. pp 333–338, 2014.
Author information
Authors and Affiliations
Corresponding author
Additional information
This article is part of the Topical Collection on Patient Facing Systems
Rights and permissions
About this article
Cite this article
Jayabalan, M., O’Daniel, T. Access control and privilege management in electronic health record: a systematic literature review. J Med Syst 40, 261 (2016). https://doi.org/10.1007/s10916-016-0589-z
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-016-0589-z