Activity-oriented access control to ubiquitous hospital information and services

Xuan Hung Le, Sungyoung Lee, Young Koo Lee, Heejo Lee, Murad Khalid, Ravi Sankar

Research output: Contribution to journalArticle

30 Citations (Scopus)

Abstract

In hospital information systems, protecting the confidentiality of health information, whilst at the same time allowing authorized physicians to access it conveniently, is a crucial requirement. The need to deliver health information at the point-of-care is a primary factor to increase healthcare quality and cost efficiency. However, current systems require considerable coordination effort of hospital professionals to locate relevant documents to support a specific activity. This paper presents a flexible and dynamic access control model, Activity-Oriented Access Control (AOAC), which is based on user activity to authorize access permissions. A user is allowed to perform an activity if he/she holds a number of satisfactory attributes (i.e. roles, assignments, etc.) under a specified condition (e.g. time, location). Results of AOAC implementation in a realistic healthcare scenario have shown to meet two important requirements: protecting confidentiality of health information by denying an unauthorized access, and allowing physicians to conveniently browse medical data at the point-of-care. Furthermore, the average execution time was 0.078 s which allows AOAC to work in real-time.

Original languageEnglish
Pages (from-to)2979-2990
Number of pages12
JournalInformation Sciences
Volume180
Issue number16
DOIs
Publication statusPublished - 2010 Aug 15

    Fingerprint

Keywords

  • Access control
  • Human activity
  • Security
  • Ubiquitous hospital information system and services

ASJC Scopus subject areas

  • Artificial Intelligence
  • Software
  • Control and Systems Engineering
  • Theoretical Computer Science
  • Computer Science Applications
  • Information Systems and Management

Cite this