Situation-Based Access Control: Privacy Management Via Modeling of Patient Data Access Scenarios
Overview
Authors
Affiliations
Access control is a central problem in privacy management. A common practice in controlling access to sensitive data, such as electronic health records (EHRs), is Role-Based Access Control (RBAC). RBAC is limited as it does not account for the circumstances under which access to sensitive data is requested. Following a qualitative study that elicited access scenarios, we used Object-Process Methodology to structure the scenarios and conceive a Situation-Based Access Control (SitBAC) model. SitBAC is a conceptual model, which defines scenarios where patient's data access is permitted or denied. The main concept underlying this model is the Situation Schema, which is a pattern consisting of the entities Data-Requestor, Patient, EHR, Access Task, Legal-Authorization, and Response, along with their properties and relations. The various data access scenarios are expressed via Situation Instances. While we focus on the medical domain, the model is generic and can be adapted to other domains.
Nowrozy R, Ahmed K, Wang H PLoS One. 2025; 20(1):e0310553.
PMID: 39761253 PMC: 11703090. DOI: 10.1371/journal.pone.0310553.
Diabetes Technology Meeting 2021.
Xu N, Nguyen K, DuBord A, Pickup J, Sherr J, Teymourian H J Diabetes Sci Technol. 2022; 16(4):1016-1056.
PMID: 35499170 PMC: 9264449. DOI: 10.1177/19322968221090279.
Moura P, Fazendeiro P, Inacio P, Vieira-Marques P, Ferreira A J Healthc Eng. 2020; 2020:5601068.
PMID: 32015795 PMC: 6988678. DOI: 10.1155/2020/5601068.
Securing Personal Health Record System in Cloud Using User Usage Based Encryption.
Suresh D, Florence M J Med Syst. 2019; 43(6):171.
PMID: 31065802 DOI: 10.1007/s10916-019-1301-x.
Access control and privilege management in electronic health record: a systematic literature review.
Jayabalan M, ODaniel T J Med Syst. 2016; 40(12):261.
PMID: 27722981 DOI: 10.1007/s10916-016-0589-z.