GPT, Ontology, and CAABAC: A Tripartite Personalized Access Control Model Anchored by Compliance, Context and Attribute

Overview

Journal PLoS One

Specialties General Medicine
Science

Date 2025 Jan 6

PMID 39761253

Authors

Raza Nowrozy

Khandakar Ahmed

Hua Wang

Affiliations

Soon will be listed here.

Abstract

As digital healthcare evolves, the security of electronic health records (EHR) becomes increasingly crucial. This study presents the GPT-Onto-CAABAC framework, integrating Generative Pretrained Transformer (GPT), medical-legal ontologies and Context-Aware Attribute-Based Access Control (CAABAC) to enhance EHR access security. Unlike traditional models, GPT-Onto-CAABAC dynamically interprets policies and adapts to changing healthcare and legal environments, offering customized access control solutions. Through empirical evaluation, this framework is shown to be effective in improving EHR security by accurately aligning access decisions with complex regulatory and situational requirements. The findings suggest its broader applicability in sectors where access control must meet stringent compliance and adaptability standards.

References

Frontoni E, Romeo L, Bernardini M, Moccia S, Migliorelli L, Paolanti M . A Decision Support System for Diabetes Chronic Care Models Based on General Practitioner Engagement and EHR Data Sharing. IEEE J Transl Eng Health Med. 2020; 8:3000112. PMC: 7605604. DOI: 10.1109/JTEHM.2020.3031107. View

Coorevits P, Sundgren M, Klein G, Bahr A, Claerhout B, Daniel C . Electronic health records: new opportunities for clinical research. J Intern Med. 2013; 274(6):547-60. DOI: 10.1111/joim.12119. View

Lee D, Yoon S . Application of Artificial Intelligence-Based Technologies in the Healthcare Industry: Opportunities and Challenges. Int J Environ Res Public Health. 2021; 18(1). PMC: 7795119. DOI: 10.3390/ijerph18010271. View

Munasinghe U, Halgamuge M . Supply chain traceability and counterfeit detection of COVID-19 vaccines using novel blockchain-based system. Expert Syst Appl. 2023; 228:120293. PMC: 10168198. DOI: 10.1016/j.eswa.2023.120293. View

Rezaeibagha F, Mu Y . Distributed clinical data sharing via dynamic access-control policy transformation. Int J Med Inform. 2016; 89:25-31. DOI: 10.1016/j.ijmedinf.2016.02.002. View

Ge Y, Yu W, Cao J, Wang H, Zhan Z, Zhang Y . Distributed Memetic Algorithm for Outsourced Database Fragmentation. IEEE Trans Cybern. 2020; 51(10):4808-4821. DOI: 10.1109/TCYB.2020.3027962. View

Erickson S, Rockwern B, Koltov M, McLean R . Putting Patients First by Reducing Administrative Tasks in Health Care: A Position Paper of the American College of Physicians. Ann Intern Med. 2017; 166(9):659-661. DOI: 10.7326/M16-2697. View

Carter A, Abruzzo L, Hirschhorn J, Jones D, Jordan D, Nassiri M . Electronic Health Records and Genomics: Perspectives from the Association for Molecular Pathology Electronic Health Record (EHR) Interoperability for Clinical Genomics Data Working Group. J Mol Diagn. 2021; 24(1):1-17. DOI: 10.1016/j.jmoldx.2021.09.009. View

Fernandez-Aleman J, Senor I, Lozoya P, Toval A . Security and privacy in electronic health records: a systematic literature review. J Biomed Inform. 2013; 46(3):541-62. DOI: 10.1016/j.jbi.2012.12.003. View

10.

Brandao C, Rego G, Duarte I, Nunes R . Social responsibility: a new paradigm of hospital governance?. Health Care Anal. 2012; 21(4):390-402. PMC: 3825491. DOI: 10.1007/s10728-012-0206-3. View

11.

Ruotsalainen P, Blobel B . Health Information Systems in the Digital Health Ecosystem-Problems and Solutions for Ethics, Trust and Privacy. Int J Environ Res Public Health. 2020; 17(9). PMC: 7246854. DOI: 10.3390/ijerph17093006. View

12.

Baumann L, Baker J, Elshaug A . The impact of electronic health record systems on clinical documentation times: A systematic review. Health Policy. 2018; 122(8):827-836. DOI: 10.1016/j.healthpol.2018.05.014. View

13.

Weiskopf N, Weng C . Methods and dimensions of electronic health record data quality assessment: enabling reuse for clinical research. J Am Med Inform Assoc. 2012; 20(1):144-51. PMC: 3555312. DOI: 10.1136/amiajnl-2011-000681. View

14.

Kalkhajeh S, Aghajari A, Dindamal B, Shahvali-Kuhshuri Z, Faraji-Khiavi F . The Integrated Electronic Health System in Iranian health centers: benefits and challenges. BMC Prim Care. 2023; 24(1):53. PMC: 9938354. DOI: 10.1186/s12875-023-02011-x. View

15.

Kruse C, Frederick B, Jacobson T, Monticone D . Cybersecurity in healthcare: A systematic review of modern threats and trends. Technol Health Care. 2016; 25(1):1-10. DOI: 10.3233/THC-161263. View

16.

Mesko B, Topol E . The imperative for regulatory oversight of large language models (or generative AI) in healthcare. NPJ Digit Med. 2023; 6(1):120. PMC: 10326069. DOI: 10.1038/s41746-023-00873-0. View

17.

Gabler G, Lycett D, Gall W . Integrating a New Dietetic Care Process in a Health Information System: A System and Process Analysis and Assessment. Int J Environ Res Public Health. 2022; 19(5). PMC: 8909013. DOI: 10.3390/ijerph19052491. View

18.

Tapuria A, Porat T, Kalra D, Dsouza G, Xiaohui S, Curcin V . Impact of patient access to their electronic health record: systematic review. Inform Health Soc Care. 2021; 46(2):192-204. DOI: 10.1080/17538157.2021.1879810. View

19.

Felzmann H, Fosch-Villaronga E, Lutz C, Tamo-Larrieux A . Towards Transparency by Design for Artificial Intelligence. Sci Eng Ethics. 2020; 26(6):3333-3361. PMC: 7755865. DOI: 10.1007/s11948-020-00276-4. View

20.

Rezaeibagha F, Win K, Susilo W . A systematic literature review on security and privacy of electronic health record systems: technical perspectives. Health Inf Manag. 2015; 44(3):23-38. DOI: 10.1177/183335831504400304. View