A contextual authorization model for access control of electronic patient record in open distributed environments. / Um modelo de autorização contextual para o controle de acesso ao prontuário eletrônico do paciente em ambientes abertos e distribuídos.

AUTOR(ES)

Gustavo Henrique Matos Bezerra Motta

DATA DE PUBLICAÇÃO

2004

RESUMO

The recent advances in computing and communication technologies allowed ready access to the electronic patient record (EPR) information. High availability of clinical information raises concerns about patients privacy and data confidentiality of their data. The legal regulation mandates the confidentiality of EPR contents. Everyone has to be authorized by the patients to access their EPR, except when this access is necessary to provide care on their behalf. This work proposes MACA, a contextual authorization model for the role-based access control (RBAC) that considers the ac-cess restrictions requirements for the EPR in open and distributed environments. RBAC regulates user’s access to EPR based on organizational functions (roles). Con-textual authorizations use environmental information available at access time, like user/patient relationship, in order to decide whether a user is allowed to access an EPR resource. This gives flexibility and expressive power to MACA, allowing one to establish access policies for the EPR and administrative policies for the RBAC that considers the environmental and cultural diversity of healthcare organizations. MACA also allows EPR components to use RBAC transparently, making it more user friendly when compared with other RBAC models. The implementation of MACA architecture uses the LDAP (Lightweight Directory Access Protocol) directory server, the Java programming language and the standards CORBA Security Service and Re-source Access Decision Facility. Thus, heterogeneous EPR components can request user authentication and access authorization services in a unified and coherent way across multiple platforms. MACA implementation complies with free software pol-icy. It is based on software components without licensing costs and it offers good performance for the estimated access demand. Finally, the daily use of MACA to control the access of about 2000 users to the EPR at InCor-HC.FMUSP shows the feasibility of the model, of its implementation and the effectiveness of its practical application on real cases.

ASSUNTO(S)

contextual authorization autorização contextual role-based access control (rbac) arquiteturas abertas e distribuídas security segurança contexts controle de acesso baseado em papéis (cabp) open and distributed architectures prontuário eletrônico do paciente (pep) contexto electronic patient record (epr)

Documentos Relacionados

• Controle de acesso para sistemas distribuídos.
• A utilização da arquitetura CORBA na construção de ambientes virtuais distribuídos.
• Web oriented electronic patient file
• Prontuário eletrônico do paciente: algumas pegadas em direção ao futuro
• GridMultiPolicy: gerenciamento e efetivação de múltiplas políticas de controle de acesso em ambientes de grades computacionais.