Citation: Communication Papers of the 2017 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 13, pages 199–205 (2017)
Abstract. The secure management of access to patient information in medical and hospital environments is a relevant and widely debated problem. Although the electronic patient record is envisaged in the current legislation, it is still a promise to the Brazilian health reality. The aim of this work is to define a continuous access control model for patient's medical information, which considers contextual information and that can be implemented in large scale environments, such as computational clouds. A bibliographic study was conducted related to the computational area of access control, electronic and paper medical records, and on the current health legislation in Brazil. Subsequently, a qualitative research was conducted in the BHUs of the city of Londrina - Paran\'a (Brazil). The results presented a great lack of computerization, the use of paper charts, and the need for a computer model of access control that considers the aspects of a real medical-hospital environment. From the results obtained in this research, it was possible to elaborate a computational model of access control to the patient's electronic medical record for health information systems using the UCONabc access control model and the XACML architecture. A prototype of the proposed model was implemented. The experiments conducted and their results demonstrated the proposal's feasibility.
- G. D. Abowd, A. K. Dey, P. J. Brown, N. Davies, M. Smith, and P. Steggles, “Towards a better understanding of context and context-awareness,” in Proceedings of the 1st International Symposium on Handheld and Ubiquitous Computing, ser. HUC ’99. London, UK, UK: Springer-Verlag, 1999, pp. 304–307. [Online]. Available: http://dl.acm.org/citation.cfm?id=647985.743843
- J. a. Filho, M. Figueiredo, D. Santos, D. A. Pizzol, L. C. D. Medeiros, A. Fernanda, F. Bezerra, G. Henrique, and M. Bezerra, “Infraestrutura de segurança para comunicação , autenticação e autorização transparentes em hospitais federados (in Portuguese),” Journal of Health Informatics, vol. 3, no. 2, pp. 58–63, 2011.
- R. Zhang and L. Liu, “Security models and requirements for healthcare application clouds,” Proceedings - 2010 IEEE 3rd International Conference on Cloud Computing, CLOUD 2010, pp. 268–275, 2010.
- J. Park and R. Sandhu, “The UCON ABC Usage Control Model,” ACM Trans. Inf. Syst. Secur., vol. 7, no. 1, pp. 128–174, Feb. 2004. [Online]. Available: http://doi.acm.org/10.1145/984334.984339
- A. Dey, G. Abowd, and D. Salber, “A Conceptual Framework and a Toolkit for Supporting the Rapid Prototyping of Context-Aware Applications,” Human-Computer Interaction, vol. 16, no. 2, pp. 97–166, 2001.
- D. Ferraiolo, R. Chandramouli, R. Kuhn, and V. Hu, “Extensible access control markup language (xacml) and next generation access control (ngac),” in Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control, ser. ABAC ’16. New York, NY, USA: ACM, 2016, pp. 13–24. [Online]. Available: http://doi.acm.org/10.1145/2875491.2875496
- G. F. Anastasi, E. Carlini, M. Coppola, P. Dazzi, A. Lazouski, F. Martinelli, G. Mancini, and P. Mori, “Usage Control in Cloud Federations,” 2014 IEEE International Conference on Cloud Engineering, pp. 141–146, Mar. 2014. [Online]. Available: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6903467
- A. Almutairi and F. Siewe, “Ca-ucon: A context-aware usage control model,” in Proceedings of the 5th ACM International Workshop on Context-Awareness for Self-Managing Systems, ser. CASEMANS ’11. New York, NY, USA: ACM, 2011, pp. 38–43. [Online]. Available: http://doi.acm.org/10.1145/2036146.2036153