A Security-Aware Access Model for Data-Driven EHR System

TL;DR

This paper introduces a security-aware access control model for data-driven electronic health record systems, enhancing data protection and compliance with security standards in distributed healthcare environments.

Contribution

It proposes a novel security model that rigorously controls data access and transmission in distributed healthcare systems, fulfilling NIST security requirements.

Findings

Model effectively controls permissions for sensitive data

Protects data during transmission between distributed nodes

Experimental results demonstrate high effectiveness and promise

Abstract

Digital healthcare systems are very popular lately, as they provide a variety of helpful means to monitor people's health state as well as to protect people against an unexpected health situation. These systems contain a huge amount of personal information in a form of electronic health records that are not allowed to be disclosed to unauthorized users. Hence, health data and information need to be protected against attacks and thefts. In this paper, we propose a secure distributed architecture for healthcare data storage and analysis. It uses a novel security model to rigorously control permissions of accessing sensitive data in the system, as well as to protect the transmitted data between distributed system servers and nodes. The model also satisfies the NIST security requirements. Thorough experimental results show that the model is very promising.