GPT, Ontology, and CAABAC: A Tripartite Personalized Access Control Model Anchored by Compliance, Context and Attribute

TL;DR

The paper introduces GPT-Onto-CAABAC, a novel access control framework combining GPT, ontologies, and context-aware policies to improve electronic health record security in dynamic healthcare environments.

Contribution

It presents a new tripartite model that dynamically interprets policies and adapts to changing legal and healthcare contexts, enhancing EHR security.

Findings

Effective in aligning access decisions with complex regulations

Improves security by adapting to situational requirements

Demonstrates broader applicability in compliance-sensitive sectors

Abstract

As digital healthcare evolves, the security of electronic health records (EHR) becomes increasingly crucial. This study presents the GPT-Onto-CAABAC framework, integrating Generative Pretrained Transformer (GPT), medical-legal ontologies and Context-Aware Attribute-Based Access Control (CAABAC) to enhance EHR access security. Unlike traditional models, GPT-Onto-CAABAC dynamically interprets policies and adapts to changing healthcare and legal environments, offering customized access control solutions. Through empirical evaluation, this framework is shown to be effective in improving EHR security by accurately aligning access decisions with complex regulatory and situational requirements. The findings suggest its broader applicability in sectors where access control must meet stringent compliance and adaptability standards.