An Extended Consent-Based Access Control Framework: Pre-Commit Validation and Emergency Access

TL;DR

This paper introduces an extended consent-based access control framework that enforces semantic correctness at consent creation, uses pre-commit validation to reduce runtime conflicts, and incorporates emergency access controls based on real-time physiological data.

Contribution

It presents a novel pre-commit validation workflow with conflict analysis and formal invariants, enhancing existing CBAC systems with proactive conflict detection and controlled emergency access mechanisms.

Findings

Pre-commit conflict resolution reduces access latency.

Framework outperforms standard XACML in scalability.

Emergency access effectively limits data exposure.

Abstract

Consent-Based Access Control (CBAC) is a foundational mechanism for enforcing patient autonomy in modern healthcare information systems. Many CBAC frameworks are built on the eXtensible Access Control Markup Language (XACML) and inherit its \emph{lazy evaluation} model, in which policy interactions are resolved only at request time. This design allows contradictory consent directives to accumulate within the repository, creating a semantic gap between patient intent and system behavior while burdening high-frequency runtime decisions with complex conflict resolution. This paper presents an extended CBAC framework that enforces semantic correctness at consent creation time rather than during access evaluation. The framework introduces a pre-commit validation workflow centered on a Consent Conflict Analysis Module (CCAM), which proactively detects modality conflicts and redundancies before directives become active. In addition, immutable system invariants are formalized to guarantee baseline access for record authors and patients, preserving clinical continuity and professional accountability. Finally, the framework incorporates a context-aware emergency mediation mechanism that enables controlled \emph{break-the-glass} access driven by real-time physiological evidence, with disclosure strictly bounded by an Emergency Disclosure Control Function (EDCF). Simulation-based evaluation using controlled synthetic workloads demonstrates that pre-commit conflict resolution yields low and stable runtime decision latency and consistently outperforms standard XACML-based baselines as policy repositories scale. Emergency access experiments further demonstrate strong restrictions on data access, pruning the majority of non-relevant record elements while preserving clinically essential information.