SpringerLink
Log in

RUBAC: Proposed Access Control for Flexible Utility–Privacy Model in Healthcare

  • Original Research
  • Published:
SN Computer Science Aims and scope Submit manuscript

Abstract

With the rapid advancement of healthcare analytics, the need of security of privacy of health data is extremely needed. Electronic health record (abbreviated as EHR) is a communication tool which supports the services such as early prediction of disease, clinical decision support system, and personalized healthcare through intelligent mechanism such as artificial intelligence, and machine and deep learning. With the advent of the ICT and availability of big data in the healthcare systems, the privacy concerns are raised. Develo** an access control model EHR is one of the solutions to preserve the privacy and confidentiality of the data. There are umpteen number of access control models such as RBAC and MAC have been invented. The said models are security focused meaning their primary focus is to provide security to health data which differs from safeguarding privacy of personal information in health records. Although tremendous amount of work has been done around access control models for preserving privacy, there a still a space for improvement in terms of effective access of data through better access control model. In addition, most of the access control models for past are static and do not consider the case wherein the privacy–utility of the EHR changes according to the requirement of healthcare organizations. This paper presents a risk- and utility-based access control (henceforth called RUBAC) model for flexible privacy–utility situation in healthcare. The proposed privacy-enabled model consists of three major entities, viz. risk and utility factors (X-axis), data access scenarios (Y-axis) and roles (Z-axis). All the entities are flexible. The model is evaluated against uses case and the 25 criteria given in [1],the model outperformed in accessing the healthcare records efficiently. The proposed model provides dynamic and flexible control through a 3-D framework, exceeding current approaches and opening the door to improved healthcare security practices.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1:
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Data availability

Since this is a conceptual model, no data and material are applicable to this research work.

References

  1. Helms E, Williams L. Evaluating access control of open source electronic health record systems. In: Proceedings of the international conference on software engineering, 2011. p. 63–70. https://doi.org/10.1145/1987993.1988006

  2. Dong N, Jonker H, Pang J. Challenges in eHealth: From enabling to enforcing privacy, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 7151 LNCS(September), 2012. p. 195–206.

  3. Anonymous. Data Leakage Events, Informationisbeautiful. 2019. https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/.

  4. Jercich K. The biggest healthcare data breaches of 2021. Healthcareitnews. 2021. https://www.healthcareitnews.com/news/biggest-healthcare-data-breaches-2021.

  5. Bose A. Top 10 data breaches that have occurred in India in 2020–21. Ipleaders. 2021. https://blog.ipleaders.in/top-10-data-breaches-that-have-occurred-in-india-in-2020-21/.

  6. ** H, Luo Y, Li P, Mathew J. A review of secure and privacy-preserving medical data sharing. IEEE Access. 2019;7:61656–69.

    Article  Google Scholar 

  7. Majeed A. Attribute-centric anonymization scheme for improving user privacy and utility of publishing e-health data. J King Saud Univ Comput In Sci. 2019;31(4):426–35.

    Google Scholar 

  8. Lin JC, Yeh KH. Security and privacy techniques in IoT environment. Sensors. 2021;21(1):2021.

    ADS  PubMed  PubMed Central  Google Scholar 

  9. de Carvalho Junior MA, Bandiera-Paiva P. Health information system role-based access control current security trends and challenges. J Healthc Eng. 2018;18:6510249.

    Google Scholar 

  10. Khalid T, et al. A survey on privacy and access control schemes in fog computing. Int J Commun Syst. 2021. https://doi.org/10.1002/dac.4181.

    Article  Google Scholar 

  11. Yang X, Lu R, Shao J, Tang X, Ghorbani AA. Achieving efficient secure deduplication with user-defined access control in cloud. IEEE Trans Depend Secure Comput. 2022;19(1):591–606.

    Article  Google Scholar 

  12. Seol K, Kim YG, Lee E, Seo YD, Baik DK. Privacy-preserving attribute-based access control model for XML-based electronic health record system. IEEE Access. 2018;6:9114–28.

    Article  Google Scholar 

  13. Elgendy R, Morad A, Elmongui HG, Khalafallah A, Abougabal MS. Role-task conditional-purpose policy model for privacy preserving data publishing. Alex Eng J. 2017;56(4):459–68.

    Article  Google Scholar 

  14. Peleg M, Beimel D, Dori D, Denekamp Y. Situation-based access control: privacy management via modeling of patient data access scenarios. J Biomed Inf. 2008;41(6):1028–40.

    Article  Google Scholar 

  15. Tembhare A, SibiChakkaravarthy S, Sangeetha D, Vaidehi V, VenkataRathnam M. Role-based policy to maintain privacy of patient health records in cloud. J Supercomput. 2019;75(9):5866–81.

    Article  Google Scholar 

  16. Wang Q, ** H, Quantified risk-adaptive access control for patient privacy protection in health information systems, Proceedings of the 6th International Symposium on Information, Computer and Communications Security, ASIACCS 2011, 2011;406–10.

  17. Kumar R, Tripathi R. Scalable and secure access control policy for healthcare system using blockchain and enhanced Bell–LaPadula model. J Ambient Intell Humaniz Comput. 2021;12(2):2321–38.

    Article  Google Scholar 

  18. Prince PB, Lovesum SPJ. Privacy enforced access control model for secured data handling in cloud-based pervasive health care system. SN Comput Sci. 2020;1(5):1–8.

    Article  Google Scholar 

  19. Sicuranza M, Esposito A. An access control model for easy management of patient privacy in EHR systems, 2013 8th International Conference for Internet Technology and Secured Transactions. ICITST. 2013;2013:463–70.

    Google Scholar 

  20. Dagher GG, Mohler J, Milojkovic M, Marella PB. Ancile: Privacy-preserving framework for access control and interoperability of electronic health records using blockchain technology. Sustain Cities Soc. 2017;2018(39):283–97.

    Google Scholar 

  21. Rezaeibagha F, Mu Y. Distributed clinical data sharing via dynamic access-control policy transformation. Int J Med Inf. 2016;89:25–31.

    Article  Google Scholar 

  22. Xu J, et al. Healthchain: a blockchain-based privacy preserving scheme for large-scale health data. IEEE Internet Things J. 2019;6(5):8770–81.

    Article  Google Scholar 

  23. Ming Y, Zhang T. Efficient privacy-preserving access control scheme in electronic health records system. Sensors (Switzerland). 2018;18(10):3520.

    Article  ADS  Google Scholar 

  24. Ding W, et al. An extended framework of privacy-preserving computation with flexible access control. IEEE Trans Netw Serv Manage. 2020;17(2):918–30.

    Article  Google Scholar 

  25. Premarathne U, et al. Hybrid cryptographic access control for cloud-based EHR systems. IEEE Cloud Comput. 2016;3(4):58–64.

    Article  Google Scholar 

  26. Ding W, Yan Z, Deng RH. Privacy-preserving data processing with flexible access control. IEEE Trans Depend Secure Comput. 2020;17(2):363–76.

    Article  Google Scholar 

  27. Shi M, Jiang R, Hu X, Shang J. A privacy protection method for health care big data management based on risk access control. Health Care Manag Sci. 2020;23(3):427–42.

    Article  PubMed  Google Scholar 

  28. Babrahem AS, Monowar MM. Preserving confidentiality and privacy of the patient’s EHR using the OrBAC and AES in cloud environment*. Int J Comput Appl. 2021;43(1):50–61.

    Google Scholar 

  29. Camenisch J, Hohenberger S, Lysyanskaya A. Balancing accountability and privacy using e-cash. In: International conference on security and cryptography for networks. Berlin, Heidelberg: Springer; 2006. p. 141–55.

  30. Thwin TT, Vasupongayya S. Blockchain-based access control model to preserve privacy for personal health record systems. Secur Commun Netw. 2019;2019:1–15.

    Article  Google Scholar 

  31. Grunwell D, Gajanayake R, Sahama T. Demonstrating accountable-eHealth systems. In: 2014 IEEE international conference on communications (ICC), Sydney, NSW, Australia. 2014. p. 4258–63. https://doi.org/10.1109/ICC.2014.6883989.

  32. Mohan K, Aramudhan M. Ontology based access control model for healthcare system in cloud computing. Indian J Sci Technol. 2015;8(S9):218.

    Article  Google Scholar 

  33. Ni Q, Bertino E, Lobo J, Calo SB. Privacy-aware role-based access control. IEEE Secur Priv. 2009;7(4):35–43. https://doi.org/10.1109/MSP.2009.102.

    Article  Google Scholar 

  34. Liddell K, Simon DA, Lucassen A. Patient data ownership: who owns your health? J Law Biosci. 2021;8(2):lsa023.

    Article  Google Scholar 

  35. Levin O, Salido J, The two dimensions of data privacy measures, Brussels Privacy Symposium. 2016;7

  36. Wagner I, Eckhoff D. Technical privacy metrics: a systematic survey. ACM Comput Surv. 2018;51(3):1–45.

    Article  Google Scholar 

  37. Prasser F, Kohlmayer F, Lautenschläger R, Kuhn KA, ARX--A Comprehensive Tool for Anonymizing Biomedical Data, AMIA ... Annual Symposium proceedings/AMIA Symposium. AMIA Symposium. 2014

  38. Cormode G, Procopiuc CM, Shen E, Srivastava D, Yu T, Empirical privacy and empirical utility of anonymized data. In: 2013 IEEE 29th International Conference on Data Engineering Workshops (ICDEW). 2013;2013:77–82.

  39. Elliot M, Domingo-Ferrer J, The future of statistical disclosure control, The National Statistician’s Quality Review. 2018

  40. Prasser F, Kohlmayer F, Kuhn K. The importance of context: risk-based de-identification of biomedical data. Methods Inf Med. 2016;55:347–55.

    Article  PubMed  Google Scholar 

  41. Mai PX, Goknil A, Shar LK, Pastore F, Briand LC, Shaame S. modeling security and privacy requirements: a use case-driven approach. Inf Softw Technol. 2018;100:165–82.

    Article  Google Scholar 

  42. Ray P, Wimalasiri J, The Need for Technical Solutions for Maintaining the Privacy of HER. In: 2006 International Conference of the IEEE Engineering in Medicine and Biology Society. 2006, 2006:4686–89.

  43. More SJ, Java Privacy Guard - The OpenPGP Message Format and an Implementation in Java, Bachelor’s Thesis, Graz University of Technology Institute for Applied Information Processing and Communication. 2015

  44. Ferraiolo DF, Sandhu R, Gavrila S, Kuhn DR, Chandramouli R. Proposed NIST standard for role-based access control. ACM Trans Inf Syst Secur. 2001;4(3):224–74.

    Article  Google Scholar 

Download references

Acknowledgements

The authors have used ChatGPT and Quillbot software for rewording of the sentences in the manuscript.

Funding

There is no funding associated with this research study.

Author information

Authors and Affiliations

  1. Symbiosis International (Deemed University), Symbiosis Institute of Technology, Pune, India

    Prathamesh Churi & Ambika Pawar

Authors
  1. Prathamesh Churi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ambika Pawar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Prathamesh Churi.

Ethics declarations

Conflict of interest

The authors of this research study declare that there is no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article is part of the topical collection “Advanced Computing and Data Sciences” guest edited by Mayank Singh, Vipin Tyagi and P.K. Gupta.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Churi, P., Pawar, A. RUBAC: Proposed Access Control for Flexible Utility–Privacy Model in Healthcare. SN COMPUT. SCI. 5, 297 (2024). https://doi.org/10.1007/s42979-024-02616-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s42979-024-02616-8

Keywords

Search

Navigation