Multi-Level Security in Healthcare Using a Lattice-Based Access Control Model

Multi-Level Security in Healthcare Using a Lattice-Based Access Control Model

Steven A. Demurjian, Eugene Sanzi, Thomas P. Agresta, William A. Yasnoff
DOI: 10.4018/IJPHIM.2019010105
(Individual Articles)
No Current Special Offers


Controlling access to sensitive personal information is a primary concern in healthcare. Regardless of whether access control policies are determined by patients, healthcare professionals, institutions, legal and regulatory authorities, or some combination of these, assuring the strict enforcement of policies across all systems that store personal health information is the overriding, essential goal of any healthcare security solution. While a comprehensive healthcare security architecture may need to impose specific controls on individual data items, most access control decisions will be based on sensitivity levels automatically assigned to information classes by a “sensitivity profile,” combined with the authorization level of the user. This article proposes the use of multi-level security, defined by lattice-based sensitivity profiles, to ensure compliance with data access restrictions between systems. This security approach accommodates the complexities needed for health data access and benefits from existing, proven tools that are used for defense and national security applications.
Article Preview

1. Introduction

Ensuring that the correct individual receives only authorized information is one of the key security concerns in the health care domain. This requires that access to both personally identifiable information (PII) and personal health information (PHI) be precisely controlled. There are two dimensions that are relevant for securely accessing health care data. For the first dimension, access control must be realized in all of the health information technology (HIT) systems that are available to the various stakeholders (medical professionals, administrative staff, patients, family members, etc.). HIT systems include: electronic health records (EHRs), practice management systems (PMS), and personal health records (PHRs); the majority but not all of these systems must adhere to the Health Insurance Portability and Accountability Act (HIPAA) (HIPAA, 2017) for the security, availability, transmission, and release of a patient's medical information. For the second dimension, patient-controlled access to data is a desirable and increasingly important aspect of making information accessible, and may allow patients to define who (among the aforementioned stakeholders) can have access to what information at which times to view/modify medical/health/fitness data. While both privacy and security are of paramount concern for both these dimensions, our focus is on ensuring that the security is robust enough to operationalize a wide variety of potential privacy policies including HIPAA and patient control. Caine and Hanania (Caine & Hanania, 2013) studied the type and granularity of medical/health/fitness data for which patients wanted to control access. An earlier effort (Sujansky et al., 2010) emphasized fine grained access control by role to allow a patient to define that, for example: a family member can view a subset of my medication list, a person’s personal physician may view/modify medical/health/fitness data, and an emergency physician can see all of an individual’s medical/health data in an emergent situation, etc. Previously, Peleg et al (Peleg et al., 2008) described a method to establish privileges and access control from the perspective of the patient – called situation-based access control. More recently, it has been proposed (Kendall & Quill, 2017) that every American have a lifetime electronic health record that has complete information and is available from any location.

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 8: 1 Issue (2020)
Volume 7: 2 Issues (2019)
Volume 6: 2 Issues (2018)
Volume 5: 2 Issues (2017)
Volume 4: 2 Issues (2016)
Volume 3: 2 Issues (2015)
Volume 2: 2 Issues (2014)
Volume 1: 2 Issues (2013)
View Complete Journal Contents Listing