Managing Access to Electronic Health Records in a Cloud Computing Environment
Access control methods are relevant in securing EHR from unauthorised users and access. It is therefore important that proper access control mechanisms are put in place in order to safeguard the privacy and confidentiality of health records.
This paper provides a review of the benefits and limitations of individual access control mechanisms. It also indicate the challenges and advantages associated with the use of the individual access control methods vis-a-vis combined access control methods for accessing electronic health records (EHR) in a cloud computing environment.
This review concludes that the use of one access control is not sufficient to fully secure EHR in a cloud computing environment. A combined access control methods has the potential to offer strong security to EHR in the cloud setting. Maximising the benefits of the various access controls is essential for enhancing the security of EHR in a cloud computing environment.
Anastasakis, K., Bordbar, B., Georg, G., Ray, I., & Toahchoodee, M. (2009). Ensuring Spatio-Technical Access Control for Real-World Application. Proceedings of the 14th ACM Symposium on Access Control Models and Technologies.
Barkley, J. K., Ferraiolo, D. F., & Kuhn, D. R. (1999, February). A Role-based Access Control Model and Reference Implementation within a Corporate Intranet. ACM Trans. on Information and System Security .
Bell, D., & Lapula, L. (1973). Secure computer systems: Mathematical foundations and model. The Mitre Corporation.
Cruz, I. F., Gjomemo, R., Lin, B., & Orsini, M. (2009). A Contraint and Attribute-based Security Framework for Dynamic Role Assignment in Collaborative Environment. Collaborative Computing; Networking, Applications and Worksharing , 322-339.
Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, R., & Chandramouli, R. (2001). Proposed NIST Standard for Role-based Access Control . ACM Trans. on Infor. and Sys. Sec.
Ferraiolo, D., Kuhn, D., & Chandramouli, R. (2003). Role-based Access Control. Artech House, Computer Security Series.
Gollman, D. (1999). Computer Security. (1st, Ed.) John Wiley & Sons.
Goyal, V., Pandey, O., Sahai, A., & Waters, B. (2006). Attribute-based Encryption for Fine-grained Access Control of Encrypted Data. Proceedings of the 13th ACM Conference on Computer and Communication Security, (pp. 89-98).
Karp, A., Haury, H., & Davis, M. (2009). From ABAC to ZBAC: The Evolution of Access Control Models. tech. reportHPL, HP Labs.
Kayem, V. D. (2011). Adaptive Cryptographic Access Control. (S. S. Media, Ed.) Advances in Information Security.
Khan, A. R. (2012). Access in Cloud Computing Environment. APRN Journal of Engineering and Applied Sciences , 7 (5).
Knitz, M. (2005). HIPPA Compliance and Electronic Medical Records: are both possible? Graduate Research, Bowie State University, Maryland.
Lehtinen, R., Russell, D., & Gangemi Sr., G. (2006). Computer Security Basics. (2nd, Ed.) O Reilly Publications.
Maghanathan, N. (2013). Review of Access Control Models for Cloud Computing. Computer Science & Information Science , 3 (1), 77-85.
Margaret, R. (2014, Jan). Search Security. Retrieved Jan 19, 2015, from Mandatory Access Control: http://searchsecurity.techtarget.com/definition/mandatory-access-control-MAC
Miller, R., & Sim, I. (2004). Physicians use of Electronic Medical Records: Barriers and Solutions. Health Aff (Millwood) , 23 (2), 116-126.
Odom-Wesley, B., Brown, D., & Meyers, C. L. (2009). Documentation for Medical Records. Chicago American Health Information Management Association , 21.
Pfleeger, C. P. (1997). Security in Computing (Second Edition ed.). Prentice-Hall PTR.
Pimlott, A., & Kiselyov, O. (2006). A Logic Based Trust Management System. Proceeding of 8th International Symposium on Functional and Logic Programming (pp. 130-144). Japan: Springer.
Rognehaugh, R. (1999). The Health Information Technology Dictionary. Gaithersburg, MD, Aspen.
Sandhu, R., Bhamidipati, V., & Munawer, Q. (1999). The ARBAC97 Model for Role-based Administration of Roles . ACM Trans. on Info. and Sys. Sec.
Services, U. D. (2011, July 7). University of California settles HIPAA Privacy and Security Case involving UCLA Health System facilities. Retrieved August 10, 2012, from www.hhs.gov/news/press/2011pres/07/20110707a.html
Sprague, L. (2004, September). Electronic Health Records: How close? How far to go? NHPF Issue Brief , 1-17.
Standards, O. f. (2005). Extensible access control markup language (XACML). 2.
Thion, R. (2008). Access Control Models . (F. University of Lyon, Ed.) IGI Global.
University, Carnegie Mellon;. (2003). Overview Incident and Vulnerability Trends. Carnegie Mellon University, CERT Coordination Center.
Wang, L., Wijesekera, D., & Jajodia, S. (2004). A Logic-based Framework for Attribute-based Access Control. Proceedings of the 2004 ACM Workshop on Formal Methods of Security Engineering, (pp. 45-55).
Warren, S. D., & Brandeis, L. D. (1890). The Right to Privacy. Harvard Law Rev , 193 (4).
Yuan, E., & Tong, J. (2005). Attribute-based Access Control for Web Services. Proceedings of the IEEE International Conference on Web Services, (pp. 561-569).
Zurko, M. E., & Simon, R. (1997). Separation of duty in Role-based Environment. Proceedings of the 10th IEEE Computer Security Foundations Workshop, (pp. 183-194).
Copyright (c) 2015 Journal of Information Sciences and Computing Technologies
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
TRANSFER OF COPYRIGHT
JISCT is pleased to undertake the publication of your contribution to Journal of Information Sciences and Computing Technologies
The copyright to this article is transferred to JISCT(including without limitation, the right to publish the work in whole or in part in any and all forms of media, now or hereafter known) effective if and when the article is accepted for publication thus granting JISCT all rights for the work so that both parties may be protected from the consequences of unauthorized use.