ACCESS CONTROL IN DISTRIBUTED HEALTHCARE INFORMATION: THE KEY FEATURES

Abstract

Information and communication technologies (ICTs) today provide ubiquitous possibilities to share electronic patient’s data across several healthcare organizations and hospital departments. Data security is therefore a strong requirement to ensure compliance with confidentiality and privacy rule of medical records. However, access control mechanism in Nigeria’s health information systems do not sufficiently guarantee managed access, data and resource protection. To conquer the problems existing in the current access control mechanism available to University of Abuja Teaching Hospital (UATH), Nigeria, a new access control mechanism called multi-device TBPM-RBAC (MD-TBPM-RBAC) is proposed in this paper. According to the demand for unified users’ management in the network management system (NMS), MD-TBPM-RBAC uses Role-Based Access Control (RBAC) for the center, and expands the TBPM-RBAC. In MD-RBPM-RBAC, the users, resources and permissions are stored in the remote server, when a user lands, the device will communicate with the server to authenticate and authorize. As the MD-TBPM-RBAC implements the users' unified authentication and authorization, the user’s management is centralized, it protects the resources effectively, and prevents the important resources from illegal access. In essence, the access control mechanisms and authorization structures of information systems must be able to realize the Need-To-Access principle. This paper introduces the design principles and critically evaluates the concept.