Context-Based Access for Infrequent Requests in Tanzania's Health Care System

Type Thesis or Dissertation
Title Context-Based Access for Infrequent Requests in Tanzania's Health Care System
Author(s)
Publication (Day/Month/Year) 2015
URL http://arrow.dit.ie/sciendoc/162/
Abstract
Access control is an important aspect of any information system. It is a way of ensuring that users can only access what they are authorised to and no more. This can be achieved by granting users access to resources based on pre-defined organisational and legislative rules. Although access control has been extensively studied, and as a result, a wide range of access control models, mechanisms and systems have been proposed, specific access control requirements for healthcare systems that needs to support the continuity of care in an accountable manner have not been addressed. This results in a gap between what is required by the application domain and what is actually practised, and thus access control solutions implemented for the domain become too restrictive. The continuity of care is defined as the delivery of seamless health care services to patients through integration, coordination and sharing of information between providers. This thesis, therefore, designs a context-based access control model that allows healthcare professionals to bypass access rules in an accountable manner in case of an infrequent access request involving an emergency situation. This research uses the Tanzania's healthcare system as a case study domain.
The contributions from this thesis to the body of knowledge are as follows:
1. A generic methodological approach, named COIL, for gathering comprehensive
access control requirements in the healthcare domain is developed. The proposed COIL methodology is the synthesis of four elements: contexts, privacy and security capabilities from national electronic healthcare initiatives, legislations and organisational rules. Each of the four components of the COIL approach has its own impact in relation to access to electronic health records.
2. A taxonomy for classifying access control models is also proposed in this thesis. The intent of the proposed taxonomy is to identify how existing access control models can be classified against the proposed Role and Context-Based Access Control (ROC-BAC) model.
3. To support the continuity of care in an accountable manner, a new context-based access control model is proposed. The Role and Context-Based Access Control model is developed for the healthcare domain, and it is an extension of traditional Role-Based Access Control (RBAC) model with health-related contexts and obligations.
4. With the proposed ROC-BAC model, a new concept of health-related contexts is also introduced. It represents specific contexts from the healthcare domain that should be evaluated by an access control system in order to support the continuity of care.
5. A prototype that implements Role and Context-Based Access Control model is developed. The prototype, called CEATH (Context-Enhanced Access in a Tanzania Healthcare) system, was developed so as to achieve two purposes:
1. to demonstrate that ROC-BAC model is practical and, 2. to evaluate the performance overheads introduced by new entities and relations. Through its support of context-based policies, and especially health-related contexts, it has been demonstrated in this thesis that the incorporation of health-related contexts and obligations helps healthcare professionals to bypass access rules in an accountable manner in case of unexpected emergency situation, which in turn supports the continuity of care.

Related studies

»
»
»
»