Towards an Access Control Model for Collaborative Healthcare Systems

Mohamed Abomhara, Geir M. Køien


In this study, an access control model for collaborative healthcare systems is proposed. Collaboration requirements, patient data confidentiality and the need for flexible access for healthcare providers through the actual work they must fulfill as part of their duties are carefully addressed. The main goal is to provide an access control model that strikes a balance between collaboration and safeguarding sensitive patient information.


  1. Alhaqbani, B. and Fidge, C. (2008). Access control requirements for processing electronic health records. In Business Process Management Workshops, pages 371-382. Springer.
  2. Alotaiby, F. T. and Chen, J. X. (2004). A model for teambased access control (tmac 2004). In Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004. International Conference on, volume 1, pages 450-454. IEEE.
  3. Alshehri, S., Mishra, S., and Raj, R. (2013). Insider threat mitigation and access control in healthcare systems.
  4. Alshehri, S. and Raj, R. K. (2013). Secure access control for health information sharing systems. In Healthcare Informatics (ICHI), 2013 IEEE International Conference on, pages 277-286. IEEE.
  5. Aqib, M. and Shaikh, R. A. (2014). Analysis and comparison of access control policies validation mechanisms. International Journal of Computer Network and Information Security (IJCNIS), 7(1):54.
  6. Córdoba, J.-R. and Piki, A. (2012). Facilitating project management education through groups as systems. International Journal of Project Management, 30(1):83-93.
  7. Fabian, B., Ermakova, T., and Junghanns, P. (2015). Collaborative and secure sharing of healthcare data in multiclouds. Information Systems, 48:132-150.
  8. Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., and Chandramouli, R. (2001). Proposed nist standard for role-based access control. ACM Transactions on Information and System Security (TISSEC), 4(3):224- 274.
  9. Ferreira, A., Ricardo, C.-C., Antunes, L., and Chadwick, D. (2007). Access control: how can it improve patients healthcare? Medical and Care Compunetics 4, 4:65.
  10. Gajanayake, R., Iannella, R., and Sahama, T. (2014). Privacy oriented access control for electronic health records. electronic Journal of Health Informatics, 8(2):15.
  11. Georgiadis, C. K., Mavridis, I., Pangalos, G., and Thomas, R. K. (2001). Flexible team-based access control using contexts. In Proceedings of the sixth ACM symposium on Access control models and technologies, pages 21-27. ACM.
  12. Hu, V. C., Ferraiolo, D., and Kuhn, D. R. (2006). Assessment of access control systems. US Department of Commerce, National Institute of Standards and Technology.
  13. Hu, V. C., Ferraiolo, D., Kuhn, R., Schnitzer, A., Sandlin, K., Miller, R., and Scarfone, K. (2014). Guide to attribute based access control (abac) definition and considerations. NIST Special Publication, 800:162.
  14. Hwang, J., Xie, T., Hu, V., and Altunay, M. (2010). Acpt: A tool for modeling and verifying access control policies. In Policies for Distributed Systems and Networks (POLICY), 2010 IEEE International Symposium on, pages 40-43. IEEE.
  15. Kayem, A. V., Akl, S. G., and Martin, P. (2010). Adaptive cryptographic access control, volume 48. Springer Science & Business Media.
  16. Koufi, V. and Vassilacopoulos, G. (2008). Context-aware access control for pervasive access to process-based healthcare systems. Studies in health technology and informatics, 136:679.
  17. Le, X. H., Doll, T., Barbosu, M., Luque, A., and Wang, D. (2012). An enhancement of the role-based access control model to facilitate information access management in context of team collaboration and workflow. Journal of biomedical informatics, 45(6):1084-1107.
  18. Majumder, A., Namasudra, S., and Nath, S. (2014). Taxonomy and classification of access control models for cloud environments. In Continued Rise of the Cloud, pages 23-53. Springer.
  19. Moonian, O., Cheerkoot-Jalim, S., Nagowah, S. D., Khedo, K. K., Doomun, R., and Cadersaib, Z. (2008). Hcrbac-an access control system for collaborative context-aware healthcare services in mauritius. Journal of Health Informatics in Developing Countries, 2(2).
  20. Motta, G. H. and Furuie, S. S. (2003). A contextual rolebased access control authorization model for electronic patient record. Information Technology in Biomedicine, IEEE Transactions on, 7(3):202-207.
  21. Oh, S. and Park, S. (2003). Task-role-based access control model. Information systems, 28(6):533-562.
  22. Probst, C. W., Hunker, J., Gollmann, D., and Bishop, M. (2010). Insider Threats in Cyber Security, volume 49. Springer Science & Business Media.
  23. Rozier, K. Y. (2011). Linear temporal logic symbolic model checking. Computer Science Review, 5(2):163-203.
  24. Rubio-Medrano, C. E., D'Souza, C., and Ahn, G.-J. (2013). Supporting secure collaborations with attribute-based access control. In Collaborative Computing: Networking, Applications and Worksharing (Collaboratecom), 2013 9th International Conference Conference on, pages 525-530. IEEE.
  25. Russello, G., Dong, C., and Dulay, N. (2008). A workflowbased access control framework for e-health applications. In AINAW 2008-Workshops. 22nd International Conference on, pages 111-120. IEEE.
  26. Samarati, P. and Di Vimercati, S. D. C. (2001). Access control: Policies, models, and mechanisms. Lecture notes in computer science, pages 137-196.
  27. Shaikh, R. A., Adi, K., Logrippo, L., and Mankovski, S. (2010). Inconsistency detection method for access control policies. In Information Assurance and Security (IAS), 2010 Sixth International Conference on, pages 204-209. IEEE.
  28. Shen, H. and Dewan, P. (1992). Access control for collaborative environments. In Proceedings of the 1992 ACM conference on Computer-supported cooperative work, pages 51-58. ACM.
  29. Thomas, R. K. (1997). Team-based access control (tmac): a primitive for applying role-based access controls in collaborative environments. In Proceedings of the second ACM workshop on Role-based access control, pages 13-19. ACM.
  30. Tolone, W., Ahn, G.-J., Pai, T., and Hong, S.-P. (2005). Access control in collaborative systems. ACM Computing Surveys (CSUR), 37(1):29-41.
  31. Ubale Swapnaja, A., Modani Dattatray, G., and Apte Sulabha, S. (2014). Analysis of dac mac rbac access control based models for security. International Journal of Computer Applications, 104(5).
  32. Verma, S., Kumar, S., and Singh, M. (2012). Comparative analysis of role base and attribute base access control model in semantic web. International Journal of Computer Applications, 46(18).
  33. Wang, W. (1999). Team-and-role-based organizational context and access control for cooperative hypermedia environments. In Proceedings of the tenth ACM Conference on Hypertext and hypermedia: returning to our diverse roots: returning to our diverse roots, pages 37-46. ACM.
  34. Wen, Z., Zhou, B., and Wu, D. (2009). Three-layers rolebased access control framework in large financial web systems. In Computational Intelligence and Software Engineering, 2009. CiSE 2009. International Conference on, pages 1-4. IEEE.
  35. Zhang, R. and Liu, L. (2010). Security models and requirements for healthcare application clouds. In Cloud Computing (CLOUD), 2010 IEEE 3rd International Conference on, pages 268-275. IEEE.

Paper Citation

in Harvard Style

Abomhara M. and Køien G. (2016). Towards an Access Control Model for Collaborative Healthcare Systems . In Proceedings of the 9th International Joint Conference on Biomedical Engineering Systems and Technologies - Volume 5: HEALTHINF, (BIOSTEC 2016) ISBN 978-989-758-170-0, pages 213-222. DOI: 10.5220/0005659102130222

in Bibtex Style

author={Mohamed Abomhara and Geir M. Køien},
title={Towards an Access Control Model for Collaborative Healthcare Systems},
booktitle={Proceedings of the 9th International Joint Conference on Biomedical Engineering Systems and Technologies - Volume 5: HEALTHINF, (BIOSTEC 2016)},

in EndNote Style

JO - Proceedings of the 9th International Joint Conference on Biomedical Engineering Systems and Technologies - Volume 5: HEALTHINF, (BIOSTEC 2016)
TI - Towards an Access Control Model for Collaborative Healthcare Systems
SN - 978-989-758-170-0
AU - Abomhara M.
AU - Køien G.
PY - 2016
SP - 213
EP - 222
DO - 10.5220/0005659102130222