Authors:
Steven Demurjian
1
;
Thomas Agresta
2
;
Eugene Sanzi
1
and
John DeStefano
3
Affiliations:
1
Department of Computer Science & Engineering, University of Connecticut, 371 Fairfield Way, Storrs, Connecticut, U.S.A.
;
2
Department of Family Medicine, University of Connecticut Health Center, 263 Farmington Avenue, Farmington, Connecticut, U.S.A.
;
3
SMC Partners, LLC, 10 Columbus Boulevard,, Hartford, Connecticut, U.S.A.
Keyword(s):
Healthcare, Multi-level Security, Lattice based Access Control, FHIR, Sensitivity Level.
Abstract:
A major challenge in the healthcare industry is the selective availability, at a fine-grained level of detail, of a patient’s data to the various clinicians, nurses, specialists, home health aides, family members, etc. where the decision of who can see which information at which times is controlled by a patient. The information includes: contact and demographics, current conditions, medications, test results, past medical history, history of substance abuse and treatment, mental health information, sexual health information, records relating to domestic violence, reproductive health records, and genetic information. To control sensitivity, multi-level security (MLS) using lattice-based access control (LBAC) can be used to extend the traditional linear sensitivity levels of mandatory access control with the ability to define a complex lattice of sensitivity categorizations suitable for the wide variety of the aforementioned information types. This paper applies and extends our prior w
ork on multi-level security for healthcare using LBAC by exploring alternative approaches to integrate this approach into the Fast Healthcare Interoperability Resources (FHIR) standard at the specification level of the standard.
(More)