One Way to Patient Empowerment - The Proposal of an Authorization Model

American and European Legislation for protection of medical data agree that the patient has the right to play a pivotal role in the decisions regarding the content and distribution of her/his medical records. The Role Based Access Control (RBAC) model is the most commonly used authorization model in healthcare. The first goal of this work is to review if existing models and standards provide for patients accessing their medical records and customizing access control rules, the second goal is to define and propose an authorization model based on RBAC to be used and customized by the patient. A literature review was performed and encompassed 22 articles and standards from which 12 were included for analysis. Results show that existing standards define guidelines for these issues but they are too generic to be directly applied to real healthcare settings. The proposed authorization model combines characteristics of RBAC, ISO/TS 13606-4, temporal constraints and break the glass. With this model we hope to start bridging the gap between legislation and what really happens in practice in terms of patients controlling and being actively involved in their healthcare. Future work includes the implementation and evaluation of the proposed model in a healthcare setting.