Privacy Preserving Dynamic Access Control Model with Access Delegation for eHealth

eHealth is the concept of using the stored digital data to achieve clinical, educational, and administrative goals and meet the needs of patients, experts, and medical care providers. Expansion of the utilization of information technology and in particular, the Internet of Things (IoT) in eHealth, raises various challenges, where the most important one is security and access control. In this regard, different security requirements have been defined; such as the physician’s access to the patient’s EHR (electronic health record) based on the physician’s physical location, detection of emergency conditions and dynamically granting access to the existing physician or nurse, preserving patients’ privacy based on their preferences, and delegation of duties and related permissions. In security and access control models presented in the literature, we cannot find a model satisfying all these requirements altogether. To fill this gap, in this paper, we present a privacy preserving dynamic access control model with access delegation capability in eHealth (called TbDAC). The proposed model is able to tackle the security challenges of these environments when the physicians and nurses access the patients’ EHR. The model also includes the data structures, procedures, and the mechanisms necessary for providing the access delegation capability. The proposed access control model in this paper is in fact a family of models named TbDAC for access control in eHealth considering the usual hospital procedures. In the core model (called TbDAC0), two primitive concepts including team and role are employed for access control in hospitals. In this model, a set of permission-types is assigned to each role and a medical team (including a set of hospital staff with their roles) is assigned to each patient. In fact the role of a person in a team determines his/her permissions on the health information of the patient. Since patients’ vital information is collected from some IoT sensors, a dynamic access control using a set of dynamic and context-aware access rules is considered in this model. Detecting emergency conditions and providing proper permissions for the nearest physicians and nurses (using location information) is a key feature in this model. Since health information is one of the most sensitive individuals’ personal information, the core model has been enhanced to be a privacy preserving access control model (named TbDAC1). To this aim, the purpose of information usage and the privacy preferences of the patients are considered in the access control enforcement procedure. Delegation of duties is a necessity in medical care. Thus, we added access delegation capability to the core model and proposed the third member of the model family, which is named TbDAC2. The complete model that considers all security requirements of these environments including emergency conditions, privacy, and delegation is the last member of this family, named TbDAC3. In each one of the presented models, the therapeutic process carried out in the hospitals, the relational model, and the entities used in the model are precisely and formally defined. Furthermore in each model, the access control process and the dynamic access rules for different situations are defined. Evaluation of the proposed model is carried out using three approaches; comparing the model with the models proposed in related research, assessing the real-world scenarios in a case study, and designing and implementing a prototype of an access control system based on the proposed model for mobile Android devices. The evaluations show the considerable capabilities of the model in satisfying the security requirements in comparison to the existing models which proposed in related research and also its applicability in practice for different simple and complicated access scenarios.