Combining Task and Role-based Access Control with Multi-constraints for a Medical workflow System

Ivy Joy Mallare

(MS Graduated: 2nd Sem 2010-2011)

Abstract

We investigate the effects of combining Task-based and Role-based access control models for a medical workflow system. Although Role-Based Access Control (RBAC) models provide a generalized approach to access control, it cannot cope with the growing complexity of modern health care systems that require dynamic authorizations. Task-based Access Control (TBAC) can help address the need for dynamic authorizations but TBAC alone cannot address healthcare access control requirements. Roles and tasks together can form a much flexible access control than roles or task alone. We studied the integration of TBAC and RBAC for a workflow system. Moreover, we applied multiple constraints on users, roles, and tasks. We created a prototype in Open MRS, an open source electronic medical records systems. Finally, we designed the evaluation of the system’s usability based on the National Institute of Standards and Technology criteria. Our evaluation shows that our design is more secured than the usual access control of other electronic medical records systems (EMR). The testers are unanimous concluding that our model is highly beneficial for the security of a medical application like an EMR.


Subject Index : Workflow, Medical System--Access Control