Toward an Interoperable and Centralized Consent Centric Access Control Model for Healthcare Resources: Model and Implementation

Although patients have the legal right in Canada and many other countries to specify how, when and by whom their medical records can be accessed, the harsh reality is that in almost all cases using existing systems and solutions, patients are unable to ensure that their expressed consent directives are respected. Almost all health information systems deployed today lack the most basic ability to express and enforce consent at a data field level, and all are stretched when consent management must span disparate systems. This is not an unrecognized problem in the consent management domain. Numerous consent model types have been proposed, along with a multitude of access control mechanisms. Unfortunately, most contemporary consent models used today are either paper-based, an online consent directive with a digital signature, a simple checkbox to either opt-in, opt-out, or employ simple browser cookies. The result is that most consent models can capture only the most basic of consent expressions. Despite there being many different approaches for expressing and managing consent, few models actually enable patients to express discrete consent directives at the resource or at the data attribute level. As a result, contemporary consent models are mainly used to meet the compliance obligations of healthcare organizations as opposed to empowering patients to manage their privacy and control access to their medical records. No architecture or system that we are aware of can adjudicate field-level consent directives in the multi-system, multi-jurisdiction, multi-provider, multi-patient environ¬ments that exist in healthcare today. The inability to effectively and efficiently capture and enforce patient consent directives leaves many data custodians vulnerable to inadvertent data release – mitigated only by the fact that many providers attempt to secure a carte-blanche consent directive from all patients to relieve themselves of the problem of needing to respect more restrictive consent directives. Advances in healthcare IT systems are adding to, rather than reducing, the complexity of protecting patient privacy which exposes an important research question: How can we empower patients to have control over their health records and be able to dictate who has access to their records, where and when? This thesis addresses this question by proposing a consent-centric architecture called consent-centric attribute-based access control (C-ABAC). C-ABAC offers a new standard for authorization. It allows expression of consent at any abstraction level – from the record to the data field level – and also guarantees that patient consent directives can be enforced at the system level, ensuring that patient data is made available only to parties entitled to access it. The C-ABAC model offers (1) a new standard for “authorization,” (2) a new profile and application of attribute-based access control, (3) support for fine-grained access control, (4) seamless interoperability, (5) automation of a complex process and (6) dynamic flexibility allowing for both rich consent expression and complex consent enforcement

A Dynamic Risk-Based Access Control Approach: Model and Implementation

Access control (AC) refers to mechanisms and policies that restrict access to resources, thus regulating access to physical or virtual resources of an information system. AC approaches are used to represent these mechanisms and policies by which users are granted access and specific access privileges to the resources or information of the system for which AC is provided. Traditional AC approaches encompass a variety of widely used approaches, including attribute-based access control (ABAC), mandatory access control (MAC), discretionary access control (DAC) and role-based access control (RBAC). Emerging AC approaches include risk adaptive access control (RAdAC), an approach that suggests that AC can adapt depending on specific situations. However, traditional and emerging AC approaches rely on static pre-defined risk mitigation tasks and do not support the adaptation of an AC risk mitigation process (RMP). There are no provided mechanisms and automated support that allow AC approaches to construct RMPs and to adapt to provide more flexible, custom-tailored responses to specific situations in order to minimize risks. Further, although existing AC approaches can operate in several knowledge domains at once, they do not explicitly take into account the relationships among risks related to different dimensions, e.g., security, productivity. In addition, although in the real world, risks accumulate over time, existing AC approaches do not appropriately provide means for risk resolution in situations in which risks accumulate as different, dangerous tasks impact risk measures. This thesis presents the definition, the implementation, and the application through two case studies of a novel AC risk-mitigation approach that combines dynamic RMP construction and risk assessment extended to include forecasting based on multiple risk-related utilities and events; provides support for a dynamic risk assessment that depends on one or multiple risk dimensions (e.g., security and productivity); offers cumulative risk assessment in which each action of interest can impact the risk-related utilities in a dynamic way; and presents an implementation of an adaptive simulation method based on risk-related utilities and events