Dynamic Profile Based Access Control in Health Care Systems

The growing concerns for patient privacy, maintaining recordkeeping integrity and ensuring confidentiality have all significantly increased in health care. There is more attention than ever before given to health care systems that store very sensitive personal information for millions of individuals. As it is, information security professionals in the health care industry must carefully balance the fine line that exists between providing medical staff the critical access to health records they need to care for patients while at the same time protecting against malicious acts or unintentional misuse originating from people having inappropriate access to data. The following proposed conceptual model would provide the health care industry a solution to this problem by allowing medical professionals access to only the pertinent data needed to perform a given task without compromising patient care. Additionally, the privacy and confidentiality of patient records are greatly enhanced by this model, which in turn increases regulatory compliance and industry innovation. This proposed concept model is also a perfect blend of role-based access control and process based access control mechanisms. Numerous hours of research and testing of this proposed concept model have revealed significant promise of success by clearly limiting access of information to only authorized individuals. The enormous depth of knowledge that it takes for an IT professional to fully understand the intricacies of healthcare systems is often overlooked. However, in order to truly secure these types of systems, developers in particular need to achieve greater sophistication with the software code that operates within these systems especially when it comes to access controls. At the same time, funding for the healthcare industry is often a wavering challenge so this proposed conceptual model also seeks to leverage existing role models without the expensive overhead of a costly and extravagant third-party solution. It goes without saying that patients being admitted into a hospital are often in serious health situations and that presents a unique information security challenge because in no way should technology interfere in the welfare of an individual. Consequently, implementing access controls must not contradict with the necessary treatment from medical professionals. This proposed concept model will enable the necessary staff to see all data, but only when provided with a reason and this reason will be forwarded to the patient, making it hard to unnecessary information. Furthermore, the proposed conceptual model is smart enough to know what information is relevant and what is not