A view-based access control model for EHR systems

Electronic Health Record (EHR) systems have the aim to collect clinical documents about patients, which typically contain very sensitive information. In order to manage who can do what on such clinical documents in the system, it is necessary to use a security mechanism. The Access Control (AC) goal is to guarantee the confidentiality and integrity of the data, and to allow the definition of security policies which reflect the need for privacy. In this paper, we define an innovative access control model that allows, on one hand, to meet the main requirements for EHR systems, and on the other hand to permit patients to define in detailed and clear manner the privacy policies on their clinical documents. The main innovation of this work is the principle of least privilege philosophy usage in the information content of the clinical documents. This feature allows to define an access control model that increases the patients' trust in the EHR system.