Professional Documents
Culture Documents
Abstract—Preserving privacy of the electronic health records In order to preserve privacy of the medical records, several
of the patients has been a fundamental issue in the healthcare techniques can be utilized. Generally, as depicted in Figure 1,
domain. Several techniques have been employed to maintain privacy can be maintained by employing anonymization,
privacy of the sensitive information such as controlling access to cryptography or policy methods [9]. Anonymization techniques
the medical records. While acting as a first line of defense against involve utilizing statistical measures to hide the identity of the
illegitimate access, traditional access control schemes fall short of patient among other patients before the data is exposed to the
defending against misbehavior of the already authenticated and data requestors and is generally used for releasing large
authorized users; a risk that can harbor devastating quantities of medical data for analytical purposes [10, 11].
consequences upon potential data release or leak. Several
Cryptography techniques work by utilizing security measures
approaches can be implemented to overcome this risk such as
establishing the notion of trustworthiness of the system users,
such as encryption mechanisms to protect the sensitive records
which makes the access control scheme more dynamic and [12, 13]. Finally, policy methods preserves the patient’s
adaptable. In effect, as opposed to rigidly denying an access privacy by employing rules and constraints for authenticating
request, an access control model becomes more tolerable towards and authorizing access to the private data [14, 15].
risky access requests by employing risk mitigation strategies. Consequently, preserving privacy of a particular patient, who is
This paper introduces a novel risk mitigation strategy, for the currently undergoing a medical diagnosis or procedure, cannot
healthcare domain, through which the risk associated with an be realized through means of anonymization methods because
access request is evaluated against the privacy preferences of the identity is lost among multiple datasets. Therefore, the viable
patient undergoing the medical procedure. The proposed solution, in such scenario, requires utilizing cryptography or
strategy, which is HIPAA compliant, decides the set of data policy methods, or even a combination of the two [9].
objects that can be safely exposed to the healthcare service
provider such that unnecessarily repeated tests and procedures
can be avoided and the privacy preferences of the patient are
preserved.
(2)
B. Risk Mitigation Techniques: In the above formula, represent the degree of
Risk mitigation in access control models are obligations belief, disbelief and uncertainty of entity w with regards to
that are usually required to be performed in order to lower the trusting system resource i to u. Furthermore, represents
potential impact of a risky access request [27, 28]. Risk can be the a priori or base knowledge of entity w regarding u when no
mitigated by several means such as utilizing anonymization previous history is currently available; a typical situation when
techniques [40, 41] for protection against potential new users come into the system.
vulnerabilities, increasing security measures of the system by
increasing the length of encryption keys or imposing a set of In order to allow for dynamicity, the trust levels need to be
rules and required actions. Such Obligations, of which all are updated according to the perceived behavioral evidence. To
supervised by the system, need to be satisfied by the user update the trust values, two parameters are introduced: and
before or after access is granted [29]. Figure 2 illustrates risk . The former parameter calculates the number of positive
mitigation approaches that can be employed. actions, while the later calculates the negative ones. Based on
these parameters, the ultimate trust level of an entity
requesting access can be updated using the following
equations: