1 / 26

Exploring Security Techniques for Integrated Access of HIT Systems

Exploring Security Techniques for Integrated Access of HIT Systems. Mohammed Baihan Computer Science & Engineering Department The University of Connecticut Mohammed.baihan@uconn.edu Spring 2014. Overview. Background Access Control Models Limitations w.r.t. HIT systems

holli
Télécharger la présentation

Exploring Security Techniques for Integrated Access of HIT Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Exploring Security Techniques for Integrated Access of HIT Systems Mohammed Baihan Computer Science & Engineering Department The University of Connecticut Mohammed.baihan@uconn.edu Spring 2014

  2. Overview • Background • Access Control Models • Limitations w.r.t. HIT systems • Access Control for HIT systems • MG-RBAC • Towards Dynamic Access Control • A Dynamic, Context-Aware Security Infrastructure • Conclusion • Future work

  3. Why Security in Healthcare • Verizon report 2014 • Data theft and loss • Insider misuse • Unintentional human error • Hackers target Boston Children’s Hospital • HIPAA data breaches increased from 2009 to 2012

  4. Access Control Models (DAC) Discretionary Access Control • provides the resource’s owner with the discretion to control access to resources • For example, UNIX operating system implements files permission model to assign resources access rights • A user may restrict access to a file by assigning [rwxr-xr-x] to that file, for example.

  5. Access Control Models (RBAC) Role-based Access Control • in RBAC-based system there are roles • Each role is associated with access rights for each resource • Each user has a role • To change user access rights, remove the current role from the user and assign him another role.

  6. Access Control Models (RBAC) Role-based Access Control

  7. Access Control Models (XML-based AC) Extensible Access Control Markup Language (XACML) • XACML is an access control language that enables designers to specify policies to secure XML documents • These polices can be used to control access to resources in one system or across multiple connected systems. • Users and resources have attributes and values. • XACML uses two components: the policy enforcement point or PEP and the policy decision point or PDP

  8. Access Control Models (XML-based AC) Extensible Access Control Markup Language (XACML) • PEP creates an access request based on the user’s attributes and requested resource • PDP processes this request by querying it against applicable policy and system state using the policy access point or PAP • PAP returns (permit, deny, indeterminate, or not applicable) to PEP • PEP allows or rejects the user’s access request

  9. Access Control Models (XML-based AC) Extensible Access Control Markup Language (XACML) XACML architecture

  10. Limitations w.r.t. HIT systems The healthcare industry requires • Flexible, on-demand authentication • users are authenticated according to their task-specific situations • Extensible context-aware access control • enables administrators to specify more precise and fine-grain authorization polices for any application • Dynamic authorization enforcement • makes authorization decisions based upon runtime parameters rather than simply the role of the user • Emergency, or exceptions, access • if the normal access control mechanism won’t grant a user legitimate access, use exception mechanism to gain access to required information

  11. MG-RBAC • MG-RBAC: • an enhanced access control mode combining RBAC with the use of Medical Guidelines • Medical guidelines contain temporal and contextual information that may be used to make more informed, dynamic access control decisions

  12. Medical Guideline example • treatment of GDM, diabetes in pregnant women (blood sugar level is 140-200 mg/dl): • Glucose monitoring: patient verifies that glucose level < 140 mg/dl (1-hour post meals), < 100 mg/dl (fasting and pre-prandial). • Nutrition: solve it with diet. Regular follow-ups (every 1-4 weeks) different for each patient. • Insulin therapy: initiated if blood sugar is consistently high and diet modification has failed

  13. Medical Guideline example • First: guideline is selected based on diagnosis (blood sugar measurement of 140-200 mg/dl) as following:

  14. Medical Guideline example • One possibility is periodic consultations, then physician should be assigned a role to access patient data only at each visit as following:

  15. Medical Guideline example • Another possibility is an event that triggers access needs, then physician should be assigned a role to access patient data only at that time as following:

  16. MG-RBAC model • Based on the this example, an MG-RBAC model can be created as following:

  17. MG-RBAC model • The Guideline Monitor receives triggered events and track time for next periodic event. • Then, the Access Control Monitor will be requested to activate roles. • Then, Access Control Monitor alerts users for their roles.

  18. Dynamic Access Control • Workflow knowledge: • Medical guidelines • work plans and observed behavior • audit data • all contain information about workflow in healthcare

  19. Medical Guidelines • The Guideline Monitor receives triggered events and track time for next periodic event. • Then, the Access Control Monitor will be requested to activate roles. • Then, Access Control Monitor alerts users for their roles.

  20. Observational data Information needs in pre-rounds meeting

  21. Observational data • Clinicians were observed at work in the pre-rounds meeting and ward rounds • The observed information are: • who were present • the subject of discussion (patient) • information sources (written/electronic and oral) • type of information used

  22. Observational data • Patient NN is new to doctor • nurse fills in some background info. • Several information sources are used: • paper-based (the patient list and the patient chart) • computer-based information systems (the electronic patient record (EPR) and the radiology imaging system (IDS)) • observations may be used to uncover information needs in specific situations with a specific diagnosis and link these to roles

  23. Usage patterns from audit logs • audit logs have traces of user actions: • the user's role at the time • what information was accessed • for which patient and what actions were performed • From these audit logs it is possible to create generalized usage patterns per role

  24. Usage patterns from audit logs • this information can be used for access control as: • Examine the reasons for using exception access • Most frequent reasons are candidates for inclusion in the access control rule set

  25. Usage patterns from audit logs • Look for common usage patterns that describe workflows inwards. Examples are: • Temporal patterns: • If action X occurs – then action Y occurs within Z time. • Responsibility patterns • If action X is performed by Role A – then action Y is performed by role B. • Location patterns • If action X is performed at ward 1 – then action Y is performed at ward 2. • Situation patterns • Role X is in situation S in a guideline, and requires specific information.

  26. Future work • exploring MG-RBAC further by creating a more detailed model and developing a proof-of-concept implementation. • optimistic access control, based on analysis and learning from practice as intended and as enacted, is a first step towards both effective relevance ranking and optimal access control

More Related