Information Technology Reference
In-Depth Information
situations such as when the patient is unconscious
due to an accident, or incapable of generating
reliable decisions as in the case of heart attacks
or epileptic seizures.
This issue is extensively addressed in the field
of context-aware privacy preservation and access
control. The main aim behind this research field
is to achieve the right tradeoff between the patient
privacy and safety under different circumstances
and in all possible patients' health situations.
Context-aware privacy-preserving systems sup-
port a policy-based mechanism that assesses the
patient's vital signals and other contextual infor-
mation related to her environment to take access
control decisions that satisfy the patient's privacy
and safety requirements. For example, when the
patient is in a normal healthy situation the access
control policy specifies that only authorized medi-
cal personnel is allowed to observe and update the
patient's medical data. On the other hand, when
the patient is in a critical and acute health condi-
tion and incapable of authenticating data access
requests, the policy system must prioritize the
patient's safety by allowing first aiders to retrieve
all the required medical data without any delay.
In this section we describe the general architec-
ture of a context-aware access control system as
presented in (Garcia-Morchon & Wehrle, 2010).
This system bases the access control decisions on
three main properties:
and authorization to sensitive data re-
quests. A typical normal situation access
control policy would only allow authorized
medical staff access to private patient data.
The authorization should be directly pro-
vided by the patient.
•
Emergency situation:
in this state the pa-
tient suffers from abnormal health condi-
tions which do not affect her consciousness
or ability to take access control decisions.
A typical emergency situation access con-
trol policy would modify the access rights
of the medical personnel to handle the
complications of the patient's health status.
For instance a nurse who does not have ac-
cess to the patient data in the normal situ-
ation would be granted access to the same
data if the patient's body temperature goes
beyond 40
o
C.
•
Critical situation:
this state represents a
serious complication in the health state of
the patient which affects her well-being
and jeopardizes her life. The patient is
unconscious in this state and incapable of
taking any authorization decisions. A typi-
cal critical situation access control policy
would remove any form of access restric-
tions on medical personnel access requests.
In this situation, the system grants first aid-
ers full and prompt access to any needed
medical data. This granularity in access
control decision supports the required bal-
ance between privacy and safety by con-
trolling the release of sensitive data based
on the acuteness of the patient's situation
and degree of perception. This is illustrated
in Figure 7.
1. The acuteness of the patient's health
situation.
2. The access control rules defined in special-
ized access control policies.
3. The access control roles of the medical
personnel requesting the data access.
The acuteness of the patient's health situation
can be in one of the following three states:
The general architecture of the access control
system is composed of two main layers:
•
Normal situation:
in this state the patient
exhibits normal and healthy body opera-
tion. She is capable of providing consent
1.
A data layer:
this layer contains the informa-
tion sources utilized by the access control
Search WWH ::
Custom Search