SGAC: A patient-centered access control method

Nghi Huynh; Marc Frappier; Herman Pooda; Amel Mammar; Regine Laleau

doi:10.1109/RCIS.2016.7549286

SGAC: A patient-centered access control method

Nghi Huynh, Marc Frappier, Herman Pooda, Amel Mammar, Regine Laleau

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

This paper presents SGAC(Solution de Gestion Automatisée du Consentement, automatised consent management solution), a new healthcare access control model and its support tool, that manages patient wishes regarding access to their electronic health record (EHR). The development of this model has been achieved in the scope of a project with the Sherbrooke University Hospital, and thus has been adapted to take into account laws and regulations applicable in Québec and Canada, as they set bounds to patient wishes: under strictly defined contexts, patient consent can be overridden to protect his/her life. Moreover, since patient wishes and laws can be in conflict, SGAC provides a mechanism to address this problem. Besides, laws do not cover all cases where consent should be overridden to ensure patient safety. To this end, we define a formal model of SGAC which allows for property verification, making it possible to detect these cases. A performance comparison with XACML (WSO2/Balana) is presented and demonstrates the superior performances of SGAC.

Original language	English
Title of host publication	IEEE RCIS 2016 - IEEE 10th International Conference on Research Challenges in Information Science
Editors	Jolita Ralyte, Sergio Espana, Carine Souveyet
Publisher	IEEE Computer Society
ISBN (Electronic)	9781479987092
DOIs	https://doi.org/10.1109/RCIS.2016.7549286
Publication status	Published - 23 Aug 2016
Externally published	Yes
Event	10th IEEE International Conference on Research Challenges in Information Science, IEEE RCIS 2016 - Grenoble, France Duration: 1 May 2016 → 3 May 2016

Publication series

Name	Proceedings - International Conference on Research Challenges in Information Science
Volume	2016-August
ISSN (Print)	2151-1349
ISSN (Electronic)	2151-1357

Conference

Conference	10th IEEE International Conference on Research Challenges in Information Science, IEEE RCIS 2016
Country/Territory	France
City	Grenoble
Period	1/05/16 → 3/05/16

Keywords

access control method
consent management
formal model
healthcare
verification

Access to Document

10.1109/RCIS.2016.7549286

Cite this

Huynh, N., Frappier, M., Pooda, H., Mammar, A., & Laleau, R. (2016). SGAC: A patient-centered access control method. In J. Ralyte, S. Espana, & C. Souveyet (Eds.), IEEE RCIS 2016 - IEEE 10th International Conference on Research Challenges in Information Science Article 7549286 (Proceedings - International Conference on Research Challenges in Information Science; Vol. 2016-August). IEEE Computer Society. https://doi.org/10.1109/RCIS.2016.7549286

Huynh, Nghi ; Frappier, Marc ; Pooda, Herman et al. / SGAC : A patient-centered access control method. IEEE RCIS 2016 - IEEE 10th International Conference on Research Challenges in Information Science. editor / Jolita Ralyte ; Sergio Espana ; Carine Souveyet. IEEE Computer Society, 2016. (Proceedings - International Conference on Research Challenges in Information Science).

@inproceedings{dd050d96823d404da68cc5a24131f80d,

title = "SGAC: A patient-centered access control method",

abstract = "This paper presents SGAC(Solution de Gestion Automatis{\'e}e du Consentement, automatised consent management solution), a new healthcare access control model and its support tool, that manages patient wishes regarding access to their electronic health record (EHR). The development of this model has been achieved in the scope of a project with the Sherbrooke University Hospital, and thus has been adapted to take into account laws and regulations applicable in Qu{\'e}bec and Canada, as they set bounds to patient wishes: under strictly defined contexts, patient consent can be overridden to protect his/her life. Moreover, since patient wishes and laws can be in conflict, SGAC provides a mechanism to address this problem. Besides, laws do not cover all cases where consent should be overridden to ensure patient safety. To this end, we define a formal model of SGAC which allows for property verification, making it possible to detect these cases. A performance comparison with XACML (WSO2/Balana) is presented and demonstrates the superior performances of SGAC.",

keywords = "access control method, consent management, formal model, healthcare, verification",

author = "Nghi Huynh and Marc Frappier and Herman Pooda and Amel Mammar and Regine Laleau",

note = "Publisher Copyright: {\textcopyright} 2016 IEEE.; 10th IEEE International Conference on Research Challenges in Information Science, IEEE RCIS 2016 ; Conference date: 01-05-2016 Through 03-05-2016",

year = "2016",

month = aug,

day = "23",

doi = "10.1109/RCIS.2016.7549286",

language = "English",

series = "Proceedings - International Conference on Research Challenges in Information Science",

publisher = "IEEE Computer Society",

editor = "Jolita Ralyte and Sergio Espana and Carine Souveyet",

booktitle = "IEEE RCIS 2016 - IEEE 10th International Conference on Research Challenges in Information Science",

}

Huynh, N, Frappier, M, Pooda, H, Mammar, A & Laleau, R 2016, SGAC: A patient-centered access control method. in J Ralyte, S Espana & C Souveyet (eds), IEEE RCIS 2016 - IEEE 10th International Conference on Research Challenges in Information Science., 7549286, Proceedings - International Conference on Research Challenges in Information Science, vol. 2016-August, IEEE Computer Society, 10th IEEE International Conference on Research Challenges in Information Science, IEEE RCIS 2016, Grenoble, France, 1/05/16. https://doi.org/10.1109/RCIS.2016.7549286

SGAC: A patient-centered access control method. / Huynh, Nghi; Frappier, Marc; Pooda, Herman et al.
IEEE RCIS 2016 - IEEE 10th International Conference on Research Challenges in Information Science. ed. / Jolita Ralyte; Sergio Espana; Carine Souveyet. IEEE Computer Society, 2016. 7549286 (Proceedings - International Conference on Research Challenges in Information Science; Vol. 2016-August).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - SGAC

T2 - 10th IEEE International Conference on Research Challenges in Information Science, IEEE RCIS 2016

AU - Huynh, Nghi

AU - Frappier, Marc

AU - Pooda, Herman

AU - Mammar, Amel

AU - Laleau, Regine

PY - 2016/8/23

Y1 - 2016/8/23

N2 - This paper presents SGAC(Solution de Gestion Automatisée du Consentement, automatised consent management solution), a new healthcare access control model and its support tool, that manages patient wishes regarding access to their electronic health record (EHR). The development of this model has been achieved in the scope of a project with the Sherbrooke University Hospital, and thus has been adapted to take into account laws and regulations applicable in Québec and Canada, as they set bounds to patient wishes: under strictly defined contexts, patient consent can be overridden to protect his/her life. Moreover, since patient wishes and laws can be in conflict, SGAC provides a mechanism to address this problem. Besides, laws do not cover all cases where consent should be overridden to ensure patient safety. To this end, we define a formal model of SGAC which allows for property verification, making it possible to detect these cases. A performance comparison with XACML (WSO2/Balana) is presented and demonstrates the superior performances of SGAC.

AB - This paper presents SGAC(Solution de Gestion Automatisée du Consentement, automatised consent management solution), a new healthcare access control model and its support tool, that manages patient wishes regarding access to their electronic health record (EHR). The development of this model has been achieved in the scope of a project with the Sherbrooke University Hospital, and thus has been adapted to take into account laws and regulations applicable in Québec and Canada, as they set bounds to patient wishes: under strictly defined contexts, patient consent can be overridden to protect his/her life. Moreover, since patient wishes and laws can be in conflict, SGAC provides a mechanism to address this problem. Besides, laws do not cover all cases where consent should be overridden to ensure patient safety. To this end, we define a formal model of SGAC which allows for property verification, making it possible to detect these cases. A performance comparison with XACML (WSO2/Balana) is presented and demonstrates the superior performances of SGAC.

KW - access control method

KW - consent management

KW - formal model

KW - healthcare

KW - verification

U2 - 10.1109/RCIS.2016.7549286

DO - 10.1109/RCIS.2016.7549286

M3 - Conference contribution

AN - SCOPUS:84987623221

T3 - Proceedings - International Conference on Research Challenges in Information Science

BT - IEEE RCIS 2016 - IEEE 10th International Conference on Research Challenges in Information Science

A2 - Ralyte, Jolita

A2 - Espana, Sergio

A2 - Souveyet, Carine

PB - IEEE Computer Society

Y2 - 1 May 2016 through 3 May 2016

ER -

Huynh N, Frappier M, Pooda H, Mammar A, Laleau R. SGAC: A patient-centered access control method. In Ralyte J, Espana S, Souveyet C, editors, IEEE RCIS 2016 - IEEE 10th International Conference on Research Challenges in Information Science. IEEE Computer Society. 2016. 7549286. (Proceedings - International Conference on Research Challenges in Information Science). doi: 10.1109/RCIS.2016.7549286

SGAC: A patient-centered access control method

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this