DEVELOPMENT OF ACCESS CONTROL MODEL TO PRIVATE MEDICAL INFORMATION
Modern medicine has grown to an insurmountable level over the past decades. Today, this sector of human life is a high-tech industry, where all areas that can save lives of previously hopeless patients are successfully developing. The technical equipment of health care facilities has been substantia...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
National Aerospace University «Kharkiv Aviation Institute»
2018-10-01
|
| Series: | Радіоелектронні і комп'ютерні системи |
| Subjects: | |
| Online Access: | http://nti.khai.edu/ojs/index.php/reks/article/view/48 |
| _version_ | 1827841746721046528 |
|---|---|
| author | Андрій Сергійович Андрійчук Анастасія Андріївна Стрєлкіна |
| author_facet | Андрій Сергійович Андрійчук Анастасія Андріївна Стрєлкіна |
| author_sort | Андрій Сергійович Андрійчук |
| collection | DOAJ |
| description | Modern medicine has grown to an insurmountable level over the past decades. Today, this sector of human life is a high-tech industry, where all areas that can save lives of previously hopeless patients are successfully developing. The technical equipment of health care facilities has been substantially improved, it has become possible to diagnose diseases at an early stage and to quickly restore the working capacity of patients. Nevertheless, with all the advantages and capabilities of modern technology in this area, there are many problems. One of the most significant is the provision of privacy of medical information, which should be considered from both sides, both technical and regulatory. Ensuring the confidentiality of data in medical systems depends on the correct and timely organization of managing access to medical information. The US Health Insurance Portability and Accountability Act (HIPAA) is the most widespread and comprehensive regulatory document for the security of medical data. Regarding the Ukrainian normative documents, they realize the rights of the patient to receive information about their state of health, and medical systems do not have a certificate on the compliance of a comprehensive system of protection of information in accordance with the requirements of normative documents on the technical protection of information. In this article, the authors are considering designing an access control model that solves the problem of providing information security for medical systems and is based on access control based on roles with minimal constraints. The model to be developed should determine the actions and resources that are available to the user, as well as provide individual access to resources. The authors examined the existing models of access control, identified the advantages and disadvantages that formed the basis of their own model. The paper describes the creation of a role-based security policy that defines the information flows permitted by the system, based on the international regulatory document HIPAA. With the help of the developed model, it is possible to execute its storage in different ways and in any case, it is very easy to convert into a relational database |
| first_indexed | 2024-03-12T07:56:59Z |
| format | Article |
| id | doaj.art-914ca0e75dca462a87d1a70864a57832 |
| institution | Directory Open Access Journal |
| issn | 1814-4225 2663-2012 |
| language | English |
| last_indexed | 2024-03-12T07:56:59Z |
| publishDate | 2018-10-01 |
| publisher | National Aerospace University «Kharkiv Aviation Institute» |
| record_format | Article |
| series | Радіоелектронні і комп'ютерні системи |
| spelling | doaj.art-914ca0e75dca462a87d1a70864a578322023-09-02T20:08:18ZengNational Aerospace University «Kharkiv Aviation Institute»Радіоелектронні і комп'ютерні системи1814-42252663-20122018-10-0102263210.32620/reks.2018.2.0347DEVELOPMENT OF ACCESS CONTROL MODEL TO PRIVATE MEDICAL INFORMATIONАндрій Сергійович Андрійчук0Анастасія Андріївна Стрєлкіна1Національний аерокосмічний університет ім. М. Є. Жуковського «ХАІ»Національний аерокосмічний університет ім. М. Є. Жуковського «ХАІ»Modern medicine has grown to an insurmountable level over the past decades. Today, this sector of human life is a high-tech industry, where all areas that can save lives of previously hopeless patients are successfully developing. The technical equipment of health care facilities has been substantially improved, it has become possible to diagnose diseases at an early stage and to quickly restore the working capacity of patients. Nevertheless, with all the advantages and capabilities of modern technology in this area, there are many problems. One of the most significant is the provision of privacy of medical information, which should be considered from both sides, both technical and regulatory. Ensuring the confidentiality of data in medical systems depends on the correct and timely organization of managing access to medical information. The US Health Insurance Portability and Accountability Act (HIPAA) is the most widespread and comprehensive regulatory document for the security of medical data. Regarding the Ukrainian normative documents, they realize the rights of the patient to receive information about their state of health, and medical systems do not have a certificate on the compliance of a comprehensive system of protection of information in accordance with the requirements of normative documents on the technical protection of information. In this article, the authors are considering designing an access control model that solves the problem of providing information security for medical systems and is based on access control based on roles with minimal constraints. The model to be developed should determine the actions and resources that are available to the user, as well as provide individual access to resources. The authors examined the existing models of access control, identified the advantages and disadvantages that formed the basis of their own model. The paper describes the creation of a role-based security policy that defines the information flows permitted by the system, based on the international regulatory document HIPAA. With the help of the developed model, it is possible to execute its storage in different ways and in any case, it is very easy to convert into a relational databasehttp://nti.khai.edu/ojs/index.php/reks/article/view/48приватна медична інформаціямодель доступумодель політики безпекиhipaarbac |
| spellingShingle | Андрій Сергійович Андрійчук Анастасія Андріївна Стрєлкіна DEVELOPMENT OF ACCESS CONTROL MODEL TO PRIVATE MEDICAL INFORMATION Радіоелектронні і комп'ютерні системи приватна медична інформація модель доступу модель політики безпеки hipaa rbac |
| title | DEVELOPMENT OF ACCESS CONTROL MODEL TO PRIVATE MEDICAL INFORMATION |
| title_full | DEVELOPMENT OF ACCESS CONTROL MODEL TO PRIVATE MEDICAL INFORMATION |
| title_fullStr | DEVELOPMENT OF ACCESS CONTROL MODEL TO PRIVATE MEDICAL INFORMATION |
| title_full_unstemmed | DEVELOPMENT OF ACCESS CONTROL MODEL TO PRIVATE MEDICAL INFORMATION |
| title_short | DEVELOPMENT OF ACCESS CONTROL MODEL TO PRIVATE MEDICAL INFORMATION |
| title_sort | development of access control model to private medical information |
| topic | приватна медична інформація модель доступу модель політики безпеки hipaa rbac |
| url | http://nti.khai.edu/ojs/index.php/reks/article/view/48 |
| work_keys_str_mv | AT andríjsergíjovičandríjčuk developmentofaccesscontrolmodeltoprivatemedicalinformation AT anastasíâandríívnastrêlkína developmentofaccesscontrolmodeltoprivatemedicalinformation |