Research On Medical Privacy Protection Based On RBAC

With the continuous development of computer and network technologies,healthcare information systems gradually replace the primitive manual operations and become the main method for processing information in hospital.However,with the advent of the information age,the amount of information stored in healthcare information systems is increasing,and It is easy to have privacy information leaked,thus causing irreversible harm.Protecting users' privacy information has become a focus issue in the medical environment.Access control technology is one of the effective measures to solve the problem of privacy leakage.Based on the above background,this thesis analyzes each access control model and the access control models applied in healthcare information systems at home and abroad.Regarding the discretionary access control,it is prone to problems such as information leakage;The mandatory access control is difficult to be applied to a more dynamic system such as a healthcare information systems;while the role-based access control model can overcome the shortcomings of the above two models,but if only the role-based access control model is applied in the medical environment,it cannot prevent access to medical information at an unusual time or place,resulting in the important information leakage in the medical environment.Therefore,if the above access control model is applied to the medical environment,there are some deficiencies.In the domestic and foreign research literatures,contextual constraints are usually used to protect privacy in the medical environment.However,the currently mentioned methods of using context constraints are to list the permissions in different contexts one by one,and it is easy to generate a large number of redundant rules,and to a certain extent,affect the system's access efficiency.For this reason,this thesis proposes a new way to implement the context constraints in medical privacy,quantify the access process of medical privacy information,make the privacy protection more intuitive,and also reduce the redundancy of rules and avoid the waste of system space.Through continuous research,this thesis has achieved certain results,mainly including the following aspects:First,the scope of medical privacy in this thesis is defined according to the five conditions affecting privacy and non-privacy classification,and provides a reference for the definition of privacy in the healthcare information systems.At the same time,the above five conditions are categorized into five types of contexts,and they are defined,which will provide a basis for introducing the contexts in the model below,and also provide reference for the definition of contexts.Secondly,a new way of implementing context constraints is proposed—the subject's context is rated,and the subject's access to privacy information is determined by analyzing the rating results.This thesis implements the above new privacy rating method through the privacy rating module.The privacy rating method quantifies the access to privacy information,making the protection of privacy more intuitive,and quantifying the access greatly reduces the number of strategies in the system,avoids the space waste caused by the policy redundancy in the system,and improves the access efficiency of the system.Then,in this thesis,the privacy rating module is added in the role-based access control model,and a new model is put forward.It increases context constraints to the privacy access in the healthcare information systems,solves the problem of privacy leakage to some extent and realizes the protection of medical privacy information.Finally,this thesis takes the medical environment as the background,realizes the new model proposed,constructs a healthcare information system with privacy protection function to prove the feasibility of the model,and runs instances on the completed system to prove that the model can provide effective protection of privacy information in healthcare information systems while ensuring access efficiency.This thesis focuses on solving the problem of privacy leakage in the medical environment,and proposes a new privacy rating method based on the actual situation in the medical environment,and adds this privacy rating method to the role-based access control model to propose a new improvement model,at the same time,designs the healthcare information system applying the improved model based on the complex actual needs,providing some inspiration for future related research.