| The major challenge in health information systems is to perform authorization check (i.e., access control) locally, while providing access to medical data globally without violating the privacy of medical data. Providing access control scalable across hospitals is quite complex because of the following two reasons: (a) each hospital has its own policies; (b) in a hospital external users from other hospitals become aliens. The main objective of this research is to provide a security framework for sharing Digital Imaging and Communications in Medicine (DICOM) images in radiology information systems (RIS). We designed a hybrid access control model by combining the properties of team-based access control and rule-based role delegation models. We use the trust relationship among hospitals to make the hybrid access control model scalable across hospitals. The security framework provides fine-grained access control, policy management, demographics filtering, and log maintenance constrained to PHIA (Personal Health Information Act of 1997) and the DICOM standard. Our emphasis is towards fine-grained access control and log maintenance. (Abstract shortened by UMI.)... |
