Research On Risk-based EMR Access Control Model

At present,due to China’s economy and the informationization level is increasing day by day,the revolutionary impact of technological innovations such as the Internet and artificial intelligence on China’s medical industry has become more and more prominent,and more and more medical data resources are being processed at an alarming speed.Gathering together,China’s medical industry has also begun to truly enter the " era of big data".With the wide application and development of medical big data,it has promoted the reform of China’s current medical service model,promoted the construction of current medical informatization,and popularized the use of electronic medical records(EMR).However,the application of hospital information system(HIS)and EMR is still in the initial stage,and there are still many problems.Among them,medical information leakage is one of the most concerned problems,because medical information contains a lot of patient private data.If the data is leaked,it may cause huge economic losses to patients,and even endanger social stability.As the main means to protect information security,access control can effectively ensure that users access medical data legally.The authorization of traditional access control models is based on predefined rules,which is difficult to meet the requirements of cross-domain access control in dynamic and complex scenarios.In addition,the early access control was only based on the reliability and legitimacy of authentication,and did not monitor the user’s access process.In the paper,we start from the practical problems of EMR data privacy protection,combine the risk theory with access control technology,explore the most suitable research method for privacy protection in the medical field,and provide ideas for the research on privacy security of medical big data.The research results are mainly reflected in the following aspects:1.Build a decision-making model for doctors’ work objectives.In this model,uncertain probability fuzzy preference relation(UPHFPR)decision-making method was introduced in the stage of doctors’ decision making,and decision-making opinions of different doctors were integrated.Ensure that doctors choose the best work objectives and reduce the risk of patients’ privacy disclosure due to improper selection of work objectives.2.Doctor classification,using spectral clustering to cluster doctors into two categories based on the historical visit data of doctors.First,we preprocess the doctor’s historical visit data,convert the historical visit data into a Boolean matrix according to ICD-10(International Classification of Diseases,ICD),use the Boolean matrix as the input of the doctor’s classification,and use a combination of Hamming distance and Jaccard distance to measure the similarity matrix between doctors.3.Risk quantification of doctor’s visiting behavior.When the specific work objective and type of doctors are determined,the work objective and doctor type are referenced to the information entropy in this paper to calculate the risk value of doctors requesting access to EMR,and the optimized algorithm improves the accuracy of risk quantification of doctors’ visiting behavior.4.Build an access control model.The access control function is used to judge the risk value of the doctor’s access behavior,and make decisions on the doctor’s access request,so as to control the doctor’s excessive access to the electronic medical record and reduce the privacy risk caused by the doctor’s excessive access.