|
Recent regulations for security and privacy of personal data request new approaches in data access and retrieval processes. In the context of healthcare, the regulations point two types of consent to access sensitive personal medical data: explicit and implicit consent. This paper focus on explicit consent cases and presents an architecture where the patient grants on-demand access to private health records. The architecture is supported by a Discretionary Access Control model suited for cross-domain and cloud environments. Each resource belongs to a patient that has the power to grant or deny any access rights to users or groups of users. All the process is designed to be secure, from the authentication of the physician in the terminal until the communications between entities, passing by the physician's terminal check by the patient. Furthermore, the security methods are discussed and evaluated. Finally, it is presented a summary of the developed work and the plans to apply in the future work.
|
.: SABIA :. Sistemas Adaptativos y Bioinspirados en Inteligencia Artificial