HCRBAC – An Access Control System for Collaborative Context-Aware HealthCare Services in Mauritius
Healthcare is an area dealing with an enormous amount of highly sensitive data being handled by a number of users. As a first step towards an e-health service, Mauritius requires the electronic management of patients’ data at its different healthcare institutions. Such data management should allow easy non-obtrusive, but secure, access to data by in house personnel of each healthcare institution, while also providing secure remote access to other institutions within the healthcare service as well as external bodies such as the police and insurance companies.. This paper presents HCRBAC (Healthcare Context-Aware Role-Based Access Control) a data access system for the Mauritian healthcare service, where data access within a healthcare institution is facilitated and controlled through the use of context-awareness, while remote access to data is provided in a secure way. A number of different existing access control mechanisms are first analyzed and a comparative study of these is performed. A combination of the different techniques is then used to provide efficient management of the data access system and allowing any healthcare institution to open up data access to other related institutions, without compromising confidentiality and integrity of data.