{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,4,30]],"date-time":"2025-04-30T23:40:02Z","timestamp":1746056402661,"version":"3.40.4"},"reference-count":19,"publisher":"IGI Global","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013,7,1]]},"abstract":"<p>The importance of electronic healthcare has caused numerous changes in both substantive and procedural aspects of healthcare processes. These changes have produced new challenges for patient privacy and information secrecy. Traditional privacy policies cannot respond to rapidly increased privacy needs of patients in electronic healthcare. Technically enforceable privacy policies are needed in order to protect patient privacy in modern healthcare with its cross-organizational information sharing and decision making. This paper proposes a personal information flow model that proposes a limited number of acts on this type of information. Ontology-classified chains of these acts can be used instead of the \u201cintended business purposes\u201d in the context of privacy access control. This enables the seamless integration of security and privacy into existing healthcare applications and their supporting infrastructures. In this paper, the authors present their idea of a Chain-Based Access Control (ChBAC) mechanism and provide a comparative analysis of it to Role-Based Access Control (RBAC). The evaluation is grounded in the healthcare domain and examines a range of typical access scenarios and approaches.<\/p>","DOI":"10.4018\/jisp.2013070103","type":"journal-article","created":{"date-parts":[[2013,11,25]],"date-time":"2013-11-25T22:03:47Z","timestamp":1385417027000},"page":"36-52","source":"Crossref","is-referenced-by-count":4,"title":["A Comparative Analysis of Chain-Based Access Control and Role-Based Access Control in the Healthcare Domain"],"prefix":"10.4018","volume":"7","author":[{"given":"Esraa","family":"Omran","sequence":"first","affiliation":[{"name":"Gulf University for Science & Technology, Kuwait City, Kuwait"}]},{"given":"Tyrone","family":"Grandison","sequence":"additional","affiliation":[{"name":"Proficiency Labs, Ashland, OR, USA"}]},{"given":"David","family":"Nelson","sequence":"additional","affiliation":[{"name":"Faculty of Applied Sciences, University of Sunderland, Sunderland, UK"}]},{"given":"Albert","family":"Bokma","sequence":"additional","affiliation":[{"name":"Avedas Information Management, Karlsruhe, Germany"}]}],"member":"2432","reference":[{"key":"jisp.2013070103-0","unstructured":"W3C. (2009). The platform for privacy preferences 1.0 specification. World Wide Web Consortium. Retrieved October 15, 2009 from http:\/\/www.w3.org\/TR\/P3P\/"},{"key":"jisp.2013070103-1","doi-asserted-by":"crossref","unstructured":"Agrawal, R., Kiernan, J., Srikant, R., & Xu, Y. (2002). Hippocratic databases. In Proceedings of the 28th International Conference on Very Large Data Bases, Hong Kong, China (pp. 143-154).","DOI":"10.1016\/B978-155860869-6\/50021-4"},{"key":"jisp.2013070103-2","unstructured":"Al-Fedaghi, S. (2007). Beyond purpose-based privacy access control. In Proceedings of the 18th Australasian Database Conference, Ballarat, Australia."},{"key":"jisp.2013070103-3","unstructured":"Borthakur, D. (2007). The Hadoop distributed file system: Architecture and design. Retrieved October 15, 2009 from http:\/\/hadoop.apache.org\/core\/docs\/current\/hdfs design.pdf"},{"key":"jisp.2013070103-4","doi-asserted-by":"crossref","unstructured":"Byun, J. W., Bertino, E., & Li, N. (2005). Purpose based access control of complex data for privacy protection. IN Proceedings of the 10thACM Symposium on Access Control Models and Technologies, Stockholm, Sweden.","DOI":"10.1145\/1063979.1063998"},{"key":"jisp.2013070103-5","unstructured":"Dick, R., Steen, S., Elaine, B., & Detmer, D. E. (1997). The computer-based patient record: An essential technology for health care. In National Academy Press-Book. ISBN 0309055326. Washington, D.C."},{"key":"jisp.2013070103-6","unstructured":"EPAL. (2003). Enterprise privacy authorization language (EPAL 1.2). Retrieved October 15, 2009, from http:\/\/www.w3.org\/Submission\/2003\/SUBM-EPAL-20031110\/"},{"key":"jisp.2013070103-7","unstructured":"Ferraiolo, D. F., & Kuhn, R. (1992). Role-based access control. In Proceedings of the 15th NIST-NSA National Computer Security Conference, 554-563."},{"key":"jisp.2013070103-8","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-48533-1_17"},{"key":"jisp.2013070103-9","unstructured":"Health Level Seven Inc. (2009). HL7 standard. Retrieved October 15, 2009 from http:\/\/www.hl7.org\/"},{"key":"jisp.2013070103-10","unstructured":"International Clinic. (2011). Retrieved from http:\/\/www.international-clinic.com\/"},{"issue":"2","key":"jisp.2013070103-11","first-page":"23","article-title":"Improving the delivery of care and reducing healthcare costs with the digitization of information.","volume":"14","author":"R.Noffsinger","year":"2000","journal-title":"Journal of Healthcare Information Management"},{"key":"jisp.2013070103-12","doi-asserted-by":"crossref","unstructured":"Omran, O., Grandison, T., & Abu Almaati, S. (2010). Healthcare chains - Enabling application and data privacy controls for healthcare information systems. In Proceedings of the 13th World Congress on Medical and Health Informatics (MEDINFO) 2009, Cape Town, South Africa.","DOI":"10.3233\/978-1-60750-588-4-879"},{"key":"jisp.2013070103-13","doi-asserted-by":"publisher","DOI":"10.1016\/S0065-2458(08)60206-5"},{"key":"jisp.2013070103-14","unstructured":"Tektonidis, D., Bokma, A., Oatley, G., & Salampasis, M. (2005). ONAR: An ontologies-based service oriented application integration framework. In Proceedings of the First International Conference on Interoperability of Enterprise Software and Applications, Lecture Notes in Computer Science (Interoperability of Enterprise Software and Applications), ISBN: 1-84628-151-2, Geneva, Switzerland."},{"key":"jisp.2013070103-15","unstructured":"Thomas, R. K., & Sandhu, R. S. (1993). Task-based authorization controls (TBAC), A family of models for active and enterprise-oriented authorization management. In Proceedings of the IFIP WG11.3 Workshop on Database Security, Lake Tahoe, CA."},{"key":"jisp.2013070103-16","unstructured":"Thomson Reuters. (2009). 100 top hospitals: 2009. Retrieved 15, 2009 from http:\/\/www.modernhealthcare.com\/section\/lists?djoPage=product_details&djoPid=10537&djoTry=1249923457"},{"key":"jisp.2013070103-17","unstructured":"University of Alberta (2005). Electronic health records and the personal information protection and electronic documents act, Health Law Institute, University of Victoria, School of Health Information Science. Report prepared with generous funding support from the Office of the Privacy Commissioner of Canada."},{"key":"jisp.2013070103-18","doi-asserted-by":"publisher","DOI":"10.1093\/tcbh\/1.2.115"}],"container-title":["International Journal of Information Security and Privacy"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=95141","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,30]],"date-time":"2025-04-30T23:08:32Z","timestamp":1746054512000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/jisp.2013070103"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2013,7,1]]},"references-count":19,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2013,7]]}},"URL":"https:\/\/doi.org\/10.4018\/jisp.2013070103","relation":{},"ISSN":["1930-1650","1930-1669"],"issn-type":[{"type":"print","value":"1930-1650"},{"type":"electronic","value":"1930-1669"}],"subject":[],"published":{"date-parts":[[2013,7,1]]}}}