Securing Access to Healthcare Data with Context-aware Policies

Data security in the healthcare domain is of paramount importance. There is a need for advanced access control mechanisms that can be used in the healthcare domain and raise security awareness. In this work, we report on the development of a web-based editor, that enables a user to edit concepts and properties for tailoring a context-aware security model for creating and enforcing access control policies for electronic health records (EHRs). These access control policies are to be enforced as part of two different sequential authorisation paradigms that will be employed for achieving high levels of security controls. These paradigms are the Attributebased Access Control (ABAC), which permits or denies access and/or grants or not editing rights to (encrypted) EHRs and the Attribute-based Encryption (ABE), which handles the way sensitive data should be decrypted, so as to edit functionalities for creating context-aware access policies (ABAC and ABE).