An Access Control Framework for Protecting Mobile Health Records: The Case Study of Developing Countries

Abstract

Mobile health records are a good way of providing users with on-demand access to health care data. Standard approaches of securing health records include role-based access control (RBAC) because this is a flexible approach to assign permissions to a wide variety of users. However, traditional RBAC models are not designed to enforce fine-grained access control. For instance, in mobile health record systems, it is difficult to configure a policy that permits a patient to selectively share his/her personal records with healthcare workers. Therefore, defining policies that express application-level security requirements with respect to mobile records is challenging. In this paper, we present an RBAC inspired framework that provides fine-grained encryption for mobile health records where patient records have different access control policies. Our proposed framework ensures that the data can be made available securely offline. This approach can leverage systems where information needs to be shared securely under constraints of energy and/or Internet coverage.