Access control based on roles and groups: Case study Building a secure Smart Hospital using BPMS

In today's e-health applications, controlling access to patients' medical information is a real concern. In particular, the control of access has been identified as one of the requirements for the security of these systems. In a BPMS, this security requirement is not adequately addressed: it is represented by a simple actor filter where a task is performed by a particular user. However, to ensure the confidentiality of the data used in each task, this is not sufficient. This research paper explores the idea of integrating an access control filter into a BPMS, specifically the Bonita BPMS. A case study is performed for the validation of this idea. More specifically, the COVID-19 healthcare process of a Tunisian hospital is taken into account, for which we have been able to apply the proposed solution by implementing this process in Bonita and providing real-time access control based on groups and roles. This article explores the access control in a BPMS for smart hospitals. We address the problem of access control of personal information of patients and doctors by using a BPMS systems, in the Intelligent assistance system for a COVID-19 crisis unit (SMART2C).