A Role and Activity Based Access Control for Secure Healthcare Systems

We introduce a novel access control mechanism in order to safeguard privacy of medical data of patients in dynamic environments. Our access control model takes advantages from role-based access control (RBAC) and criticality aware access control (CAAC). In this way, our original approach allows the medical professionals with different roles to be granted access to medical records of patients automatically and without explicit request in case of a medical emergency. In this context, we design secure and privacy aware protocols from initial login to patients' medical data transmission and retrieval by the medical professionals. Moreover, we formally define access control policies for our system. Finally we show the feasibility of our approach by implementation and performance evaluation.