An Activity Theory Approach to Specification of Access Control Policies in Transitive Health Workflows

Presenter Information

Rohit Valecha, State University of New York at Buffalo, Buffalo, NY, United States.Follow
Mandvika Kashyap, Management Systems and Science, State University of New York at Buffalo, Buffalo, NY, United States.Follow
Swathi Rajeev, Management Systems and Science, State University of New York at Buffalo, Buffalo, NY, United States.Follow
Raghav Rao, State University of New York at Buffalo, Buffalo, NY, United States.Follow
Shambhu Upadhyaya, Computer Science and Engineering, State University of New York, Buffalo,Follow

Location

Level 0, Open Space, Owen G. Glenn Building

Start Date

12-15-2014

Description

Access control models are implemented to mitigate the risks of unauthorized access in Electronic Health Records (EHRs). These models provide authorization with the help of security policies, wherein the protected resource is governed by one or more policies that exactly specify what attributes a requester needs to fulfill in order to obtain access. However, due to the increasing complexity of current healthcare system, defining and implementing policies are becoming more and more difficult. In this research-in-progress paper, we present an Activity Theory driven methodology to formalize access control policies that can be used in enforcing patient’s privacy consent in a healthcare setting. In order to account for the transitivity in health workflows, we extend the Activity Theory to include “organizational interconnectedness” within the health workflows.

Recommended Citation

Valecha, Rohit; Kashyap, Mandvika; Rajeev, Swathi; Rao, Raghav; and Upadhyaya, Shambhu, "An Activity Theory Approach to Specification of Access Control Policies in Transitive Health Workflows" (2014). ICIS 2014 Proceedings. 30.
https://aisel.aisnet.org/icis2014/proceedings/ISHealthcare/30