Designing proper models for authorization and access control for the electronic patient record (EPR) is essential to wide scale use of the EPR in large health organizations. This work presents MAAC (Middleware for Authentication and Access Control), a tool that implements a contextual role-based access control (RBAC) authorization model. RBAC regulates user’s access to computers resources based on their organizational roles. A contextual authorization uses environmental information available at access-request time, like user/patient relationship, in order to decide whether a user has the right to access an EPR resource. The software architecture where MAAC is implemented uses Lightweight Directory Access Protocol, Java programming language and the CORBA/OMG standards CORBA Security Service and Resource Access Decision Facility. With those open and distributed standards, heterogeneous EPR components can request user authentication and access authorization services in a unified and consistent fashion across multiple platforms.

Date Published: 19 April 2004
PDF: 12 pages
Proc. SPIE 5371, Medical Imaging 2004: PACS and Imaging Informatics, (19 April 2004); doi: 10.1117/12.535633

Published in SPIE Proceedings Vol. 5371:
Medical Imaging 2004: PACS and Imaging Informatics
Osman M. Ratib; H. K. Huang, Editor(s)