A multi-policy framework for mitigating insider threat in healthcare domain
Access control policies in healthcare domain define permissions for users to access different medical records. Role Based Access Control (RBAC) helps to restrict medical records to users in a certain role but sensitive information in medical records can still be compromised by authorized insiders. The disclosure of sensitive medical information can create embarrassing situation for a patient or even cause discrimination based on medical ailment. The threat is from users who are not treating the patient but have access to medical records. We propose selective combination of policies where sensitive records are only available to primary doctor under Discretionary Access Control (DAC) and he may share it for consultation after permission from patient. This helps not only better compliance of principle of least privilege but also helps to mitigate the threat of authorized insiders disclosing sensitive patient information. We use Policy Machine (PM) proposed by National Institute of Standards and Technology (NIST) to combine policies and develop a flexible healthcare access control policy which has benefits of context awareness and discretionary access. We have implemented temporal constraints for RBAC in PM and after combination of Generalized Temporal Role Based Access Control (GTRBAC) and DAC, an example healthcare scenario has been established. ^
Arif Ghafoor, Purdue University.