International Journal of Secure Software Engineering vol:2 issue:2 pages:1-24
Lately, many initiatives exist that aim toward integrated e-health systems on a large scale. One of the main technical challenges is access control, although several frameworks and solutions, like XACML, are already becoming standard practice. Data is no longer shared within one affinity domain but becomes ubiquitous, which results in a loss of control. As patients will be less willing to participate without additional control strategies, patient consents are introduced that allow the patients to determine precise access rules on their medical data. This paper explores the consequences of integrating consent in e-health access control. First, consent requirements are examined, after which an architecture is proposed which incorporates patient consent in the access control service of an e-health system. To validate the proposed concepts, a proof-of-concept implementation is built and evaluated.