To read the full version of this content please select one of the options below:

A Clark-Wilson and ANSI role-based access control model

Tamir Tsegaye (Department of Information Systems, Rhodes University , Grahamstown, South Africa)
Stephen Flowerday (Department of Information Systems, Rhodes University , Grahamstown, South Africa)

Information and Computer Security

ISSN: 2056-4961

Article publication date: 15 June 2020

Issue publication date: 16 July 2020

Downloads
193

Abstract

Purpose

An electronic health record (EHR) enables clinicians to access and share patient information electronically and has the ultimate goal of improving the delivery of healthcare. However, this can create security and privacy risks to patient information. This paper aims to present a model for securing the EHR based on role-based access control (RBAC), attribute-based access control (ABAC) and the Clark-Wilson model.

Design/methodology/approach

A systematic literature review was conducted which resulted in the collection of secondary data that was used as the content analysis sample. Using the MAXQDA software program, the secondary data was analysed quantitatively using content analysis, resulting in 2,856 tags, which informed the discussion. An expert review was conducted to evaluate the proposed model using an evaluation framework.

Findings

The study found that a combination of RBAC, ABAC and the Clark-Wilson model may be used to secure the EHR. While RBAC is applicable to healthcare, as roles are linked to an organisation’s structure, its lack of dynamic authorisation is addressed by ABAC. Additionally, key concepts of the Clark-Wilson model such as well-formed transactions, authentication, separation of duties and auditing can be used to secure the EHR.

Originality/value

Although previous studies have been based on a combination of RBAC and ABAC, this study also uses key concepts of the Clark-Wilson model for securing the EHR. Countries implementing the EHR can use the model proposed by this study to help secure the EHR while also providing EHR access in a medical emergency.

Keywords

Citation

Tsegaye, T. and Flowerday, S. (2020), "A Clark-Wilson and ANSI role-based access control model", Information and Computer Security, Vol. 28 No. 3, pp. 373-395. https://doi.org/10.1108/ICS-08-2019-0100

Publisher

:

Emerald Publishing Limited

Copyright © 2020, Emerald Publishing Limited