Managing access control in collaborative processes for healthcare applications

Team-based patient care, biomedical research, and clinical education require coordinated access of relevant information in specific contexts of workflow and collaboration. Research on methodology development to manage information access in collaborative processes therefore is essential to build successful healthcare applications. In this chapter, we first survey the existing research on access control to support team collaboration and workflow management. We then introduce an illustrative example, New York State HIV Clinical Education Initiative (CEI), as a domain application requiring complex information access in the combined contexts of workflow and team collaboration. To address the specific challenges in access control for CEI, we present a series of studies on model development, system implementation, and effectiveness evaluation. Specifically, we describe the enhancement of the Role-Based Access Control (RBAC) model through formulating universal constraints, defining bridging entities and contributing attributes, extending access permissions to include workflow contexts, synthesizing a rolebased access delegation model to target on specific objects, and developing domain ontologies as instantiations of the general model to particular applications.We illustrate the development of a generic system framework to implement the enhanced RBAC model, with three functional layers: encoding of access control policies, interpretation of these policies, and application of the policies to specific scenarios for information access management. We present an evaluation study to assess the effectiveness of the enhanced RBAC model when applied to CEI, with quantitative measures on degree of agreement with a control system as well as sensitivity, specificity, and accuracy based on a gold-standard. We close this chapter with discussions, future works, and some conclusion remarks.