Abstract

Information privacy typically concerns the confidentiality of personal identifiable information (PII) and protected health information (PHI) such as electronic medical records. Thus, the information access control mechanism for e-health services must be embedded with privacy-enhancing technologies. Role-based access control (RBAC) model has been widely investigated and applied to various applications for a period of time. This paper presents an extended framework of RBAC with privacy-based extensions to tackle such a need. With the context of e-health care informatics, this paper proposes an aggregation decision-making layer interacted with a set of autonomous RBAC models to aggregate PHI.