A trustworthy system for secure access to patient centric sensitive information

Smart technological innovations in healthcare are continuously generating digitized medical information about each patient, leading to the creation of Patient Centric Big Medical Data (PCBMD). Rapid adoption of PCBMD in healthcare ushers at the cost of its security and privacy concerns. Current methods focus on identifying authorized users who can access PCBMD but they barely identify the insider attackers. Alternatively, these methods do not prevent information leak by authorized users. Working towards this direction, this paper proposes a Trust based Access Control (TAC) system which not only identifies authorized users for PCBMD but also defends Sensitive Personal Information (SPI) of a patient from insider attacks. The proposed method calculates the trust value of each user by considering various quantitative parameters. Based on the calculated trust values, access rights are granted to each user such that SPI can be accessed by only highly trustworthy users. To implement access rights securely, a privacy scheme is also proposed. The experimental results show that the proposed security system can be efficiently used to protect the SPI of patients.