TY - JOUR
T1 - An enhancement of the Role-Based Access Control model to facilitate information access management in context of team collaboration and workflow
AU - Le, Xuan Hung
AU - Doll, Terry
AU - Barbosu, Monica
AU - Luque, Amneris
AU - Wang, Dongwen
N1 - Funding Information:
The CEI project is funded by New York State Department of Health AIDS Institute through Contracts #C024882 and #C023557. We would like to thank Thomas Della Porta and Michael Hazard for their contribution to the CEI project. We would also like to thank CEI program staff Howard Lavigne, Cheryl Smith, Lyn Stevens, Bruce Agins and colleagues from other CEI Centers for their support and help. Appendix A
PY - 2012/12
Y1 - 2012/12
N2 - Although information access control models have been developed and applied to various applications, few of the previous works have addressed the issue of managing information access in the combined context of team collaboration and workflow. To facilitate this requirement, we have enhanced the Role-Based Access Control (RBAC) model through formulating universal constraints, defining bridging entities and contributing attributes, extending access permissions to include workflow contexts, synthesizing a role-based access delegation model to target on specific objects, and developing domain ontologies as instantiations of the general model to particular applications. We have successfully applied this model to the New York State HIV Clinical Education Initiative (CEI) project to address the specific needs of information management in collaborative processes. An initial evaluation has shown this model achieved a high level of agreement with an existing system when applied to 4576 cases (kappa = 0.801). Comparing to a reference standard, the sensitivity and specificity of the enhanced RBAC model were at the level of 97-100%. These results indicate that the enhanced RBAC model can be effectively used for information access management in context of team collaboration and workflow to coordinate clinical education programs. Future research is required to incrementally develop additional types of universal constraints, to further investigate how the workflow context and access delegation can be enriched to support the various needs on information access management in collaborative processes, and to examine the generalizability of the enhanced RBAC model for other applications in clinical education, biomedical research, and patient care.
AB - Although information access control models have been developed and applied to various applications, few of the previous works have addressed the issue of managing information access in the combined context of team collaboration and workflow. To facilitate this requirement, we have enhanced the Role-Based Access Control (RBAC) model through formulating universal constraints, defining bridging entities and contributing attributes, extending access permissions to include workflow contexts, synthesizing a role-based access delegation model to target on specific objects, and developing domain ontologies as instantiations of the general model to particular applications. We have successfully applied this model to the New York State HIV Clinical Education Initiative (CEI) project to address the specific needs of information management in collaborative processes. An initial evaluation has shown this model achieved a high level of agreement with an existing system when applied to 4576 cases (kappa = 0.801). Comparing to a reference standard, the sensitivity and specificity of the enhanced RBAC model were at the level of 97-100%. These results indicate that the enhanced RBAC model can be effectively used for information access management in context of team collaboration and workflow to coordinate clinical education programs. Future research is required to incrementally develop additional types of universal constraints, to further investigate how the workflow context and access delegation can be enriched to support the various needs on information access management in collaborative processes, and to examine the generalizability of the enhanced RBAC model for other applications in clinical education, biomedical research, and patient care.
KW - Access control
KW - Computation model
KW - Computer supported cooperative work
KW - Information management
KW - Medical education
KW - Workflow
UR - http://www.scopus.com/inward/record.url?scp=84869871203&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84869871203&partnerID=8YFLogxK
U2 - 10.1016/j.jbi.2012.06.001
DO - 10.1016/j.jbi.2012.06.001
M3 - Article
C2 - 22732236
AN - SCOPUS:84869871203
SN - 1532-0464
VL - 45
SP - 1084
EP - 1107
JO - Journal of Biomedical Informatics
JF - Journal of Biomedical Informatics
IS - 6
ER -