A cross domain access control model for medical consortium based on DBSCAN and penalty function

Chuanjia Yao; Rong Jiang; Bin Wu; Pinghui Li; Chenguang Wang

doi:10.1186/s12911-024-02638-5

BMC Medical Informatics and Decision Making (Sep 2024)

A cross domain access control model for medical consortium based on DBSCAN and penalty function

Chuanjia Yao,
Rong Jiang,
Bin Wu,
Pinghui Li,
Chenguang Wang

Affiliations

Chuanjia Yao: Institute of Intelligence Applications, Yunnan University of Finance and Economics
Rong Jiang: Institute of Intelligence Applications, Yunnan University of Finance and Economics
Bin Wu: Yunnan Academy of Scientific and Technical Information
Pinghui Li: Kunming First People’s Hospital
Chenguang Wang: Yunnan Key Laboratory of Service Computing

DOI: https://doi.org/10.1186/s12911-024-02638-5
Journal volume & issue: Vol. 24, no. 1
pp. 1 – 20

Abstract

Read online

Abstract Background Graded diagnosis and treatment, referral, and expert consultations between medical institutions all require cross domain access to patient medical information to support doctors’ treatment decisions, leading to an increase in cross domain access among various medical institutions within the medical consortium. However, patient medical information is sensitive and private, and it is essential to control doctors’ cross domain access to reduce the risk of leakage. Access control is a continuous and long-term process, and it first requires verification of the legitimacy of user identities, while utilizing control policies for selection and management. After verifying user identity and access permissions, it is also necessary to monitor unauthorized operations. Therefore, the content of access control includes authentication, implementation of control policies, and security auditing. Unlike the existing focus on authentication and control strategy implementation in access control, this article focuses on the control based on access log security auditing for doctors who have obtained authorization to access medical resources. This paper designs a blockchain based doctor intelligent cross domain access log recording system, which is used to record, query and analyze the cross domain access behavior of doctors after authorization. Through DBSCAN clustering analysis of doctors’ cross domain access logs, we find the abnormal phenomenon of cross domain access, and build a penalty function to dynamically control doctors’ cross domain access process, so as to reduce the risk of Data breach. Finally, through comparative analysis and experiments, it is shown that the proposed cross domain access control model for medical consortia based on DBSCAN and penalty function has good control effect on the cross domain access behavior of doctors in various medical institutions of the medical consortia, and has certain feasibility for the cross domain access control of doctors.

Published in BMC Medical Informatics and Decision Making

ISSN: 1472-6947 (Online)
Publisher: BMC
Country of publisher: United Kingdom
LCC subjects: Medicine: Medicine (General): Computer applications to medicine. Medical informatics
Website: http://bmcmedinformdecismak.biomedcentral.com

About the journal

Abstract

Keywords