Introduction
-
Using a combined risk and UCON access control model to achieve privacy protection of medical data in the context of big data in healthcare. We add a risk quantification module to the traditional UCON model and quantify the risk value of user history access records through a risk control component.
-
To improve the accuracy of risk quantification by dividing it into direct risk quantification and indirect risk quantification in the risk quantification stage, and we use the EWMA algorithm and penalty factors to realize dynamic updates of risk values.
-
The user clustering stage introduces an agglomerated hierarchical clustering algorithm to cluster doctors into four classes, and the risk intervals of corresponding types of doctors appear as conditions in the UCON model.
Related work
Access control model
Basic framework
-
Subject S is divided into production subject SP and access subject SA. Production subject SP: internal hospital data producers, patients, etc.; access subject SA: internal hospital medical staff, patients, the general public, etc. In the model of this paper, we use physicians as access subjects.
-
Subject attribute ATT(S): regular attributes include doctor's duty, doctor's department, doctor's number, etc.; variable attributes are subject risk value, access log, etc.
-
Object O: Medical big data, which includes patients' personal information, examination records, patients' electronic medical records, medical research data, etc.
-
Object attributes ATT(O): patient's department, disease category, confidentiality level, admission time, etc., attributes usually are immutable.
-
Permission P: The right of the subject to operate on the object resources. Access to the operations of the subject SA to view, modify, delete, etc. of the object O, such as the attending physician to query the patient's medical record, add treatment records, administer medication, etc.
-
Authorization A: In the UCON model, there are two types of authorization: pre-authorization and process authorization; in this paper, we propose to use the pre-authorization method; each doctor is given the appropriate access rights according to his or her role, and the authorization range is dynamically adjusted by the doctor's risk value.
-
Obligation B: The access subject SA needs to complete the corresponding operation on the object after obtaining access rights.
-
Condition C: The conditions that need to be satisfied when the access request is sent by the access subject SA, e.g., whether the risk value of the subject is in the risk interval that allows access, whether the access time is within the office hours, etc. In this paper, we propose to use agglomerated hierarchical clustering for risk interval classification.
-
Risk quantification component RQ: quantify the access request behavior of the access subject SA according to the risk quantification component, and the quantification result will update the subject’ s risk attributes.
-
Risk quantification module: When a user sends an access request, the risk quantification module calculates the risk value (hereinafter referred to as “direct risk”) of the doctor's behavior by using the doctor’s work target, operation behavior, access time, and sensitivity of the accessed information. It also calculates the risk value (hereinafter referred to as “indirect risk”) of the entire department's physician's access behavior through the history of the entire department's access records for the same work target. The module finally calculates the total risk caused by the physician's visit history based on the direct risk and indirect risk.
-
Doctor clustering module: The risk values derived from the doctor's historical visit records are clustered into four classes using an agglomerated hierarchical clustering algorithm, and the risk value intervals corresponding to the four classes of doctors are obtained.
-
Subject property update module: The EWMA algorithm is used to predict the risk value of a physician's current visit based on the risk value derived from the physician's visit history, and to update the physician's risk value.
-
Access Control Policy Module: The access control policy is based on the risk value of the doctor's visit and the corresponding risk value interval of the four categories of doctors.
Risk quantification module
Direct risk
Indirect risk
Physician clustering module
Subject property update
Access control policies
Simulation experiments
Data source
Purpose of the experiment
Risk quantification and access control experiments
Risk quantification for doctors in different department
No authority | View, Copy | View, Copy, Add | View, Copy, Add, Delete | |
---|---|---|---|---|
Gastroenterology | 0.786–0.992 | 0.52–0.785 | 0.25–0.51 | 0.014–0.249 |
Cardiac Surgery | 0.778–0.916 | 0.557–0.777 | 0.279–0.556 | 0.098–0.278 |
Neurosurgery | 0.785–0.935 | 0.59–0.784 | 0.353–0.59 | 0.027–0.243 |
Access control blocking success rate and recall for doctors in different departments
Comparison experiments
Excessive access to doctors rate | X | Accuracy | Recall | F1 Score | |||
---|---|---|---|---|---|---|---|
This Model | Huizhen Model | This Model | Huizhen Model | This Model | Huizhen Model | ||
5% | 15 | 0.73 | 0.67 | 0.21 | 0.25 | 0.50 | 0.50 |
30 | 0.77 | 0.73 | 0.53 | 0.55 | 0.63 | 0.64 | |
45 | 0.80 | 0.76 | 0.90 | 0.87 | 0.85 | 0.81 | |
60 | 0.67 | 0.67 | 1.00 | 1.00 | 0.83 | 0.83 | |
75 | 0.53 | 0.53 | 1.00 | 1.00 | 0.77 | 0.77 | |
7.5% | 15 | 0.78 | 0.73 | 0.19 | 0.22 | 0.50 | 0.46 |
30 | 0.83 | 0.77 | 0.42 | 0.38 | 0.63 | 0.58 | |
45 | 0.82 | 0.78 | 0.58 | 0.60 | 0.72 | 0.73 | |
60 | 0.92 | 0.82 | 0.88 | 0.82 | 0.87 | 0.82 | |
75 | 0.80 | 0.80 | 1.00 | 1.00 | 0.90 | 0.90 | |
10% | 15 | 0.80 | 0.78 | 0.15 | 0.15 | 0.45 | 0.48 |
30 | 0.87 | 0.80 | 0.33 | 0.30 | 0.57 | 0.55 | |
45 | 0.89 | 0.82 | 0.49 | 0.51 | 0.69 | 0.69 | |
60 | 0.93 | 0.85 | 0.70 | 0.64 | 0.82 | 0.78 | |
75 | 1.00 | 0.89 | 0.94 | 0.89 | 0.95 | 0.90 | |
12.5% | 15 | 0.86 | 0.87 | 0.14 | 0.13 | 0.54 | 0.50 |
30 | 0.91 | 0.90 | 0.25 | 0.28 | 0.61 | 0.54 | |
45 | 0.96 | 0. 93 | 0.43 | 0.40 | 0.69 | 0.64 | |
60 | 1.00 | 0.94 | 0.60 | 0.55 | 0.80 | 0.73 | |
75 | 1.00 | 0.94 | 0.75 | 0.70 | 0.88 | 0.82 |
Proportion | X | Accuracy | Recall | F1 Score | |||
---|---|---|---|---|---|---|---|
This Model | Huizhen Model | This Model | Huizhen Model | This Model | Huizhen Model | ||
2% | 15 | 0.67 | 0.63 | 0.13 | 0.14 | 0.40 | 0.36 |
30 | 0.67 | 0.67 | 0.25 | 0.25 | 0.46 | 0.47 | |
45 | 0.69 | 0.64 | 0.39 | 0.38 | 0.54 | 0.50 | |
60 | 0.67 | 0.60 | 0.50 | 0.45 | 0.58 | 0.53 | |
75 | 0.53 | 0.51 | 0.50 | 0.48 | 0.52 | 0.49 | |
4% | 15 | 0.67 | 0.67 | 0.13 | 0.13 | 0.40 | 0.40 |
30 | 0.72 | 0.70 | 0.28 | 0.26 | 0.50 | 0.49 | |
45 | 0.76 | 0.68 | 0.43 | 0.38 | 0.59 | 0.52 | |
60 | 0.82 | 0.72 | 0.61 | 0.54 | 0.71 | 0.63 | |
75 | 0.84 | 0.67 | 0.79 | 0.63 | 0.81 | 0.65 | |
6% | 15 | 0.84 | 0.82 | 0.16 | 0.15 | 0.50 | 0.53 |
30 | 0.97 | 0.83 | 0.36 | 0.37 | 0.66 | 0.59 | |
45 | 0.91 | 0.82 | 0.51 | 0.46 | 0.71 | 0.64 | |
60 | 0.93 | 0.87 | 0.70 | 0.65 | 0.82 | 0.76 | |
75 | 0.91 | 0.81 | 0.85 | 0.76 | 0.88 | 0.79 | |
8% | 15 | 0.93 | 0.87 | 0.18 | 0.16 | 0.55 | 0.57 |
30 | 0.97 | 0.89 | 0.36 | 0.33 | 0.62 | 0.62 | |
45 | 0.98 | 0.90 | 0.55 | 0.58 | 0.76 | 0.69 | |
60 | 1.00 | 0.93 | 0.75 | 0.68 | 0.88 | 0.79 | |
75 | 1.00 | 0.93 | 0.94 | 0.86 | 0.97 | 0.89 |