Multi-Level Security in Healthcare Using a Lattice-Based Access Control Model

Controlling access to sensitive personal information is a primary concern in healthcare. Regardless of whether access control policies are determined by patients, healthcare professionals, institutions, legal and regulatory authorities, or some combination of these, assuring the strict enforcement of policies across all systems that store personal health information is the overriding, essential goal of any healthcare security solution. While a comprehensive healthcare security architecture may need to impose specific controls on individual data items, most access control decisions will be based on sensitivity levels automatically assigned to information classes by a “sensitivity profile,” combined with the authorization level of the user. This article proposes the use of multi-level security, defined by lattice-based sensitivity profiles, to ensure compliance with data access restrictions between systems. This security approach accommodates the complexities needed for health data access and benefits from existing, proven tools that are used for defense and national security applications.