Alternative Approaches for Supporting Lattice-based Access Control (LBAC) in the Fast Healthcare Interoperability Resources (FHIR) Standard

Steven Demurjian, Thomas Agresta, Eugene Sanzi, John DeStefano


A major challenge in the healthcare industry is the selective availability, at a fine-grained level of detail, of a patient’s data to the various clinicians, nurses, specialists, home health aides, family members, etc. where the decision of who can see which information at which times is controlled by a patient. The information includes: contact and demographics, current conditions, medications, test results, past medical history, history of substance abuse and treatment, mental health information, sexual health information, records relating to domestic violence, reproductive health records, and genetic information. To control sensitivity, multi-level security (MLS) using lattice-based access control (LBAC) can be used to extend the traditional linear sensitivity levels of mandatory access control with the ability to define a complex lattice of sensitivity categorizations suitable for the wide variety of the aforementioned information types. This paper applies and extends our prior work on multi-level security for healthcare using LBAC by exploring alternative approaches to integrate this approach into the Fast Healthcare Interoperability Resources (FHIR) standard at the specification level of the standard.


Paper Citation