Context identifies a specific condition by considering the circumstances where an event arises. Each contextual attribute serves as a quantitative primitive, like the location of the requestor. Attributes in ABAC are divided in the four following categories [24]: i) subject attributes identify the user requesting access, like age; ii) action attributes identify the requested action like read; (c) object attributes identify the resource of access like a medical record; and (d) environment attributes are related with factors of dynamic access control, like time.
In the healthcare domain, contextual information that identifies a patient’s medical critical condition should be characterized in managing access to the medical sensitive data so as to assure the most effective treatment. Correspondingly, the implementation of access control models that incorporate the context notion, like the concept of dynamically altering contextual attributes that characterize the current status, is needed. More particularly, context is deemed as any information identifying the status of an entity, like an object, place or person, based on the relation between a requestor and an application [25]. Using contextual information assists the implementation of access control policies by considering the conditions of access requests’ evaluation. As an example, in emergency cases, an emergency medical professional intends to access the patient’s medical information to efficiently address a critical situation. The values of contextual information are collected, for example, from IoT devices, like a wearable which measures blood pressure. In emergency situations, the emergency healthcare teams must be able to gain access instantly to the patients’ healthcare records.
We reviewed the following works to identify context-based information for facilitating the evaluation of critical healthcare conditions. Nomikos et al. [26] examined patients’ conditions using attributes, like the time when the stroke happened, the age, the DBP, the SBP, the Glasgow and the Scandinavian coma scales that characterize the patient’s consciousness level. Mahmood et al. [27] estimated the crisp values of blood pressure parameters from the HR. Djam et al. [28] proposed a fuzzy expert system for the hypertension management utilizing the fuzzy logic paradigm. As fuzzy inputs, BMI, age, DBP, and SBP were deemed to estimate the risk for hypertension.
Manasa et al. [16] considered contextual attributes like the patient’s medical history, allergies, prescriptions, and basic profile. Furthermore, an emergency attribute is considered for emergency access. Α fuzzy expert system for estimation of heart diseases, that utilizes the approach of cuckoo search, is suggested by Moameri et al. [29] by considering the attributes of age, type of chest pain, blood pressure, electrocardiogram results, maximum HR, and cholesterol level.
Few studies take under consideration users’ specificities for the evaluation of access policies. For instance, the increased HR is considered as critical for a specific patient in case that his healthcare situation, his activity levels or his age are taken into account. Zerkouk et al. [30] suggested an adaptable access control paradigm and its related architecture, where the security policy is based on an analysis of the user’s monitored behavior. Røstad et al. [31] introduced a mechanism for personalized access control in health records. Their scheme combines properties and concepts of RBAC and DAC to manage the desired properties. Additionally, they deem a set of common policies that cannot be edited by the patient, along with a set of personal policies updated by the patient. Petković et al. [32] suggested security and privacy enhancements in a RBAC paradigm. Their system includes personalized access control which is a combination of user-managed and role-based access control, along with a cryptographic enforcement, that includes effective key management for accessing medical data.
Son et al. [33] suggested a dynamic access control paradigm, for preserving the personal health information security in a cloud environment by considering contextual attributes for dynamic access. Their model utilizes the ontological concept of 5W1H to process context-based attributes for dynamic access. Their approach refers to the dynamic access control in medical sector.