Ontological Templates for Regulating Access to Sensitive Medical Data in the Cloud

Abstract

By embracing the cloud computing paradigm for storing and processing electronic medical records (EMRs), modern healthcare providers are able to realise significant cost savings. However, relinquishing control of sensitive medical data by delegating their storage and processing to third-party cloud providers naturally raises significant security concerns. One way to alleviate these concerns is to devise appropriate policies that infuse adequate access controls in cloud services. Nevertheless, the heterogeneous nature of these services, coupled with the dynamicity inherent in cloud environments, hinder the formulation of effective and interoperable policies that are appropriate for the underlying domain of application. To this end, this work adopts the ontological templates proposed in [5] for the representation of access control policies in the medical sector. By capturing the knowledge that must be infused into an access control policy, these templates sufficiently address the needs of the underlying domain of application in which such a policy is to be enforced; at the same time, they facilitate developers in infusing adequate access controls to their cloud applications.