Enhancing healthcare service efficiency and compliance: A dynamic permission access control method for hospital environments based on I_ABRAC model.
Researchers
Minshi Wang, Min Xu, Min Zhou
Abstract
Hospital access control systems face unique challenges in environments with high staff mobility and overlapping roles. This study aims to develop and validate an Improved Attribute-Based Role Access Control (I_ABRAC) model to address role explosion, computational inefficiency, and compliance issues in healthcare settings. We proposed an I_ABRAC model incorporating three mechanisms: (1) an approval-permission dynamic coupling mechanism, (2) a rule number-driven incremental update algorithm, and (3) a permission-rule traceability framework. The model was validated using real-world de-identified operational data from a large tertiary teaching hospital in China, encompassing 60 access control rules, approximately 20,000 personnel, and over 2,000 access points. Experiments were conducted across 16 test scenarios under 24 configurations (8 personnel scales × 3 rule scales). The I_ABRAC model achieved a 68% reduction in required system roles compared to traditional models (from 176 to 56 roles) while demonstrating correct functional permission assignment across all 16 test scenarios. The optimized algorithm demonstrated an 83.3% improvement in processing efficiency (from 54.96±1.89s to 9.96±2.78s; p<0.001), with performance gains ranging from 81.9% to 83.9% across all 24 configurations (8 personnel scales * 3 rule scales, all p<0.001), confirming its scalability from departmental to hospital-wide deployments. The I_ABRAC framework effectively resolves core security and operational bottlenecks in hospital access control, provides technical mechanisms to support compliance with medical regulations, and supporting scalable applications such as IoT-based device access and multi-hospital systems.Source: PubMed (PMID: 42436891)View Original on PubMed