AC-AC: Dynamic revocable access control for acute care teams to access medical records

Acute care demands the collaboration of multiple healthcare professionals and various organisations. During an emergency, the availability of Electronic Medical Records (EMR) allows acute care teams to access a patient's data promptly, which facilitates the decision-making process. Cloud solutions offer an environment to store and share patients' EMR. However, security and privacy issues arise, which affect the availability of the patients' EMR. Inspired by a hybrid encryption scheme combining Dynamic index-based Symmetric Searchable Encryption (DSSE) and Attribute-Based Encryption (ABE), we proposed the data Access Control for Acute Care teams (AC-AC). AC-AC is a dynamic revocable access control protocol that enables break-glass access for an authorised member of an acute care team that is treating the patient. The proposed protocol allows a team to grant and revoke access for other teams to the patient's EMR dynamically according to the treatment's demands. We present a formal security analysis proving that AC-AC protocol is resilient to multiple attacks. Finally, we analysed the overhead in time complexity for the protocol execution and experimented with each algorithm. The experimental expected execution time for the AC-AC algorithms was below 170 ms, therefore feasible for an acute care timeline.