An enhancement of the Role-Based Access Control model to facilitate information access management in context of team collaboration and workflow

Xuan Hung Le, Terry Doll, Monica Barbosu, Amneris Luque, Dongwen Wang

Research output: Contribution to journalArticle

36 Scopus citations


Although information access control models have been developed and applied to various applications, few of the previous works have addressed the issue of managing information access in the combined context of team collaboration and workflow. To facilitate this requirement, we have enhanced the Role-Based Access Control (RBAC) model through formulating universal constraints, defining bridging entities and contributing attributes, extending access permissions to include workflow contexts, synthesizing a role-based access delegation model to target on specific objects, and developing domain ontologies as instantiations of the general model to particular applications. We have successfully applied this model to the New York State HIV Clinical Education Initiative (CEI) project to address the specific needs of information management in collaborative processes. An initial evaluation has shown this model achieved a high level of agreement with an existing system when applied to 4576 cases (kappa = 0.801). Comparing to a reference standard, the sensitivity and specificity of the enhanced RBAC model were at the level of 97-100%. These results indicate that the enhanced RBAC model can be effectively used for information access management in context of team collaboration and workflow to coordinate clinical education programs. Future research is required to incrementally develop additional types of universal constraints, to further investigate how the workflow context and access delegation can be enriched to support the various needs on information access management in collaborative processes, and to examine the generalizability of the enhanced RBAC model for other applications in clinical education, biomedical research, and patient care.

Original languageEnglish (US)
Pages (from-to)1084-1107
Number of pages24
JournalJournal of Biomedical Informatics
Issue number6
StatePublished - Dec 1 2012



  • Access control
  • Computation model
  • Computer supported cooperative work
  • Information management
  • Medical education
  • Workflow

ASJC Scopus subject areas

  • Computer Science Applications
  • Health Informatics

Cite this