ORIGINAL RESEARCH An access control model to minimize the data exchange in the information retrieval Mario Sicuranza 1,2 • Angelo Esposito 1,2 • Mario Ciampi 2 Received: 1 December 2014 / Accepted: 16 March 2015 Ó Springer-Verlag Berlin Heidelberg 2015 Abstract In healthcare the fast retrieval of clinical infor- mation on a patient can be vital, for example in an emer- gency, and allows anyway, in normal situations, an improvement in the service of care and a consequent sig- nificant reduction in costs (for example, eliminating the need to repeat medical examinations). Health information systems, and in particular Electronic Health Record Sys- tems, enable clinical information to be found quickly and in a distributed environment. The information should be available only to authorized users, because much of it is sensitive. For this reason, it is necessary to use a mechanism that realizes access control, the main goal of which is to guarantee the confidentiality and integrity of the data, and to allow the definition of security rules which reflect the need for the privacy of the patients. In this work, we show the designed GUIs, which use the innovative access control system defined. GUIs allow patients to define in a detailed and clear manner the access rules concerning their clinical information, both in document and data form. The main innovation of this work is to provide the ability to protect the resources (documents and clinical data) of the system by presenting only the content of the information needed depending on the type of request made directly by the pa- tients, the content being extrapolated from the resource re- quest. This feature allows the definition of an access control model that increases the patients trust in the EHR system. Keywords Electronic health record Á Access control model Á Principle of least privilege Á Information retrieval 1 Introduction An Electronic Health Record System (EHR-S) is a health information system whose aim is to collect and distribute electronic clinical documents and data about an indi- vidual’s lifetime health status (Kilic and Dogac 2009), allowing the information retrieval of patients’ clinical information for health-care reasons. Documents and data managed by an EHR-S contain sensitive information, and for this reason the system has to be protected from unauthorized access. It is therefore necessary to ensure: (1) the confidentiality of the clinical documents and data, (2) the patient’s privacy, (3) the integrity and quality of the data and documents, and (4) the availability of the information to the authorized users. A widely used mechanism to meet these requirements is Access Control (AC). In an EHR-S, such a mechanism is used to limit the access (only to the authorized users) and to indicate who is allowed to operate on the clinical data and documents and how such data can be manipulated. This paper is to be considered as an extension of our previous work (Si- curanza et al. 2014a), in which we have presented an advanced AC model for an EHR-S. The proposal com- bines several useful properties for EHR systems, inherited from models known in the literature, with additional & Mario Sicuranza mario.sicuranza@na.icar.cnr.it Angelo Esposito angelo.esposito@na.icar.cnr.it Mario Ciampi mario.ciampi@na.icar.cnr.it 1 Department of Engineering, University of Naples ‘‘Parthenope’’, Naples, Italy 2 Institute of High Performance Computing and Networking, National Research Council of Italy, ICAR-CNR, Naples, Italy 123 J Ambient Intell Human Comput DOI 10.1007/s12652-015-0275-x