Breaking the Glass – Using XACML to Implement HIPAA Regulations

Break the Glass Scenario

 By default users have access to what they need to get access to.

  • Example authorization policy: doctors can view the medical records of their patients.

Sometimes, though, in the case of an emergency, users need access to information they don’t normally have access to. This is where the ‘break-the-glass’ scenario comes in.

For instance, Ingrid lives in the southern parts of Sweden. Her family physician, Gunilla, is based at Ingrid’s local hospital. Gunilla can see all of Ingrid’s medical records and history.

Ingrid goes off to the northern parts of Sweden to enjoy the Nordic Lights. Unfortunately, as she steps off the train, she slips on an ice sheet, falls, and breaks her leg. She is rushed to a local hospital in the northern parts of Sweden where Dr. Bengt is in charge. He now needs to access her medical record. But when he tries, he gets access denied for he is not Ingrid’s assigned physician.

Policy Structure of a Break the Glass Scenario

In addition to the standard authorization policy aforementioned, we need to add 2 new policies or rules:

  • A policy which denies access and informs the user that they can get access if this is an emergency situation.
  • A policy which grants any doctor access to a medical record if they declare this is an emergency, this is called breaking the glass.

The two rules use obligations:

  • The obligation in the first policy is used to inform the user how to get access, i.e. how to break the glass.
  • The obligation in the second policy is used for accountability. We want to log the fact that the doctor was granted access to a medical record they wouldn’t normally have had access to.

The final structure is as follows:

  • The first policy grants access under normal conditions:
    • Doctors can view medical records of their assigned patients.
  • The second policy grants access under emergency conditions:
    • Doctors can view any medical record under emergency conditions + obligation to log the emergency access.
  • The third policy denies access and returns an obligation that displays a message to the end user explaining how to break the glass.

Other Blogs

3 keys to re-evaluate your authorization management
On May 27, I had the pleasure to join the KuppingerCole KCLive event with several industry peers in a panel discussion about  “Enabling the Future...
How OAuth is related to Attribute Based Access Control
What is Authorization? Authorization, also referred to as Access Control, is the process that follows authentication (which checks your identity and ensures that you are...
Modern Enterprise Authorization Management System
Gartner has an interesting article titled “Modernize Your Runtime Authorization” that highlights some aspects you need from a modern enterprise authorization systems. Over the years...