Breaking the Glass – Using XACML to Implement HIPAA Regulations

Break the Glass Scenario

 By default users have access to what they need to get access to.

  • Example authorization policy: doctors can view the medical records of their patients.

Sometimes, though, in the case of an emergency, users need access to information they don’t normally have access to. This is where the ‘break-the-glass’ scenario comes in.

For instance, Ingrid lives in the southern parts of Sweden. Her family physician, Gunilla, is based at Ingrid’s local hospital. Gunilla can see all of Ingrid’s medical records and history.

Ingrid goes off to the northern parts of Sweden to enjoy the Nordic Lights. Unfortunately, as she steps off the train, she slips on an ice sheet, falls, and breaks her leg. She is rushed to a local hospital in the northern parts of Sweden where Dr. Bengt is in charge. He now needs to access her medical record. But when he tries, he gets access denied for he is not Ingrid’s assigned physician.

Policy Structure of a Break the Glass Scenario

In addition to the standard authorization policy aforementioned, we need to add 2 new policies or rules:

  • A policy which denies access and informs the user that they can get access if this is an emergency situation.
  • A policy which grants any doctor access to a medical record if they declare this is an emergency, this is called breaking the glass.

The two rules use obligations:

  • The obligation in the first policy is used to inform the user how to get access, i.e. how to break the glass.
  • The obligation in the second policy is used for accountability. We want to log the fact that the doctor was granted access to a medical record they wouldn’t normally have had access to.

The final structure is as follows:

  • The first policy grants access under normal conditions:
    • Doctors can view medical records of their assigned patients.
  • The second policy grants access under emergency conditions:
    • Doctors can view any medical record under emergency conditions + obligation to log the emergency access.
  • The third policy denies access and returns an obligation that displays a message to the end user explaining how to break the glass.

Related Articles

Meeting today’s dynamic authorization and access challenges: The Axiomatics story | Dynamically Speaking
Dynamically Speaking
For more than 15 years, Axiomatics has worked with companies worldwide to define and deliver solutions to the most complex authorization and access challenge. In...
Getting started with Zero Trust using dynamic authorization | Dynamically Speaking
Dynamically Speaking
Zero Trust. It’s everywhere. It’s a methodology that’s been around for years, and we are now seeing a significant uptick in the number of enterprises...
The case for dynamic authorization in banking and finance
Attribute Based Access Control (ABAC)
More than other organizations, banks, and financial institutions face the highest levels of scrutiny when it comes to how they protect critical assets and sensitive...