Vamsy Priya Anne, Venkata Santosh Chadalavada | International Journal of Software Computing and Testing | Vol 11, Issue 1 | pp. 20-28 | ISSN: 2456-2351
Abstract
Access management is a critical component in firms wishing to abide by strict data protection standards, like the GDPR and HIPAA, but this paper access management regulation requirement in a more contextualized manner regarding GDPR and HIPAA, ending with the recommendation of an overall framework to enforce compliance. It provides best practices regarding data access, user authentication, and monitoring strategies that correspond to changing demands for such regulations. The paper integrates diverse access control models, such as the Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) to suggest a unified approach to the management of data access across multiple jurisdictions. The paper also presents an empirical case study and data for critical evaluation of the practical feasibility of the proposed framework. Several findings presented a seriousness that the organizations face to meet with the requirements of complying with several regulations, which, therefore, call for adaptable access control systems. The paper proceeds with practicable recommendations to organizations on how to both streamline access management and protect sensitive information.
Keywords:Access management, compliance, GDPR, HIPAA, data protection, regulatory compliance, information security
Keywords
Access management, regulatory compliance, data protection, information security, compliance, GDPR, HIPAA
π This is a subscription article
Full text is available to subscribers and institutional members. Please choose an option below to access it.
SubscribePurchase this articleInstitutional / Login accessReferences
- Office. The Security Rule. HHS.gov. 2009. Available from: https://www.hhs.gov/hipaa/for-professionals/security/index.html
- Said A, Yahyaoui A, Abdellatif T. HIPAA and GDPR compliance in IoT healthcare systems. In: International Conference on Model and Data Engineering; 2023 Nov 2. Cham: Springer Nature Switzerland; 2023. p. 198β209.
- Regulation GD. General data protection regulation (GDPR) β official legal text. Gen Data Prot Regul. 2016.
- Marquis YA. From theory to practice: implementing effective role-based access control strategies to mitigate insider risks in diverse organizational contexts. J Eng Res Rep. 2024 Apr 10;26(5):138β54.
- Motta GH, Furuie SS. A contextual role-based access control authorization model for electronic patient record. IEEE Trans Inform Technol Biomed. 2003 Sep 8;7(3):202β7.
- Aftab MU, Hamza A, Oluwasanmi A, Nie X, Sarfraz MS, Shehzad D, Qin Z, Rafiq A. Traditional and hybrid access control models: a detailed survey. Secur Commun Networks. 2022;2022:1560885.
- Ferraiolo D, Kuhn DR. Role-Based Access Controls. ResearchGate. 2009. Available from: https://www.researchgate.net/publication/24164143_Role-Based_Access_Controls
- Khan JA. Role-based access control (RBAC) and attribute-based access control (ABAC). In: Improving Security, Privacy, and Trust in Cloud Computing; 2024. p. 113β126. IGI Global.
- Daoudagh S. The GDPR compliance through access control systems [dissertation]. University of Pisa, Italy; July 2021. p. 1β206.
- Liu V, Caelli W, May L. Strengthening legal compliance for privacy in electronic health information systems: a review and analysis. In: Proceedings of the National E-Health Privacy and Security Symposium; 2006. p. 51β66. QUT.
- Piras L, Al-Obeidallah MG, Pavlidis M, Mouratidis H, Tsohou A, Magkos E, et al. A data scope management service to support privacy by design and GDPR compliance. J Data Intell. 2021 Jun 30;2(2):136β65.
- Brauneck A, Schmalhorst L, Kazemi Majdabadi MM, Bakhtiari M, VΓΆlker U, Baumbach J, et al. Federated machine learning, privacy-enhancing technologies, and data protection laws in medical research: scoping review. J Med Internet Res. 2023 Mar 30;25:e41588.
- Boughrous M, El Bakkali H. A comparative study on access control models and security requirements in workflow systems. In: International Conference on Innovations in Bio-Inspired Computing and Applications; 2017 Dec 11. Cham: Springer International Publishing; 2017. p. 361β373.
- Daoudagh S, Marchetti E. The GDPR compliance and access control systems: challenges and research opportunities. In: ICISSP 2022; 2022. p. 571β578.
- Sharma A, Rana NP, Nunkoo R. Fifty years of information management research: a conceptual structure analysis using structural topic modeling. Int J Inform Manag. 2021 Jan 22;58:102316. Available from: https://www.sciencedirect.com/science/article/abs/pii/S0268401221000098?via %3Dihub
- RBAC vs. ABAC: the complete guide - Satori. Satori. 2023. Available from: https://satoricyber.com/data-protect-guide/rbac-vs-abac-the-complete-guide/
How to cite this article
@article{AnneVP2025,
author = {Vamsy Priya Anne and Venkata Santosh Chadalavada},
title = {Access Management in Compliance: Navigating GDPR, HIPAA, and Beyond},
journal = {International Journal of Software Computing and Testing},
year = {2025},
volume = {11},
number = {1},
pages = {20--28},
issn = {2456-2351},
url = {https://journalspub.com/publication/ijsct/article=18188}
}