Securing Sensitive Patient Information with Relationship-Based Access Control (ReBAC) in Neo4j

At a major medical center, managing access to sensitive patient health information is a critical concern. To ensure that patient data is protected, the center has implemented a Relationship-Based Access Control (ReBAC) system using Neo4j, which provides a flexible and granular approach to managing access control.

The ReBAC system includes four key roles: doctors, patients, nurses, and billing administrators. Doctors and nurses need to access patient medical records to provide treatment, while billing administrators require access to medical records for billing purposes. However, access to sensitive information must be carefully controlled to ensure that only authorized personnel can view and update patient data.

To implement the ReBAC system, entities are defined as nodes, and relationships are defined as edges within a Neo4j graph database. Relationships include doctors treating patients and prescribing medicine, patients having medical records containing sensitive health information, nurses treating patients and taking orders from doctors, and billing administrators requiring access to medical records for billing purposes.

Access policies have been defined for each role within the ReBAC system. Doctors can view and update patient health information for their own patients. Nurses can view and update patient health information for patients within their own department. Billing administrators can view medical records for billing purposes, but not sensitive health information.

Access policies are implemented in the ReBAC system using properties on nodes and edges as well as the “relationships” between the nodes. For example, a “role” property is assigned to a doctor node to specify that the doctor has the role of “treating physician” and is allowed to view and update patient health information for their own patients.

Here are some sample Cypher queries that demonstrate how access policies are enforced within the ReBAC system:

Grant a doctor access to a patient’s health information if they have a relationship in the knowledge graph that is labeled “TREATS”::

MATCH (d:Doctor)-[:TREATS]->(p:Patient)-[:HAS_RECORD]->(r:MedicalRecord)

WHERE = ‘doctor_123’ AND = ‘patient_456’


Grant a nurse access to patient health information within their department:

MATCH (nurse:Nurse)-[:TREATS]->(patient:Patient)-[:HAS_RECORD]->(record:MedicalRecord)-[:BELONGS_TO]->(department:Department)

WHERE = ‘Jane Smith’ AND = nurse.department

SET nurse.can_view_health_info = true

SET nurse.can_update_health_info = true

Grant a billing administrator access to medical records for billing purposes:

MATCH (admin:BillingAdmin)-[:NEEDS_ACCESS]->(record:MedicalRecord)-[:BELONGS_TO]->(department:Department)

WHERE = ‘Bob Johnson’

SET admin.can_view_medical_info = true

Retrieve all medical records for a patient:

MATCH (patient:Patient)-[:HAS_RECORD]->(record:MedicalRecord)

WHERE = ‘John Doe’

RETURN record

Retrieve all doctors that a patient has access to:

MATCH (patient:Patient)-[:TREATS]->(doctor:Doctor)

WHERE = ‘John Doe’ AND doctor.can_view_health_info = true


By using Cypher queries to evaluate access policies based on the relationships between the nodes in the graph, the ReBAC system ensures that only authorized users can view and update sensitive information in the system.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top