Patient medical record is undoubtedly known to contain sensitive information and should therefore be guarded against any form of vulnerable attack. The motive behind Electronic Medical Record (EMR) is to electronically gather information that has to do with patients from different departments in any given hospital, medical insurance company or a typical standard clinic. Obviously, EMR has provided in no small measure various benefits for health services through optimum savings in terms of cost, efficiency, reasonable turnaround time, precision and speed. Despite these benefits, EMR poses great security and privacy challenges due to the fact that all patients’ medical records are maintained and sustained in a centralized system which as a result may inadvertently, deliberately and carelessly be accessed, modified, manipulated, altered or misused by illegal and unauthorized parties. To circumvent these challenges therefore, this work proposes a Flexible Column-Based Access Control (FCBAC) model for EMR. This model is proposed since EMR has its sensitive information stored in columns in the database system. The objective is to achieve privacy and security of patients’ data by enforcing access restrictions and control policies on sensitive and valuable information in these columns. The work describes the design of a novel and efficient architecture which was used to investigate and implement FCBAC. This architecture was implemented using the PostgreSQL database server. The results obtained showed the efficiency of FCBAC in securing patient information. The results reveal that the prototype is effective, reliable and efficient as aimed at achieving framework for access control, security and privacy

Keywords: Patient, Medical record, Privacy, Access control, Column-based.