Formal policies for flexible EHR security

Studies in Health Technology and Informatics

Volumn 121, Issue , 2006, Pages 307-316

  Blobel, Bernd ^a   Pharow, Peter ^a  

^a UNIVERSITY OF REGENSBURG   (Germany)

Author keywords

Access control; Authorisation; Meta languages Security; Model Driven Architecture; Policy; Privacy

Indexed keywords

ACCESS CONTROL; BIOASSAY; DATA PRIVACY; HEALTH; INFORMATION SYSTEMS; PUBLIC POLICY; SOFTWARE ARCHITECTURE; SOFTWARE DESIGN;

ARCHITECTURAL COMPONENTS; AUTHORISATION; CONTEXTUAL INFORMATION; FINE-GRAINED SECURITIES; HEALTH INFORMATION SYSTEMS; META LANGUAGE; MODEL DRIVEN ARCHITECTURES; PERSONAL HEALTH INFORMATIONS;

INFORMATION USE;

ARTICLE; COMPUTER NETWORK; COMPUTER PROGRAM; COMPUTER SECURITY; CONFIDENTIALITY; HUMAN; MANAGEMENT; MEDICAL RECORD; POLICY; SOCIAL CONTROL; STANDARD; SYSTEM ANALYSIS; WRITING;

AUTHORSHIP; COMPUTER COMMUNICATION NETWORKS; COMPUTER SECURITY; CONFIDENTIALITY; HUMANS; MEDICAL RECORDS SYSTEMS, COMPUTERIZED; ORGANIZATIONAL POLICY; PATIENT IDENTIFICATION SYSTEMS; SOCIAL CONTROL, FORMAL; SOFTWARE; SYSTEMS INTEGRATION;

EID: 39049189023     PISSN: 09269630     EISSN: 18798365     Source Type: Book Series    
DOI: None     Document Type: Conference Paper

References (28)

1. Blobel B, Roger-France F: A Systematic Approach for Analysis and Design of Secure Health Information Systems.International Journal of Medical Informatics 62 (2001) 3, pp.51-78.
2. Castano S, Fugini M, Martella G, Samarati P: Database Security.Addison-Wesley Publishing Company, Wokingham 1995.
3. Sandhu RS, Coyne EJ, Feinstein HL, Youman CE (1996) Role-based access control models.IEEE Computer 29 (2) 2001, 38-47, Febr.1996.
4. Neumann G, Strembeck M: A Scenariodriven Role Engineering Process for Functional RBAC Roles.Proceedings of SACMAT'02, June 34, 2002, Monterey, California, USA.ACM 1581134967/02/0006
5. Blobel B.Analysis, Design and Implementation of Secure and Interoperable Distributed Health Information Systems.Series Studies in Health Technology and Informatics, Vol.89.Amsterdam: IOS Press, 2002.
6. Blobel B: Assessment of Middleware Concepts Using a Generic Component Model.Proceedings of the Conference "Toward An Electronic Health Record Europe '97", pp.221-228.London 1997.
7. ISO/IEC 10746 "Information technology-Open Distributed Processing-Reference Model".
8. Damianou N, Dulay N, Lupu E, Sloman M.Ponder: A Language for Specifying Security and Management Policies for Distributed Systems.The Language Specification, Version 2.3.Imperial College Research Report DoC 2000/1.20 October, 2000.
9. Health Level Seven Inc.: www.hl7.org
10. Siegel J: Quick CORBA® 3.John Wiley &Sons, New York, Chichester, Weinheim, Brisbane, Singapore, Toronto 2001.
11. Blobel B: Authorisation and Access Control for Electronic Health Record Systems.International Journal of Medical Informatics 73 (2004) pp.251-257.
12. Ferraiolo DF, Sandhu R, Gavrila S, Kuhn DR, Chandramouli R: Proposed NIST Standard for Role-Based Access Control.ACM Transactions on Information and system Security, Vol.4 No.3, August 2001, pp.224-274
13. Blaze M, Feigenbaum J, Keromytis AD: The KeyNote trust management system, RFC 2704, September 1999.See http://www.ietf.org/rfc/rfc2704.txt.
14. Ellison CM: SPKI requirements, RFC 2692, September 1999.See http://www.ietf.org/rfc/rfc2692.txt.
15. Halpern JY and Weissman V: Using first-order logic to reason about policies.In CSFW, pages 187-201, 2003.
16. Gunter C and Jim T: Policy-directed certificate retrieval.Software- Practice and Experience, 30(15):1609-1640, 2000.
17. Jim T: SD3: A trust management system with certified evaluation.In Proceedings of the 2001 IEEE Symposium on Security and Privacy, pages 106-115, 2001.
18. DeTreville J: Binder, a logic-based security language.In IEEE Symposium on Security and Privacy, pages 105-113, 2002.
19. Li N, Mitchell JC, Winsborough WH: Design of a role-based trust management framework.In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 114-130, 2002.
20. Bacon J, Moody K, Yao W: A model of OASIS role-based access control and its support for active security.ACM Transactions on Information and System Security, 5(4):492-540, 2002.
21. OASIS Inc.: http://docs.oasis-open.org
22. OASIS Inc.: http://docs.oasis-open.org/xacml/2.0/
23. OASIS Inc.: http://docs.oasis-open.org/saml/
24. Becker MY and Sewell P: Cassandra: distributed access control policies with tunable expressiveness.In IEEE 5th International Workshop on Policies for Distributed Systems and Networks, pages 159-168, 2004.
25. Becker MY: Information Governance in NHS's NPfIT: A Case for Policy Specification.Proceedings of the IMIA Working Conference "Secure eHealth: Managing Risk to Patient Data", 27-19 April 2006, Dijon, France.
26. Barkley JF, Kuhn DR, Rosenthal LS, Skall MW, Cincotta AV: Role-Based Access Control for the Web.http://hissa.ncsl.nist.gov/rbac/cals-paper.html.
27. Beale T.An interoperable knowledge methodology for future-proof information systems, 2001
28. Blobel B, Hoepner P, Joop R, Karnouskos S, Kleinhuis G, Stassinopoulos G: Using a privilege management infrastructure for secure web-based e-health applications.Computer Communications 26 (2003), pp.1863-1872.