Regulating exceptions in healthcare using policy spaces

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5094 LNCS, Issue , 2008, Pages 254-267

  Ardagna, Claudio Agostino ^a   De Capitani Di Vimercati, Sabrina ^a   Grandison, Tyrone ^b   Jajodia, Sushil ^c   Samarati, Pierangela ^a  

^a UNIVERSITY OF MILAN   (Italy)

^b IBM ALMADEN RESEARCH CENTER   (United States)

^c GEORGE MASON UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL; HEALTH; HOSPITAL DATA PROCESSING; SECURITY SYSTEMS; HEALTH CARE; SECURITY OF DATA;

ACCESS-CONTROL MECHANISMS; ACCESS-CONTROL SYSTEMS; CONTROL SOLUTIONS; EMERGENCY SITUATIONS; HEALTH CARE ORGANIZATIONS; HEALTHCARE INDUSTRIES; PATIENT DATA; PRIORITIZATION;

CONTROL SYSTEMS; ACCESS CONTROL;

ACCESS CONTROL MECHANISM; CONTROL SOLUTIONS; EMERGENCY SITUATION; HEALTHCARE INDUSTRY; HEALTHCARE ORGANIZATIONS; PATIENT DATA; PRIORITIZATION;

EID: 50249144000     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-70567-3_20     Document Type: Conference Paper

References (20)

1. Ardagna, C., Cremonini, M., De Capitani di Vimercati, S., Samarati, P.: A privacy-aware access control system. Journal of Computer Security (JCS) (to appear, 2008)
2. Bettini, C., Jajodia, S., Wang, X.S., Wijesekera, D.: Provisions and obligations in policy management and security applications. In: Proc. of the 28th Conference Very Large Data Bases (VLDB 2002), Hong Kong, China, (August 2002)
3. Bhatti, R., Grandison, T.: Towards improved privacy policy coverage in healthcare using policy refinement. In: Proc. of the 4th VLDB Workshop on Secure Data Management 2007, Vienna, Austria (September 2007)
4. Bonatti, P., Damiani, E., De Capitani di Vimercati, S., Samarati, P.: An access control system for data archives. In: Proc. of the 16th International Conference on Information Security, Paris, France (June 2001)
5. Bonatti, P., Damiani, E., De Capitani di Vimercati, S., Samarati, P.: A component-based architecture for secure data publication. In: Proc. of the 17th Annual Computer Security Applications Conference (ACSAC 2001), New Orleans, Louisiana, USA (December 2001)
6. Bonatti, P., De Capitani di Vimercati, S., Samarati, P.: An algebra for composing access control policies. ACM Transactions on Information and System Security 5(1), 1-35 (2002)
7. Bonatti, P., Samarati, P.: A unified framework for regulating access and information release on the web. Journal of Computer Security (JCS) 10(3), 241-272 (2002)
8. Casassa Mont, M.: Dealing with Privacy Obligations: Important Aspects and Technical Approaches. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2004. LNCS, vol. 3184, Springer, Heidelberg (2004)
9. Casassa Mont, M., Beato, F.: On parametric obligation policies: Enabling privacy-aware information lifecycle management in enterprises. In: Proc. of the 8th IEEE Workshop on Policies for Distributed Systems and Networks (Policy 2007), Bologna, Italy (June 2007)
10. eXtensible Access Control Markup Language (XACML) Version 2.0 (February 2005), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec- os.pdf
11. Gert, H.: How are emergencies different from other medical situations? The Mount Sinai Journal OF Medicine - Issues in Medical Ethics Conference on Special Challenges of Emergency Medicine 72(4), 216-220 (2005)
12. Grandison, T., Davis, J.: The impact of industry constraints on model-driven data disclosure controls. In: Proc. of the 1st International Workshop on Model-Based Trustworthy Health Information Systems (MOTHIS) 2007, Nashville, Tennessee, USA (September 2007)
13. Gupta, S., Mukherjee, T., Venkatasubramanian, K.: Criticality aware access control model for pervasive applications. In: Proc. of the Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM 2006), Pisa, Italy (March 2006)
14. Han, M., Thiery, T., Song, X.: Managing exceptions in the medical workflow systems. In: Proc. of the 28th international conference on Software engineering (ICSE 2006), Shanghai, China (May 2006)
15. Health Insurance Portability and Accountability Act, http://www.dhhs.gov/ ocr/hipaa/
16. Jajodia, S., Samarati, P., Sapino, M., Subrahmanian, V.: Flexible support for multiple access control policies. ACM Trans. Database Syst. 26(2), 214-260 (2001)
17. Keppler, D., Swarup, V., Jajodia, S.: Redirection policies for mission-based information sharing. In: Proc. of the ACM Symposium on Access control Models and Technologies (SACMAT 2006), Lake Tahoe, California, USA (June 2006)
18. Reichert, M., Dadam, P.: Adeptflex-supporting dynamic changes of workflows without losing control. Journal of Intelligent Information Systems (JIIS) 10(2), 93-129 (1998)
19. Rostad, L., Edsberg, O.: A study of access control requirements for healthcare systems based on audit trails from access logs. In: Proc. of the 22nd Annual Computer Security Applications Conference on Annual Computer Security Applications Conference (ACSAC 2006) (December 2006)
20. Sandhu, R., Ferraiolo, D., Kuhn, D.: The NIST model for role based access control: Towards a unified standard. In: Proc. of the 5th ACM Workshop on Role Based Access Control, Berlin, Germany (July 2000)