A novel use of RBAC to protect privacy in distributed health care information systems

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 2727 LNCS, Issue , 2003, Pages 403-415

  Reid, Jason ^a   Cheong, Ian ^a   Henricksen, Matthew ^a   Smit, Jason ^a  

^a QUEENSLAND UNIVERSITY OF TECHNOLOGY   (Australia)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS POLICIES; CONTROL FRAMEWORKS; CONTROL REQUIREMENTS; HEALTH CARE INFORMATION SYSTEMS; HEALTH INFORMATIONS; INFORMATION NETWORKS; MEDICAL INFORMATION SYSTEMS; PERSONAL HEALTHS; RBAC MODELS; ROLE-BASED ACCESS CONTROLS; SUPPORT POLICIES; CONTROL FRAMEWORK; HEALTH CARE INFORMATION SYSTEM; PERSONAL HEALTH INFORMATIONS; ROLE-BASED ACCESS CONTROL;

HEALTH; HEALTH CARE; INFORMATION SERVICES; INFORMATION SYSTEMS; MEDICAL COMPUTING; SECURITY SYSTEMS; ACCESS CONTROL; SECURITY OF DATA;

ACCESS CONTROL; MEDICAL INFORMATION SYSTEMS;

EID: 63449110864     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/3-540-45067-X_35     Document Type: Conference Paper

References (16)

1. J. Bacon, M. Lloyd, and K. Moody. Translating role-based access control policy within context. In Policy 2001, Workshop on Policies for Distributed Systems and Networks, pages 107-120. Springer-Verlag, 2001.
2. Y. Bartal, A. J. Mayer, K. Nissim, and A. Wool. Firmato: A novel firewall management toolkit. In IEEE Symposium on Security and Privacy, pages 17-31, 1999.
3. R. Chandramouli. A framework for multiple authorization types in a healthcare application system. In 17th Annual Computer Security Applications Conference (ACSAC), December 2001.
4. R. Clarke. e-Consent: a critical element of trust in e-business. In 15th Bled Electronic Commerce Conference. e-Reality: Constructing the e-Economy - Research Volume, 2002.
5. E. Coeira. "e-Consent" Consumer Consent in Electronic Health Data Exchange, downloaded from http://www.health.gov.au/hsdd/primcare/it/pdf/ coiera.pdf on 3 February 2003.
6. I. Denley and S. Weston Smith. Privacy in clinical information systems in secondary care. British Medical Journal, 318:1328-1331, May 1999.
7. D. Ferraiolo, J. Barkley, and D. Kuhn. A role-based access control model and reference implementation within a corporate intranet. ACM Transactions on Information and System Security, 2(1):34-64, February 1999.
8. D. Ferraiolo, J. Cugini and R. Kuhn. Rol based access control (RBAC): Features and motivations. In Annual Computer Security Applications Conference. IEEE Computer Society Press, 1995.
9. D. Ferraiolo and R. Kuhn. Role-based access controls. In 15th NIST-NCSC National Computer Security Conference, pages 554-563, 1992.
10. D. Ferraiolo, R. Sandhu, S. Gavrila, D. Kuhn, and R. Chandramouli. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC), 4(3):224-274, 2001.
11. L. Giuri and P. Iglio. A formal model for role-based access control with constraints. In 9th IEEE Computer Security Foundations Workshop, pages 136-145, 1996.
12. R.J. Hayton, J.M. Bacon, and K. Moody. Access control in an open distributed environment. In 19th IEEE Computer Society Symposium on Research in Security and Privacy, pages 3-14.
13. J. J. Longstaff, M. A. Lockyer, and M. G. Thick. A model of accountability, confidentiality and override for healthcare and other applications. In 5th ACM workshop on Role-based access control, pages 71-76. ACM Press, 2000.
14. I. Mavridis, G. Pangalos, and M. Khair. eMEDAC: Role-based access control supporting discretionary and mandatory features. In 13th IFIP WG 11.3 Working Conference on Database Security, 1999.
15. T. Rindfleisch. Privacy, information technology, and health care. Communications of the ACM, 40(8):93-100, August 1997.
16. R. Simon and M. E. Zurko. Separation of duty in role-based environments. In IEEE Computer Security Foundations Workshop, pages 183-194, 1997.