Personalized access control for a personally controlled health record
作者: Lillian Røstad , Øystein Nytrø
关键词: Access control 、 Computer science 、 Control (management) 、 Internet privacy 、 Discretionary access control 、 Health care 、 Physical access 、 Information system 、 Role-based access control 、 Computer security 、 Computer access control
摘要: Access control is a key feature of healthcare systems. Up until recently most information systems have been local to facility and accessible only clinicians. Currently there move towards making health more patients. One example the Personally Controlled Health Record (PCHR) where patient in charge deciding who gets access information. In PCHR administrator control. While it certainly possible create roles representing people patients would want share with, like primary physician, also likely, desirable, afford high level freedom be able specialized policies tailored their personal wishes. We entitle this personalized paper we present semi-formal model for how believe may realized. The draws on combines properties concepts both Role-Based Control (RBAC) Discretionary (DAC) achieve desired properties. Throughout use as motivating explain our reasoning practical model.
acm.org
truststc.org参考文章(5)
M.A. Al-Kahtani, R. Sandhu, Rule-based RBAC with negative authorization annual computer security applications conference. pp. 405- 415 ,(2004) , 10.1109/CSAC.2004.32
K. D Mandl, Public standards and patients' control: how to keep electronic medical records accessible but private. BMJ. ,vol. 322, pp. 283- 287 ,(2001) , 10.1136/BMJ.322.7281.283
Lillian R, An Initial Model and a Discussion of Access Control in Patient Controlled Health Records availability, reliability and security. pp. 935- 942 ,(2008) , 10.1109/ARES.2008.185
Sylvia Osborn, Ravi Sandhu, Qamar Munawer, Configuring role-based access control to enforce mandatory and discretionary access control policies ACM Transactions on Information and System Security. ,vol. 3, pp. 85- 106 ,(2000) , 10.1145/354876.354878
Matthew I Kim, Kevin B Johnson, Personal health records: evaluation of functionality and utility. Journal of the American Medical Informatics Association. ,vol. 9, pp. 171- 180 ,(2002) , 10.1197/JAMIA.M0978