Authorisation and access control for electronic health record systems

Blobel, Bernd

doi:10.1016/j.ijmedinf.2003.11.018

Cited by 139 publications

(66 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Within healthcare, access to sensitive information is usually required by different professionals (e.g. GPs, doctors, nurses, administrative personnel) so access control to EMR can be very complex and hard to define and implement properly, and should start with the definition of structured and formal access control policies as well as access control models [9]. Ultimately, access control is closely related to the definition of a system's workflow how the system is to be used and how the tasks are to be performed.…”

Section: The Introduction Of Electronic Medical Record (Emr) Systems mentioning

confidence: 99%

Grounding information security in healthcare

Ferreira

Antunes

Chadwick

et al. 2010

International Journal of Medical Informatics

View full text Add to dashboard Cite

PurposeThe objective of this paper is to show that grounded theory (GT), together with mixed methods, can be used to involve healthcare professionals in the design and definition of access control policies to EMR systems. MethodsThe mixed methods applied for this research included, in this sequence, focus groups (main qualitative method that used grounded theory for the data analysis) and structured questionnaires (secondary quantitative method). ResultsResults showed that the presented methodology can be used to involve healthcare professionals in the definition of access control policies to EMR systems and explore these issues in a diversified and integrated way. The methodology allowed for the generation of great amounts of data in the beginning of the study and in a short time span. Results from the applied methodology revealed a first glimpse of the theories to be generated and integrated, with future research, into the access control policies. ConclusionsThe methodological research described in this paper is very rarely, if ever, applied in developing security tools such as access control. Nevertheless, it can be an effective way of involving healthcare professionals in the definition of access control policies and in making information security more grounded into their workflows and daily practices.

show abstract

Section: The Introduction Of Electronic Medical Record (Emr) Systems mentioning

confidence: 99%

Grounding information security in healthcare

Ferreira

Antunes

Chadwick

et al. 2010

International Journal of Medical Informatics

View full text Add to dashboard Cite

show abstract

“…Getting to know people's state of health, etiopathology or congenital diseases could give them a remarkable competitive advantage. Each individual whose data are stolen could get into serious trouble (Blobel, 2004). As a consequence patients could possibly get significant issues when taking out a loan or trying to find insurance (Anderson, 2001).…”

Section: Introductionmentioning

confidence: 99%

Security Analysis of the German Electronic Health Card’s Peripheral Parts

Sunyaev

Kaletsch

Mauro

et al. 2009

Proceedings of the 11th International Conference on Enterprise Information

View full text Add to dashboard Cite

Abstract:This paper describes a technical security analysis which is based on experiments done in a laboratory and verified in a physician's practice. The health care telematics infrastructure in Germany stipulates every physician and every patient to automatically be given an electronic health smart card (for patients) and a corresponding health professional card (for health care providers). We analyzed these cards and the peripheral parts of the telematics infrastructure according to the ISO 27001 security standard. The introduced attack scenarios show that there are several security issues in the peripheral parts of the German health care telematics. Based on discovered vulnerabilities we provide corresponding security measures to overcome these open issues and derive conceivable consequences for the nation-wide introduction of electronic health card in Germany.

show abstract

“…useful roles), which define the authorizations for viewing specific patient data categories [13]. Typically, the collected information is available to all "members of medical staff", which effectively results in an umbrella authorization.…”

Section: Introductionmentioning

confidence: 99%

“…For a few years now, the broader community has realized and advocated the need for fine-grained access control. This view is shared by both academic researchers [14][15][16] and medical professionals [17,13].…”

Section: Introductionmentioning

confidence: 99%

Towards Improved Privacy Policy Coverage in Healthcare Using Policy Refinement

Bhatti

Grandison

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. It is now mandatory for healthcare organizations to specify and publish their privacy policies. This has made privacy management initiatives in the healthcare sector increasingly important. However, several recent reports in the public media and the research community about healthcare privacy [1,2] indicate that the use of privacy policies is not necessarily a strong indication of adequate privacy protection for the patient. These observations highlight the fact that the current state of privacy management in healthcare organizations needs improvement. In this paper, we present PRIMA, a PRIvacy Management Architecture, as a first step in addressing this concern. The fundamental idea behind PRIMA is to exploit policy refinement techniques to gradually and seamlessly embed privacy controls into the clinical workflow based on the actual practices of the organization in order to improve the coverage of the privacy policy. PRIMA effectively enables the transition from the current state of perceived to be privacy-preserving systems to actually privacy-preserving systems.

show abstract

Authorisation and access control for electronic health record systems

Cited by 139 publications

References 3 publications

Grounding information security in healthcare

Grounding information security in healthcare

Security Analysis of the German Electronic Health Card’s Peripheral Parts

Towards Improved Privacy Policy Coverage in Healthcare Using Policy Refinement

Contact Info

Product

Resources

About