A Healthcare Information System with Augmented Access Controls
In the healthcare industry, the old paper-based record is becoming a thing of the past and more and more patient information is being transferred into the digital format, that is, Electronic Medical Record (EMR). It integrates heterogeneous information within the Healthcare Information Systems (HIS) stressing the need for augmented security, availability and access controls. We demonstrate our prototype system that incorporates the isolation and delegation components based on the real world HIS software OpenEMR. This system is targeted at enhancing the usability of contemporary HISs without degrading the system security.
KeywordsAccess Control Isolation Environment Access Control Model Healthcare Information System Delegation Component
Unable to display preview. Download preview PDF.
- 1.Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. on Information and System Security (TISSEC), 224–274 (August 2001)Google Scholar
- 2.Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. Proc. IEEE Computer Security 29(2), 38–47 (1996)Google Scholar
- 3.Duh, C.J.: EMR’s Will Save Time and Improve Coordination. From Doctors for America, http://www.drsforamerica.org/blog/emr-s-will-save-time-and-improve-coordination (retrieved August 22, 2011)
- 4.Gunti, N., Sun, W., Niamat, M.: I-RBAC: Isolation Enabled Role-Based Access Control. In: 9th Annual Conference on Privacy, Security and Trust, Quebec, Canada, pp. 79–86. IEEE Computer Security Press (2011)Google Scholar
- 5.Na, S., Cheon, S.: Role Delegation in Role-Based Access Control. In: 5th ACM Workshop on Role-based Access Control, Berlin, Germany, pp. 39–44. ACM Press (2000)Google Scholar