Supporting the shared care of diabetic patients
GROUP '99 Proceedings of the international ACM SIGGROUP conference on Supporting group work
A role-based delegation framework for healthcare information systems
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A task-based security model to facilitate collaboration in trusted multi-agency networks
Proceedings of the 2002 ACM symposium on Applied computing
Protecting Respondents' Identities in Microdata Release
IEEE Transactions on Knowledge and Data Engineering
Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Towards a secure web-based healthcare application
Knowledge media in healthcare
A Privacy Policy Model for Enterprises
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A protection scheme for collaborative environments
Proceedings of the 2003 ACM symposium on Applied computing
Traducement: A model for record security
ACM Transactions on Information and System Security (TISSEC)
Usable security and privacy: a case study of developing privacy management tools
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Requirements traceability to support evolution of access control
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Eliciting confidentiality requirements in practice
CASCON '05 Proceedings of the 2005 conference of the Centre for Advanced Studies on Collaborative research
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
On the modeling and analysis of obligations
Proceedings of the 13th ACM conference on Computer and communications security
A review of information security issues and respective research contributions
ACM SIGMIS Database
Rendezvous-based access control for medical records in the pre-hospital environment
Proceedings of the 1st ACM SIGMOBILE international workshop on Systems and networking support for healthcare and assisted living environments
Unified support for heterogeneous security policies in distributed systems
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Generalized access control of synchronous communication
Proceedings of the ACM/IFIP/USENIX 2006 International Conference on Middleware
Idea: Trusted Emergency Management
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Role based access control for a medical database
SEA '07 Proceedings of the 11th IASTED International Conference on Software Engineering and Applications
A medical database case study for reflective database access control
Proceedings of the first ACM workshop on Security and privacy in medical and home-care systems
Towards a security policy for ubiquitous healthcare systems
ICUCT'06 Proceedings of the 1st international conference on Ubiquitous convergence technology
Medical information privacy assurance: cryptographic and system aspects
SCN'02 Proceedings of the 3rd international conference on Security in communication networks
Towards improved privacy policy coverage in healthcare using policy refinement
SDM'07 Proceedings of the 4th VLDB conference on Secure data management
Modular context-aware access control for medical sensor networks
Proceedings of the 15th ACM symposium on Access control models and technologies
An event driven framework for assistive CPS environments
ACM SIGBED Review - Special Issue on the 2nd Joint Workshop on High Confidence Medical Devices, Software, and Systems (HCMDSS) and Medical Device Plug-and-Play (MD PnP) Interoperability
Security in the dutch electronic patient record system
Proceedings of the second annual workshop on Security and privacy in medical and home-care systems
Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
Security policies in distributed CSCW and workflow systems
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
| Hi-index | 0.00 |
Abstract: The protection of personal health information has become a live issue in a number of countries, including the USA, Canada, Britain and Germany. The debate has shown that there is widespread confusion about what should be protected, and why. Designers of military and banking systems can refer to Bell & LaPadula (1973) and Clark & Wilson (1987) respectively, but there is no comparable security policy model that spells out clear and concise access rules for clinical information systems. In this article, we present just such a model. It was commissioned by doctors and is driven by medical ethics; it is informed by the actual threats to privacy, and reflects current best clinical practice. Its effect is to restrict both the number of users who can access any record and the maximum number of records accessed by any user. This entails controlling information flows across rather than down and enforcing a strong notification property. We discuss its relationship with existing security policy models, and its possible use in other applications where information exposure must be localised; these range from private banking to the management of intelligence data.