Audit-Based Access Control for Electronic Health Records

Authors:
M. A. C. Dekker;S. Etalle
Affiliations:
Security group, TNO ICT, Delft, The Netherlands;Distributed and Embedded Systems Group, University of Twente, Enschede, The Netherlands
Venue:
Electronic Notes in Theoretical Computer Science (ENTCS)
Year:
2007

Citing 9
Cited 3

Authentication, access control, and audit

ACM Computing Surveys (CSUR)
Proof-carrying authentication

CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Logic in Access Control

LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
Design of a Role-Based Trust-Management Framework

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Cassandra: Flexible Trust Management, Applied to Electronic Health Records

CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
By Reason and Authority: A System for Authorization of Proof-Carrying Code

CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Reputation-based trust management

Journal of Computer Security - Special issue on WITS'03
An Audit Logic for Accountability

POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
Access control: principle and practice

IEEE Communications Magazine

Rendezvous-based access control for medical records in the pre-hospital environment

Proceedings of the 1st ACM SIGMOBILE international workshop on Systems and networking support for healthcare and assisted living environments
A medical database case study for reflective database access control

Proceedings of the first ACM workshop on Security and privacy in medical and home-care systems
MeD-Lights: a usable metaphor for patient controlled access to electronic health records

Proceedings of the 1st ACM International Health Informatics Symposium

Quantified Score

Hi-index	0.00

Visualization

Abstract

Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e. before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori access control. I this paper we show how the framework can be used in a practical scenario. In particular, we work out the example of an Electronic Health Record (EHR) system, we outline the full architecture needed for audit-based access control and we discuss the requirements and limitations of this approach concerning the underlying infrastructure and its users.