Audit-Based Access Control for Electronic Health Records

Dekker, M.A.C.; Etalle, S.

Audit-Based Access Control for Electronic Health Records

article

2007

Dekker, M.A.C.

Etalle, S.

Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e. before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori access control. I this paper we show how the framework can be used in a practical scenario. In particular, we work out the example of an Electronic Health Record (EHR) system, we outline the full architecture needed for audit-based access control and we discuss the requirements and limitations of this approach concerning the underlying infrastructure and its users. © 2007 Elsevier B.V. All rights reserved.

Topics

Electronic Health Record (EHR) systems Computer architecture Distributed computer systems Electronic document exchange Formal languages Health care Security systems Audit based access control Distributed access control Electronic Health Record (EHR) systems Security decisions Computer control

TNO Identifier

239850

Repository link

https://resolver.tno.nl/uuid:8bf8b2f7-b8fb-4c90-ac43-75d77d74dcee

ISSN

15710661

Source

Electronic Notes in Theoretical Computer Science, 168(Spec. Issue), pp. 221-236.

Pages

221-236

Files

To receive the publication files, please send an e-mail request to TNO Repository.

Audit-Based Access Control for Electronic Health Records

Make TNO yours!