Abstract
We present a security model to regulate the exchange and pooling of medical information over a wide-area distributed system. The policy is an abstraction of the principles that guided the implementation of such a system at the University of Ulm. The entities introduced to express the policy are defined by the ethical and legal constraints imposed on a medical informatics system. This policy regulates bulk data interactions between cooperating organizations. As such, it is designed to supplement other security policies regulating access to information at a finer granularity within each of the organizations taking part in the exchange. As an example of such integration, we compare it with the guidelines of the British Medical Association.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Reidenberg, J.R., Schwartz, P.M.: Data Protection Law and On-Line Services: Regulatory Responses. European Commission (1998). Available at http://europa.eu.int/comm/internal_market/en/media/dataprot/studies/regul.pdf (visited July 29, 2000)
Anderson, R.J.: Clinical System Security: Interim Guidelines. British Medical Journal 312 (1996) 109–111. Available at http://www.cl.cam.ac.uk/~rja14/#Med (visited July 30, 2000)
Anderson, R.J.: A Security Policy Model for Clinical Information Systems. Presented at the 1996 IEEE Symposium on Security and Privacy. Available at http://www.cl.cam.ac.uk/~rja14/#Med (visited July 30, 2000)
Anderson, R.J.: Security in Clinical Information Systems. Published by the British Medical Association (1996). Available at http://www.cl.cam.ac.uk/~rja14/#Med (visited July 30, 2000)
Denning, D.E.: A Lattice Model of Secure Information Flow, Communications of the ACM, 19 (1976) 236–243
Badger, L., Sterne, D.F, Sherman, D.L., Walker, K.M., Haghighat, S.A.: Practical Domain and Type Enforcement for UNIX. Proceedings of the 1995 IEEE Symposium on Security and Privacy, Oakland May 8–10 (1995) 66–77
Badger, L., Sterne, D.F, Sherman, D.L., Walker, K.M., Haghighat, S.A.: A Domain and Type Enforcement UNIX Prototype. Proceedings of the 5th USENIX UNIX Security Symposium, Salt Lake City June 5–7 (1995) 127–140
Research and Development in Advanced Communication Technologies in Europe, RIPE Integrity Primitives: Final Report of RACE Integrity Primitives Evaluation (R2040). RACE (1992)
Denley, I., Weston Smith, S.: Privacy in Clinical Information Systems in Secondary Care, British Medical Journal 318 (1999) 1328–1331
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Viviani, R. (2001). A Type/Domain Security Policy for Internet Transmission, Sharing, and Archiving of Medical and Biological Data. In: Sloman, M., Lupu, E.C., Lobo, J. (eds) Policies for Distributed Systems and Networks. POLICY 2001. Lecture Notes in Computer Science, vol 1995. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44569-2_5
Download citation
DOI: https://doi.org/10.1007/3-540-44569-2_5
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41610-4
Online ISBN: 978-3-540-44569-2
eBook Packages: Springer Book Archive