Abstract
Patient identification and consequent recruitment in clinical trials is normally preceded with searches on electronic health record (EHR) systems. Query results may be collated across multiple health organisations and specialties. In such scenarios, a prime concern is the possibility of systems and their users inadvertently or otherwise impinging on the privacy of patients. Access to patient data is crucial for research purposes, but the degree of access must be controlled in such a way that it conforms to agreed legal, organisational and ethical policies. In this paper, we present a proposed model for managing a dynamic matrix of roles and data access privileges within the context of research systems in secondary care.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Becker, M.Y., Sewell, P.: Cassandra: Flexible Trust Management, Applied to Electronic Health Records. In: Computer Security Foundations Workshop, pp. 139—154 (2004)
Sandu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29, 38–47 (1996)
Ferraiolo, D.F., Kuhn, D.R.: Role Based Access Controls. In: 15th National Computer Security Conference, pp. 554–563 (1992)
Slevin, L.A., Macfie A.: Role Based Access Control for a Medical Database. In: IASTED-Software Engineering and Applications Conference, pp. 19–21 (2007)
Covington, M.J., Moyer, M.J., Ahamad, M.: Generalized Role-Based Access Control for Securing Future Applications. Technical Report GIT-CC-00-02. Georgia Institute of Technology (2000)
PERMIS. FAQ (2011), http://sec.cs.kent.ac.uk/permis/documents/FAQ.shtml
Snaith, R.P.: The Hospital Anxiety and Depression Scale. Health Qual. Life Outcomes 1, 29 (2003)
National programme for IT (NPfIT), http://www.gpchoice.org/npfit.aspx
Blobel, B.: Authorisation and Access Control for Electronic Health Record Systems. International Journal of Medical Informatics 73, 251–257 (2004)
HL7. Privacy, Access and Security Services (PASS) Access Control Services Conceptual Model. Release 1 (2010), http://hssp-security.wikispaces.com/PASS+HL7+Balloted+Documents
Farzad, F., Yu, E., Hung, P.C.K.: Role Based Access Control Requirements Model with Purpose Extension. In: Workshop on Requirements Engineering, pp. 207–216 (2007)
Crook, R., Ince, D., Nuseibeh, B.: Modelling Access Policies Using Roles in Requirements Engineering. Information and Software Technology 45(14), 979–991 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Ogunsina, I., Lim Choi Keung, S.N., Zhao, L., Langford, G., Tyler, E., Arvanitis, T.N. (2012). Modelling a User Authorisation and Data Access Framework for Multi-specialty Research Systems in Secondary Health Care. In: Kostkova, P., Szomszor, M., Fowler, D. (eds) Electronic Healthcare. eHealth 2011. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 91. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29262-0_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-29262-0_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29261-3
Online ISBN: 978-3-642-29262-0
eBook Packages: Computer ScienceComputer Science (R0)