ABSTRACT
Security and privacy issues in healthcare data management play a fundamental role in the widespread adoption of medical information systems. As a consequence, it is very important to define the right means for expressing and managing policies in order to comply with privacy-related standards and regulations.
In this work, we extend an open source hospital information system in order to provide support for expressing and enforcing privacy-related policies, using as a starting point a conceptual model the authors developed in a previous work.
- Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities of 23 November 1995 No L. 281 p. 31Google Scholar
- Decreto Legislativo n. 196, 30 Giugno 2003, Codice in materia di protezione dei dati personali, Gazzetta Ufficiale n. 174 del 29-7-2003 - Suppl. Ord. n. 123 http://www.hipaa.orgGoogle Scholar
- A. Coen-Porisini, P. Colombo, S. Sicari, A. Trombetta. A Conceptual Model for Privacy Policies. In Proc. of Software Engineering Application (SEA'07), Cambridge, Boston, 2007. Google ScholarDigital Library
- Q. Ni, A. Trombetta, E. Bertino, and J. Lobo. Privacyaware Role-Based Access Control. In Proc. of ACM Symp. on Access Control Methods And Technologies (SACMAT'07), 2007. Google ScholarDigital Library
- A. V. Lamsweerde and E. Letier. Handling Obstacles in Goal-Oriented Requirement Engineering. IEEE Trans. Soft. Eng, 26:978--1005, 2000. Google ScholarDigital Library
- L. Liu, E. Yu, and J. Mylopoulos. Analyzing Security Requirements as Relationships among Strategic Actors. In SREIS'02, e-proceedings, Raleigh, 2002.Google Scholar
- H. Mouratidis, P. Giorgini, and G. Mason. Integrating Security and Systems Engineering towards the Modelling of Secure Information System. In 15th Int. Conf. of Advanced Info. System Engineering (CAiSE'03), vol. 2681 of LNCS, pages 63--78. Springer-Verlang, Berlin, 2003. Google ScholarDigital Library
- H. Mouratidis, P. Giorgini, and G. A. Manson. An Ontology for Modelling Security: The Tropos Approach. In V. Palade, R. J. Howlett, and L. C. Jain, editors, KES, vol. 2773 of Lecture Notes in Computer Science, pages 1387--1394. Springer, 2003.Google Scholar
- L. Chung. Dealing with Security Requirements during the Development of Information System. In 5th Int. Conf. of Advanced Info.System Engineering (CaiSE'93), Paris (France). Google ScholarDigital Library
- J. Mylopolulos, L. Chung, and B. Nixon. Representing and Using non Functional Requirements: a Process Oriented Approach. IEEE Trans. Soft. Eng., 18:483--497, 1992. Google ScholarDigital Library
- A. Anton. Goal-Based Requirements Analysis. In 2nd IEEE Int. Conf. on Requirements Engineering (ICRE'96), pages 136--144, Colorado Springs Co, 1996. Google ScholarDigital Library
- E. Kavakli, C. Kalloniatis, P. Loucopoulos, and S. Gritzalis. Incorporating Privacy Requirements into the System Design Process. The PRIS Conceptual Framework. Internet research, 16:978--1005, 2006.Google Scholar
- R. Agrawal, P. Bird, T. Grandison, J. Kiernan, S. Logan, and W. Rjaibi. Extending Relational Database Systems to Automatically Enforce Privacy Policies. In ICDE, pages 1013--1022. IEEE Computer Society, 2005. Google ScholarDigital Library
- T. Mielikinen. Privacy Problems with Anonymized Transaction Databases. In 7th Int. Conf. Discovery Science (DS 2004), Lecture Notes in Computer Science.Google Scholar
- A. Narayanan and V. Shmatikov. Obfuscated Databases and Group Privacy. In 12th ACM conference on Computer and communications security (CCS '05), pages 102--111, New York, NY, USA, 2005. ACM Press. Google ScholarDigital Library
- Legislazione Sanitaria e Sociale, Edizione giuridiche Simone, 2006, ISBN 88-244-7728-3Google Scholar
- http://www.care2x.org/Google Scholar
- http://www.php.net/Google Scholar
- http://www.adodb.sourceforge.net/Google Scholar
Index Terms
- Introducing privacy in a hospital information system
Recommendations
A conceptual model for privacy policies
SEA '07: Proceedings of the 11th IASTED International Conference on Software Engineering and ApplicationsNowadays privacy is a key issue and enterprises have adopted various strategies to protect customers privacy and to make public their privacy policies. This paper presents a conceptual model for the definition and enforcement of privacy policies. The ...
A privacy preserving authorisation system for the cloud
In this paper we describe a policy based authorisation infrastructure that a cloud provider can run as an infrastructure service for its users. It will protect the privacy of users@? data by allowing the users to set their own privacy policies, and then ...
E-P3P privacy policies and privacy authorization
WPES '02: Proceedings of the 2002 ACM workshop on Privacy in the Electronic SocietyEnterprises collect large amounts of personal data from their customers. To ease privacy concerns, enterprises publish privacy statements that outline how data is used and shared. The Platform for Enterprise Privacy Practices (E-P3P) defines a fine-...
Comments