Controlled Data Sharing in e-Health

In the last few years, the necessity of having documents in electronic format has been growing over and over. This phenomenon affects also healthcare organizations that have adopted a new model for managing clinical information based on so called Electronic Patient Records. On the one hand, the introduction of such models allows to easily share information among several and widespread healthcare organizations. On the other hand, this arises several questions, like how to guarantee security requirements as, eg confidentiality, integrity, and privacy of the information shared.In this paper, we present a formal framework for specifying and analysingpolicies that regulate the information sharing, in such a way that the securityrequirements of the author of the policy are satisfied. In particular, weconsider a set of authorization, obligation, and prohibition clauses aiming atpreserving confidentiality, integrity, and privacy of the clinical data of apatient.