CNR Institutional Research Information System

Electronic Health Record (EHR) systems have the aim to collect clinical documents about patients, which typically contain very sensitive information. In order to manage who can do what on such clinical documents in the system, it is necessary to use a security mechanism. The Access Control (AC) goal is to guarantee the confidentiality and integrity of the data, and to allow the definition of security policies which reflect the need for privacy. In this paper, we define an innovative access control model that allows, on one hand, to meet the main requirements for EHR systems, and on the other hand to permit patients to define in detailed and clear manner the privacy policies on their clinical documents. The main innovation of this work is the principle of least privilege philosophy usage in the information content of the clinical documents. This feature allows to define an access control model that increases the patients' trust in the EHR system.

A view-based access control model for EHR systems

Mario Sicuranza;Angelo Esposito;Mario Ciampi

2015

Abstract

Electronic Health Record (EHR) systems have the aim to collect clinical documents about patients, which typically contain very sensitive information. In order to manage who can do what on such clinical documents in the system, it is necessary to use a security mechanism. The Access Control (AC) goal is to guarantee the confidentiality and integrity of the data, and to allow the definition of security policies which reflect the need for privacy. In this paper, we define an innovative access control model that allows, on one hand, to meet the main requirements for EHR systems, and on the other hand to permit patients to define in detailed and clear manner the privacy policies on their clinical documents. The main innovation of this work is the principle of least privilege philosophy usage in the information content of the clinical documents. This feature allows to define an access control model that increases the patients' trust in the EHR system.

Scheda breve

Scheda completa

Scheda completa (DC)

	Anno
	
				2015
			
	Strutture organizzative
	
				Istituto di Calcolo e Reti ad Alte Prestazioni - ICAR
			
	Lingua/e
	
				Inglese
			
	Supervisori e coordinatori esterni
	
				David Camacho, Lars Braubach, Salvatore Venticinque, Costin Badica
			
	Titolo del Volume
	
				Intelligent Distributed Computing
			
	Titolo del convegno
	
				8th International Symposium on Intelligent  Distributed Computing
			
	Volume
	
				570
			
	Da pagina
	
				443
			
	A pagina
	
				452
			
	Numero di pagine
	
				10
			
	Codice ISBN
	
				978-3-319-10421-8
			
	Codice DOI
	
				https://dx.doi.org/10.1007/978-3-319-10422-5_46
			
	URL
	
				http://link.springer.com/chapter/10.1007%2F978-3-319-10422-5_46
			
	Nome Editore
	
				Springer International Publishing
			
	Città Editore
	
				CH-6330 Cham (ZG)
			
	Nazione Editore
	
				SVIZZERA
			
	Referee
	
				Sì, ma tipo non specificato
			
	Periodo del Convegno
	
				03/09/2014
			
	Luogo del Convegno
	
				Madrid, Spain
			
	Parole chiave
	
				access control
electronic health record
security
			
	Codice Scopus
	
				2-s2.0-84921364272
			
	Numero autori
	
				3
			
	Fulltext
	
				none
			
	Tutti gli autori
	
						Sicuranza, Mario; Esposito, Angelo; Ciampi, Mario
					
	Tipologia Login Miur
	
				273
			
	Tipologia
	
				info:eu-repo/semantics/conferenceObject
			
	Tipologia
	
				04 Contributo in convegno::04.01 Contributo in Atti di convegno
			
	Appare nelle tipologie:
	
				04.01 Contributo in Atti di convegno

File in questo prodotto:

Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/252745

Citazioni

ND

7

ND

social impact