{"title":"用于个人控制的健康记录的个性化访问控制","authors":"Lillian Røstad, Ø. Nytrø","doi":"10.1145/1456508.1456511","DOIUrl":null,"url":null,"abstract":"Access control is a key feature of healthcare systems. Up until recently most healthcare information systems have been local to a healthcare facility and accessible only to clinicians. Currently there is a move towards making health information more accessible to patients. One example is the Personally Controlled Health Record (PCHR) where the patient is in charge of deciding who gets access to the information. In the PCHR the patient is the administrator of access control. While it certainly is possible to create roles representing people most patients would want to share with, like primary physician, it is also likely, and desirable, to afford the patients a high level of control and freedom to be able to create specialized access policies tailored to their personal wishes. We entitle this personalized access control. In this paper we present a semi-formal model for how we believe personalized access control may be realized. The model draws on and combines properties and concepts of both Role-Based Access Control (RBAC) and Discretionary Access Control (DAC) to achieve the desired properties. Throughout the paper we use the PCHR as a motivating example and to explain our reasoning and practical use of the model.","PeriodicalId":121387,"journal":{"name":"Workshop on Computer Security Architecture","volume":"472 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":"{\"title\":\"Personalized access control for a personally controlled health record\",\"authors\":\"Lillian Røstad, Ø. Nytrø\",\"doi\":\"10.1145/1456508.1456511\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Access control is a key feature of healthcare systems. Up until recently most healthcare information systems have been local to a healthcare facility and accessible only to clinicians. Currently there is a move towards making health information more accessible to patients. One example is the Personally Controlled Health Record (PCHR) where the patient is in charge of deciding who gets access to the information. In the PCHR the patient is the administrator of access control. While it certainly is possible to create roles representing people most patients would want to share with, like primary physician, it is also likely, and desirable, to afford the patients a high level of control and freedom to be able to create specialized access policies tailored to their personal wishes. We entitle this personalized access control. In this paper we present a semi-formal model for how we believe personalized access control may be realized. The model draws on and combines properties and concepts of both Role-Based Access Control (RBAC) and Discretionary Access Control (DAC) to achieve the desired properties. Throughout the paper we use the PCHR as a motivating example and to explain our reasoning and practical use of the model.\",\"PeriodicalId\":121387,\"journal\":{\"name\":\"Workshop on Computer Security Architecture\",\"volume\":\"472 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-10-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"26\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Workshop on Computer Security Architecture\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1456508.1456511\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Workshop on Computer Security Architecture","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1456508.1456511","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Personalized access control for a personally controlled health record
Access control is a key feature of healthcare systems. Up until recently most healthcare information systems have been local to a healthcare facility and accessible only to clinicians. Currently there is a move towards making health information more accessible to patients. One example is the Personally Controlled Health Record (PCHR) where the patient is in charge of deciding who gets access to the information. In the PCHR the patient is the administrator of access control. While it certainly is possible to create roles representing people most patients would want to share with, like primary physician, it is also likely, and desirable, to afford the patients a high level of control and freedom to be able to create specialized access policies tailored to their personal wishes. We entitle this personalized access control. In this paper we present a semi-formal model for how we believe personalized access control may be realized. The model draws on and combines properties and concepts of both Role-Based Access Control (RBAC) and Discretionary Access Control (DAC) to achieve the desired properties. Throughout the paper we use the PCHR as a motivating example and to explain our reasoning and practical use of the model.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
