Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ACSAC
2006
IEEE
2006
IEEE
A Study of Access Control Requirements for Healthcare Systems Based on Audit Trails from Access Logs
In healthcare, role-based access control systems are often extended with exception mechanisms to ensure access to needed informationeven when the needs don’t followthe expected patterns. Exception mechanisms increase the threats to patient privacy, and therefore their use should be limited and subject to auditing. We have studied access logs from a hospital EPR system with extensive use of exception-based access control. We found that the uses of the exception mechanisms were too frequent and widespread to be considered exceptions. The huge size of the log and the use of predefined or uninformative reasons for access make it infeasible to audit the log for misuse. The informative reasons that were given provided startingpoints for requirements on how the usage needs should be accomplished without exceptionbased access. With more structured and fine-grained logging, analysis of access logs could be a very useful tool for learning how to reduce the need for exception-based access.
Real-time TrafficRelated Content
| Added | 10 Jun 2010 |
| Updated | 10 Jun 2010 |
| Type | Conference |
| Year | 2006 |
| Where | ACSAC |
| Authors | Lillian Røstad, Ole Edsberg |
Comments (0)
Researcher Info
|
