A Security Policy Model for Clinical Information Systems

11 years 9 months ago
A Security Policy Model for Clinical Information Systems
The protection of personal health information has become a live issue in a number of countries including the USA, Canada, Britain and Germany. The debate has shown that there is widespread confusion about what should be protected, and why. Designers of military and banking systems can refer to Bell-LaPadula and Clark-Wilson respectively, but there is no comparable security policy model that spells out clear and concise access rules for clinical information systems. In this article, we present just such a model. It was commissioned by doctors and is driven by medical ethics; it is informed by the actual threats to privacy, and re ects current best clinical practice. Its e ect is to restrict both the number of users who can access any record and the maximum number of records accessed by any user. This entails controlling information ows across rather than down and enforcing a strong noti cation property. We discuss its relationship with existing security policy models, and its possible ...
Ross J. Anderson
Added 07 Aug 2010
Updated 07 Aug 2010
Type Conference
Year 1996
Where SP
Authors Ross J. Anderson
Comments (0)