Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
SP
1996
IEEE
1996
IEEE
A Security Policy Model for Clinical Information Systems
The protection of personal health information has become a live issue in a number of countries including the USA, Canada, Britain and Germany. The debate has shown that there is widespread confusion about what should be protected, and why. Designers of military and banking systems can refer to Bell-LaPadula and Clark-Wilson respectively, but there is no comparable security policy model that spells out clear and concise access rules for clinical information systems. In this article, we present just such a model. It was commissioned by doctors and is driven by medical ethics; it is informed by the actual threats to privacy, and re ects current best clinical practice. Its e ect is to restrict both the number of users who can access any record and the maximum number of records accessed by any user. This entails controlling information ows across rather than down and enforcing a strong noti cation property. We discuss its relationship with existing security policy models, and its possible ...
Real-time TrafficComparable Security Policy | Concise Access Rules | Security Policy Models | Security Privacy | SP 1996 |
Related Content
| Added | 07 Aug 2010 |
| Updated | 07 Aug 2010 |
| Type | Conference |
| Year | 1996 |
| Where | SP |
| Authors | Ross J. Anderson |
Comments (0)
Researcher Info
|
