Author :
Matteucci, Ilaria ; Mori, Paolo ; Petrocchi, Marinella ; Wiegand, Luca
Abstract :
In the last few years, the necessity of having documents in electronic format has been growing over and over. This phenomenon affects also healthcare organizations that have adopted a new model for managing clinical information based on so called Electronic Patient Records. On the one hand, the introduction of such models allows to easily share information among several and widespread healthcare organizations. On the other hand, this arises several questions, like how to guarantee security requirements as, e.g., confidentiality, integrity, and privacy of the information shared. In this paper, we present a formal framework for specifying and analysing policies that regulate the information sharing, in such a way that the security requirements of the author of the policy are satisfied. In particular, we consider a set of authorization, obligation, and prohibition clauses aiming at preserving confidentiality, integrity, and privacy of the clinical data of a patient.
Keywords :
authorisation; data integrity; data privacy; document handling; health care; medical information systems; authorization; clinical data confidentiality; clinical data integrity; clinical data privacy; clinical information management; controlled data sharing; e-health; electronic document; electronic format; electronic patient records; healthcare organization; information sharing; security requirements; Authorization; Context; Graphical user interfaces; Medical services; Organizations; Servers;
