As a guest user you are not logged in or recognized by your IP address. You have
access to the Front Matter, Abstracts, Author Index, Subject Index and the full
text of Open Access publications.
Today's IT‐infrastructure provides more and more possibilities to share electronic patient data across several healthcare organizations and hospital departments. A strong requirement is sufficient data protection and security measures complying with the medical confidentiality and the data protection laws of each state or country like the European directive on data protection or the U.S. HIPAA privacy rule. In essence, the access control mechanisms and authorization structures of information systems must be able to realize the Need‐To‐Access principle. This principle can be understood as a set of context‐sensitive access rules, regarding the patient's path across the organizations. The access control mechanisms of today's health information systems do not sufficiently satisfy this requirement, because information about participation of persons or organizations is not available within each system in a distributed environment. This problem could be solved by appropriate security services. The CORBA healthcare domain standard contains such a service for obtaining authorization decisions and administrating access decision policies (RAD). At the university hospital of Mainz we have developed an access control system (MACS), which includes the main functionality of the RAD specification and the access control logic that is needed for such a service. The basic design principles of our approach are role‐based authorization, user rights with static and dynamic authorization data, context rules and the separation of three cooperating servers that provide up‐to‐date knowledge about users, roles and responsibilities. This paper introduces the design principles and the system design and critically evaluates the concepts based on practical experience.
This website uses cookies
We use cookies to provide you with the best possible experience. They also allow us to analyze user behavior in order to constantly improve the website for you. Info about the privacy policy of IOS Press.
This website uses cookies
We use cookies to provide you with the best possible experience. They also allow us to analyze user behavior in order to constantly improve the website for you. Info about the privacy policy of IOS Press.