A fundamental requirement for the healthcare industry is that the delivery of care comes first and nothing should interfere with it. As a consequence, the access control mechanisms used in healthcare to regulate and restrict the disclosure of data are often bypassed in case of emergencies. This phenomenon, called “break the glass”, is a common pattern in healthcare organizations and, though quite useful and mandatory in emergency situations, from a security perspective, it represents a serious system weakness. Malicious users, in fact, can abuse the system by exploiting the break the glass principle to gain unauthorized privileges and accesses. In this paper, we propose an access control solution aimed at better regulating break the glass exceptions that occur in healthcare systems. Our solution is based on the definition of different policy spaces, a language, and a composition algebra to regulate access to patient data and to balance the rigorous nature of traditional access control systems with the “delivery of care comes first” principle.
Access control for smarter healthcare using policy spaces / C.A. Ardagna, S. De Capitani di Vimercati, S. Foresti, T.W. Grandison, S. Jajodia, P. Samarati. - In: COMPUTERS & SECURITY. - ISSN 0167-4048. - 29:8(2010 Nov), pp. 848-858.
|Titolo:||Access control for smarter healthcare using policy spaces|
ARDAGNA, CLAUDIO AGOSTINO (Primo)
DE CAPITANI DI VIMERCATI, SABRINA (Secondo)
SAMARATI, PIERANGELA (Ultimo)
|Parole Chiave:||Access control; Break the glass; Exceptions; Healthcare systems; Policy spaces|
|Settore Scientifico Disciplinare:||Settore INF/01 - Informatica|
|Data di pubblicazione:||nov-2010|
|Digital Object Identifier (DOI):||http://dx.doi.org/10.1016/j.cose.2010.07.001|
|Appare nelle tipologie:||01 - Articolo su periodico|