Regulating exceptions in healthcare using policy spaces

Ardagna, C.A.; De Capitani di Vimercati, S.; Grandison, T.; Jajodia, S.; Samarati, P.

doi:10.1007/978-3-540-70567-3_20

One truth holds for the healthcare industry -nothing should interfere with the delivery of care. Given this fact, the access control mechanisms used in healthcare to regulate and restrict the disclosure of data are often bypassed. This “break the glass” phenomenon is an established pattern in healthcare organizations and, though quite useful and mandatory in emergency situations, it represents a serious system weakness. In this paper, we propose an access control solution aimed at a better management of exceptions that occur in healthcare. Our solution is based on the definition of different policy spaces regulating access to patient data and used to balance the rigorous nature of traditional access control systems with the prioritization of care delivery.

Regulating exceptions in healthcare using policy spaces / C.A. Ardagna, S. De Capitani di Vimercati, T. Grandison, S. Jajodia, P. Samarati - In: Data and applications security XXII : 22. annual IFIP WG 11.3 working conference on data and applications security : London, UK, july 13-16, 2008 : proceedings / [a cura di] V. Atluri. - Berlin : Springer, 2008. - ISBN 9783540705666. - pp. 254-267 (( Intervento presentato al 22. convegno IFIP WG 11.3 working Conference on Data and Applications Security tenutosi a London nel 2008 [10.1007/978-3-540-70567-3_20].

Regulating exceptions in healthcare using policy spaces

C.A. Ardagna^Primo;S. De Capitani di Vimercati^Secondo;T. Grandison;S. Jajodia;P. Samarati^Ultimo

2008

Abstract

One truth holds for the healthcare industry -nothing should interfere with the delivery of care. Given this fact, the access control mechanisms used in healthcare to regulate and restrict the disclosure of data are often bypassed. This “break the glass” phenomenon is an established pattern in healthcare organizations and, though quite useful and mandatory in emergency situations, it represents a serious system weakness. In this paper, we propose an access control solution aimed at a better management of exceptions that occur in healthcare. Our solution is based on the definition of different policy spaces regulating access to patient data and used to balance the rigorous nature of traditional access control systems with the prioritization of care delivery.

Scheda breve

Scheda completa

Scheda completa (DC)

	Settori scientifico-disciplinari del contributo
	
			Settore INF/01 - Informatica
		
	Data di pubblicazione
	
			2008
		
	DOI
	
			https://dx.doi.org/10.1007/978-3-540-70567-3_20
		
	Tipologia
	
			Book Part (author)
		
	Appare nelle tipologie:
	
			03 - Contributo in volume

File in questo prodotto:

Non ci sono file associati a questo prodotto.

Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/45000

Citazioni

ND

17

5

IRIS Institutional Research Information System - AIR Archivio Istituzionale della Ricerca