Coordinating Policy for Federated Applications

At the start of its present term of office in 1997 the UK government published a planning document promising ubiquitous access to Electronic Health Records (EHRs) held within the National Health Service (NHS). If such access is to become a reality then it is essential to guarantee confidentiality, since otherwise the media and the privacy vigilantes will prevent deployment. Among the rights included in the Patients’ Charter is a promise that each individual may determine who may access their health records and in what circumstances, and that every access made shall be logged. In October 1999 the Cambridge Computer Laboratory’s Opera group joined a consortium within the Eastern Regional Health Authority to propose an experimental architecture that included access control. Policy governing access to a particular set of records is derived from many high-level sources, and must be updated when any of these sources change. We outline an architecture to achieve this, within the framework of access control policy for EHRs. The problems of coordinating policy arise in many applications that span management regimes, and the techniques outlined are more generally relevant. This is work in progress.

[1]  Jean Bacon,et al.  COBEA: A CORBA-Based Event Architecture , 1998, COOTS.

[2]  Jean Bacon,et al.  An Architecture for Distributed OASIS Services , 2000, Middleware.

[3]  Jean Bacon,et al.  Translating Role-Based Access Control Policy within Context , 2001, POLICY.

[4]  C. Warwick The new NHS: modern dependable , 1998 .

[5]  Jean Bacon,et al.  Access control in an open distributed environment , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[6]  Jane Grimson,et al.  Interoperability issues in sharing electronic healthcare records-the Synapses approach , 1997, Proceedings. Third IEEE International Conference on Engineering of Complex Computer Systems (Cat. No.97TB100168).

[7]  Jean Bacon,et al.  Generic Support for Distributed Applications , 2000, Computer.

[8]  Bob Gann,et al.  Information for Health , 1999, Health expectations : an international journal of public participation in health care and health policy.

[9]  Jean Bacon,et al.  A model of OASIS role-based access control and its support for active security , 2001, TSEC.

[10]  Dipak Kalra,et al.  A CORBA-based integration of distributed electronic healthcare records using the Synapses approach , 1998, IEEE Transactions on Information Technology in Biomedicine.