Access control is a key feature of healthcare information systems. Access control is about enforcing rules to ensure that only authorized users get access to resources in a system. In healthcare systems this means protecting patient privacy. However, the top priority is always to provide the best possible care for a patient. This depends on the clinicians having access to the information they need to make the best, most informed, care decisions. Care processes are often unpredictable and hard to map to strict access control rules. As a result, in emergency or otherwise unexpected situations, clinicians need to be able to bypass access control. In a crisis, availability of information takes precedence over privacy concerns. This duality of concerns is what makes access control in healthcare systems so challenging and interesting as a research subject. To create access control models for healthcare we need to understand how healthcare works. Before creating a model we need to understand the requirements the model should fulfill. Though many access control models have been proposed and argued to be suitable for healthcare, little work has been published on access control requirements for healthcare. This PhD project has focused on bridging the gap between formalized models and real world requirements for access control in healthcare by targeting the following research goals:RG1 To collect knowledge that forms a foundation for access control requirements in healthcare systems.RG2 To create improved access control models for healthcare systems based on real requirements.This PhD project has consisted of a number of smaller, distinct, but relatedprojects to reach the research goals. The main contributions can be summarized as:C1 Requirements for access control in healthcare: Studies performed onaudit data, in workshops, by observation and interviews have helped discoverrequirements. Results from this work include methods for access controlrequirements elicitation in addition to the actual requirements discovered.C2 Process-based access control: The main conclusion from the requirementswork is that access control should be tailored to care processes. Care processesare highly dynamic and often unpredictable, and access control needs to adaptto this. This thesis suggests how existing sources of process information, bothexplicit and implicit, may be used for this purpose.C3 Personally controlled health records (PCHR): This thesis explores theconsequences of making the patient the administrator of access control andproposes a model based on these initial requirements. From a performedusability study it is clear that the main challenge is how to keep the patientinformed about the consequences of sharing.
[1]
Ian F. Alexander,et al.
Misuse Cases: Use Cases with Hostile Intent
,
2003,
IEEE Softw..
[2]
Ian F. Alexander,et al.
Initial industrial experience of misuse cases in trade-off analysis
,
2002,
Proceedings IEEE Joint International Conference on Requirements Engineering.
[3]
Donald Firesmith,et al.
Security Use Cases
,
2003,
J. Object Technol..
[4]
Andreas L. Opdahl,et al.
Generalization/specialization as a structuring mechanism for misuse cases
,
2002
.
[5]
Gary McGraw,et al.
Software Security: Building Security In
,
2006,
2006 17th International Symposium on Software Reliability Engineering.
[6]
A. Opdahl,et al.
A Reuse-Based Approach to Determining Secur ity Requirements
,
2003
.
[7]
Gary McGraw,et al.
Risk Analysis in Software Design
,
2004,
IEEE Secur. Priv..
[8]
Frank Swiderski,et al.
Threat Modeling
,
2018,
Hacking Connected Cars.
[9]
Andreas L. Opdahl,et al.
Templates for Misuse Case Description
,
2001
.
[10]
Ken Frazer,et al.
Building secure software: how to avoid security problems the right way
,
2002,
SOEN.
[11]
Andreas L. Opdahl,et al.
Eliciting security requirements with misuse cases
,
2004,
Requirements Engineering.
[12]
John P. McDermott,et al.
Using abuse case models for security requirements analysis
,
1999,
Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).
[13]
I. Alexander,et al.
Misuse cases help to elicit non-functional requirements
,
2003
.
[14]
Andreas L. Opdahl,et al.
Capturing Security Requirements through Misuse Cases
,
2001
.
[15]
Annie I. Antón,et al.
Misuse and Abuse Cases : Getting Past the Positive
,
2022
.
[16]
Ian F. Alexander,et al.
Modelling the Interplay of Conflicting Goals with Use and Misuse Cases
,
2002,
GBPM.
[17]
Neil Maiden,et al.
Scenarios, Stories, Use Cases: Through the Systems Development Life-Cycle
,
2004
.