SECURITY MODELS FOR MEDICAL AND GENETIC INFORMATION

In the past, medical information was physically stored in hospitals, laboratories, and doctors’ offices. Access to this sensitive data was limited, and it was protected by its physical isolation and ignorance of its existence. With the digitization of medical data, this information is becoming accessible through distributed systems, including the Internet. This has increased the numbers of people that can potentially access medical information by orders of magnitude, often providing more efficient transfer of medical records and related information. Misuse of a person’s medical and genetic data could potentially negatively impact his ability to be hired, and limit his career path and his insurability. Clearly medical information is one of the most sensitive types of information and requires strong security measures. We discuss the requirements and policies required for an access control model suitable for medical and genetic information. We indicate the general structure of such a model and conclude that it requires a layered structure. We then show its highest level. We use the Unified Modeling Language (UML) to model a patient record and we make it more precise by defining constraints using the Object Constraint Language (OCL). .

[1]  Eduardo B. Fernández,et al.  A Methodology for Secure Software Design , 2004, Software Engineering Research and Practice.

[2]  T. C. Ting Application Information Security Semantics: A Case of Mental Health Delivery , 1989, DBSec.

[3]  Eduardo B. Fernandez,et al.  A pattern language for security models , 2001 .

[4]  I Denley,et al.  Privacy in clinical information systems in secondary care. , 1999, BMJ.

[5]  Ehud Gudes,et al.  Security Policies in Object-Oriented Databases , 1989, DBSec.

[6]  Martin Dugas,et al.  Impact of integrating clinical and genetic information , 2001, German Conference on Bioinformatics.

[7]  E. B. Fernandez,et al.  Determining role rights from use cases , 1997, RBAC '97.

[8]  Ivar Jacobson,et al.  The unified modeling language reference manual , 2010 .

[9]  Joachim Biskup,et al.  Protection of Privacy and Confidentiality in Medical Information Systems: Problems and Guidelines , 1989, DBSec.

[10]  Eduardo B. Fernández,et al.  A Pattern System for Access Control , 2004, DBSec.

[11]  Jim Chalmers,et al.  Patient privacy and confidentiality , 2003, BMJ : British Medical Journal.

[12]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[13]  Ross Anderson,et al.  Security in Clinical Information Systems , 1996 .

[14]  Ehud Gudes,et al.  A Model for Evaluation and Administration of Security in Object-Oriented Databases , 1994, IEEE Trans. Knowl. Data Eng..

[15]  Marie Khair,et al.  Development of Secure Medical Database Systems , 1994, DEXA.

[16]  J Davey SEISMED: Secure Environment for Information Systems in Medicine. , 1994, Computer methods and programs in biomedicine.