On the Facilitation of Fine-Grained Access to Distributed Healthcare Data

As an increasing amount of healthcare-related data is captured in both clinical and research contexts, the drive to provide appropriate access to such data becomes stronger. The very nature of such data means that simplistic approaches to authorisation--be they coarse-grained or role-based--are insufficient: the needs of the domain give rise to requirements for authorisation models capable of capturing fine-grained, expressive access control policies. We describe the development of a framework for the secure sharing and aggregation of healthcare-related data, called sif(for service-oriented interoperability framework). In particular, we concentrate on the access control aspects of the system and describe its utilisation of XACML in this respect.

[1]  Andrew C. Simpson,et al.  NeuroGrid: using grid technology to advance neuroscience , 2005, 18th IEEE Symposium on Computer-Based Medical Systems (CBMS'05).

[2]  Andrew C. Simpson,et al.  On tracker attacks in health grids , 2006, SAC.

[3]  Wouter Joosen,et al.  Adaptable Access Control Policies for Medical Information Systems , 2003, DAIS.

[4]  Mark Slaymaker,et al.  Towards secure Grid-enabled healthcare: Research Articles , 2005 .

[5]  Andrew C. Simpson,et al.  Towards secure Grid‐enabled healthcare , 2005, Softw. Pract. Exp..

[6]  Elisa Bertino,et al.  Ws-AC: A Fine Grained Access Control System for Web Services , 2006, World Wide Web.

[7]  Dorothy E. Denning,et al.  Are statistical databases secure? , 1899, AFIPS National Computer Conference.

[8]  Francine Berman,et al.  Grid Computing: Making the Global Infrastructure a Reality , 2003 .

[9]  Andrew C. Simpson,et al.  Accessing and aggregating legacy data sources for healthcare research, delivery and training , 2008, SAC '08.

[10]  John S. Fitzgerald,et al.  Formal Engineering of XACML Access Control Policies in VDM++ , 2007, ICFEM.

[11]  Ajitha Rajan,et al.  Requirements Coverage as an Adequacy Measure for Conformance Testing , 2008, ICFEM.

[12]  Michael Brady,et al.  A Scatter Model for Use in Measuring Volumetric Mammographic Breast Density , 2006, Digital Mammography / IWDM.

[13]  David Chadwick,et al.  Access control: how can it improve patients' healthcare? , 2007, Studies in health technology and informatics.

[14]  Andrew C. Simpson,et al.  GIMI: generic infrastructure for medical informatics , 2005, 18th IEEE Symposium on Computer-Based Medical Systems (CBMS'05).

[15]  Philip Brey,et al.  Ethical Aspects of Information Security and Privacy , 2007, Security, Privacy, and Trust in Modern Data Management.

[16]  Frank Wm. Tompa,et al.  User-Managed Access Control for Health Care Systems , 2005, Secure Data Management.

[17]  Milan Petkovic,et al.  Security, Privacy, and Trust in Modern Data Management , 2007, Data-Centric Systems and Applications.

[18]  Jeroen Terstegge Privacy in the Law , 2007, Security, Privacy, and Trust in Modern Data Management.

[19]  Michael Brady,et al.  eDiamond: A Grid‐Enabled Federated Database of Annotated Mammograms , 2003 .

[20]  Alastair G. Gale,et al.  Performs: a self-assessment scheme for radiologists in breast screening , 2003 .