Sage Journals: Discover world-class research

Abstract

There is no doubt that the privacy of individuals, the confidentiality of information about them, the integrity of transaction holding and the availability of service systems are all essential; threats in any one of these aspects is costly and could lead to disaster. Securing computer services has been considered a core part of any new development, one of which is clinical information systems. In this paper we discuss a security policy model for a clinical information system and investigate whether logical languages can represent the principles of this kind of model. We have used three logical security languages: the Authorization Specification Language (ASL), a Language for Security Constraints on Objects (LaSCO) and Ponder: a Language for Specifying Security and Management Policies for Distributed Systems. We will also study whether these principles are sufficient to deal with the case of multi-agency services and sharing information with different agencies such as social services, police and education authority.

Keywords

Security policies security models multi-agency services clinical information systems

References

Anderson R . Security in clinical information systems. BMA Report. British Medical Association, 1996.

Anderson R . A security policy model for clinical information systems. In Proceedings of the IEEE Symposium on Research in Security and Privacy, Research in Security and Privacy. Oakland, CA: IEEE Computer Society Press, 1996, pp. 30-43.

Simson G . Database Nation – The death of privacy in the 21st century. Sebastopol CA: O'Reilly, 2000.

Sushil J , Samarati P , Subrahmanian V . A logical language for expressing Authorizations. In Proceedings of the 1997 IEEE Symposium on Security and Privacy. Oakland CA: IEEE Computer Society Press, 1997, pp. 31-42.

Hoagland J , Pandey R , Levitt K . Security policy specification using a graphical approach. Technical Report CSE-98-3, University of California, Davis Department of Computer Science, July 1998.

Damianou N , Dulay N , Lupu E , Sloman M. Ponder : A language for specifying security and management policies for distributed systems. The Language Specification Version 2.2, 15 July 2000. Available at http://www-dse.doc.ic.ac.uk/policies

O'Conor R. Commentary : organisational and cultural aspects are also important, 15 May 1999. Available at http://www.bmj.com/cgi/content/short/318/7194/1328%23resp2

Aljareh S , Rossiter N . A task-based security model to facilitate collaboration in trusted multi-agency networks. Proceedings of the ACM SAC 2002, Madrid, Spain, 10–14 March 2002.

Thomas R K and Sandhu R S . Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented authorization management. Proceedings of the IFIP WG11.3 Workshop on Database Security, Lake Tahoe, California, 11–13 August, 1997.

10.

Denley I , Smith S W . Privacy in clinical information systems in secondary care, 15 May 1999. Available at http://www.bmj.com/cgi/content/short/318/7194/1328

11.

European Committee for Standardization. Technical Committee for Health Informatics. Available at http://www.centc251.org/

12.

Cohen B . A formal model of healthcare security policy. Version 2, CEN TC 251 WG1 N97-9, 1996.

Towards security in multi-agency clinical information services

Abstract

Keywords

References