Audit-Based Access Control for Electronic Health Records

M.A.C. Dekker, Sandro Etalle

    Research output: Book/ReportReportProfessional

    66 Downloads (Pure)

    Abstract

    Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e. before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori access control. In this paper we show how the framework can be used in a practical scenario. In particular, we work out the example of an Electronic Health Record (EHR) system, we outline the full architecture needed for audit-based access control and we discuss the requirements and limitations of this approach concerning the underlying infrastructure and its users.
    Original languageUndefined
    Place of PublicationEnschede
    PublisherCentre for Telematics and Information Technology (CTIT)
    Number of pages16
    Publication statusPublished - 1 Jul 2006

    Publication series

    NameCTIT Technical Report Series
    PublisherCentre for Telematics and Information Technology, University of Twente
    No.06-49
    ISSN (Print)1381-3625

    Keywords

    • SCS-Cybersecurity
    • EWI-6994
    • IR-66381
    • METIS-237411

    Cite this

    Dekker, M. A. C., & Etalle, S. (2006). Audit-Based Access Control for Electronic Health Records. (CTIT Technical Report Series; No. 06-49). Enschede: Centre for Telematics and Information Technology (CTIT).