Audit-Based Access Control for Electronic Health Records

M.A.C. Dekker, S. Etalle

    Research output: Book/ReportReportProfessional

    94 Downloads (Pure)


    Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e. before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori access control. In this paper we show how the framework can be used in a practical scenario. In particular, we work out the example of an Electronic Health Record (EHR) system, we outline the full architecture needed for audit-based access control and we discuss the requirements and limitations of this approach concerning the underlying infrastructure and its users.
    Original languageEnglish
    Place of PublicationEnschede
    PublisherCentre for Telematics and Information Technology (CTIT)
    Number of pages16
    Publication statusPublished - 1 Jul 2006

    Publication series

    NameCTIT Technical Report Series
    PublisherCentre for Telematics and Information Technology, University of Twente
    ISSN (Print)1381-3625


    • SCS-Cybersecurity
    • Distributed access control
    • Audit
    • Accountability


    Dive into the research topics of 'Audit-Based Access Control for Electronic Health Records'. Together they form a unique fingerprint.

    Cite this