Audit-Based Access Control for Electronic Health Records

M.A.C. Dekker, Sandro Etalle

    Research output: Book/ReportReportProfessional

    56 Downloads (Pure)

    Abstract

    Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e. before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori access control. In this paper we show how the framework can be used in a practical scenario. In particular, we work out the example of an Electronic Health Record (EHR) system, we outline the full architecture needed for audit-based access control and we discuss the requirements and limitations of this approach concerning the underlying infrastructure and its users.
    Original languageUndefined
    Place of PublicationEnschede
    PublisherCentre for Telematics and Information Technology (CTIT)
    Number of pages16
    Publication statusPublished - 1 Jul 2006

    Publication series

    NameCTIT Technical Report Series
    PublisherCentre for Telematics and Information Technology, University of Twente
    No.06-49
    ISSN (Print)1381-3625

    Keywords

    • SCS-Cybersecurity
    • EWI-6994
    • IR-66381
    • METIS-237411

    Cite this

    Dekker, M. A. C., & Etalle, S. (2006). Audit-Based Access Control for Electronic Health Records. (CTIT Technical Report Series; No. 06-49). Enschede: Centre for Telematics and Information Technology (CTIT).
    Dekker, M.A.C. ; Etalle, Sandro. / Audit-Based Access Control for Electronic Health Records. Enschede : Centre for Telematics and Information Technology (CTIT), 2006. 16 p. (CTIT Technical Report Series; 06-49).
    @book{e88b6e1408be4761bd0819dc3c9aaeec,
    title = "Audit-Based Access Control for Electronic Health Records",
    abstract = "Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e. before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori access control. In this paper we show how the framework can be used in a practical scenario. In particular, we work out the example of an Electronic Health Record (EHR) system, we outline the full architecture needed for audit-based access control and we discuss the requirements and limitations of this approach concerning the underlying infrastructure and its users.",
    keywords = "SCS-Cybersecurity, EWI-6994, IR-66381, METIS-237411",
    author = "M.A.C. Dekker and Sandro Etalle",
    year = "2006",
    month = "7",
    day = "1",
    language = "Undefined",
    series = "CTIT Technical Report Series",
    publisher = "Centre for Telematics and Information Technology (CTIT)",
    number = "06-49",
    address = "Netherlands",

    }

    Dekker, MAC & Etalle, S 2006, Audit-Based Access Control for Electronic Health Records. CTIT Technical Report Series, no. 06-49, Centre for Telematics and Information Technology (CTIT), Enschede.

    Audit-Based Access Control for Electronic Health Records. / Dekker, M.A.C.; Etalle, Sandro.

    Enschede : Centre for Telematics and Information Technology (CTIT), 2006. 16 p. (CTIT Technical Report Series; No. 06-49).

    Research output: Book/ReportReportProfessional

    TY - BOOK

    T1 - Audit-Based Access Control for Electronic Health Records

    AU - Dekker, M.A.C.

    AU - Etalle, Sandro

    PY - 2006/7/1

    Y1 - 2006/7/1

    N2 - Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e. before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori access control. In this paper we show how the framework can be used in a practical scenario. In particular, we work out the example of an Electronic Health Record (EHR) system, we outline the full architecture needed for audit-based access control and we discuss the requirements and limitations of this approach concerning the underlying infrastructure and its users.

    AB - Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e. before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori access control. In this paper we show how the framework can be used in a practical scenario. In particular, we work out the example of an Electronic Health Record (EHR) system, we outline the full architecture needed for audit-based access control and we discuss the requirements and limitations of this approach concerning the underlying infrastructure and its users.

    KW - SCS-Cybersecurity

    KW - EWI-6994

    KW - IR-66381

    KW - METIS-237411

    M3 - Report

    T3 - CTIT Technical Report Series

    BT - Audit-Based Access Control for Electronic Health Records

    PB - Centre for Telematics and Information Technology (CTIT)

    CY - Enschede

    ER -

    Dekker MAC, Etalle S. Audit-Based Access Control for Electronic Health Records. Enschede: Centre for Telematics and Information Technology (CTIT), 2006. 16 p. (CTIT Technical Report Series; 06-49).