Audit-Based Access Control for Electronic Health Records

M.A.C. Dekker, S. Etalle

Research output: Contribution to journalConference articleAcademicpeer-review

24 Citations (Scopus)

Abstract

Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e.before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori access control. In this paper we show how the framework can be used in a practical scenario. In particular, we work out the example of an Electronic Health Record (EHR) system, we outline the full architecture needed for audit-based access control and we discuss the requirements and limitations of this approach concerning the underlying infrastructure and its users.
Original languageEnglish
Pages (from-to)221-236
Number of pages15
JournalElectronic notes in theoretical computer science
Volume168
DOIs
Publication statusPublished - Sep 2006
Event2nd International Workshop on Views on Designing Complex Architectures, VODCA 2006 - Bertinoro, Italy
Duration: 16 Sep 200617 Sep 2006
Conference number: 2

Fingerprint

Audit
Access Control
Access control
Health
Electronics
Scenarios
Infrastructure
Requirements
Framework

Keywords

  • SCS-Cybersecurity
  • Distributed access control
  • Audit
  • Accountability
  • Electronic Health Record (EHR) systems

Cite this

@article{ec6d9f1a3296477f8d67e9e573081635,
title = "Audit-Based Access Control for Electronic Health Records",
abstract = "Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e.before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori access control. In this paper we show how the framework can be used in a practical scenario. In particular, we work out the example of an Electronic Health Record (EHR) system, we outline the full architecture needed for audit-based access control and we discuss the requirements and limitations of this approach concerning the underlying infrastructure and its users.",
keywords = "SCS-Cybersecurity, Distributed access control, Audit, Accountability, Electronic Health Record (EHR) systems",
author = "M.A.C. Dekker and S. Etalle",
year = "2006",
month = "9",
doi = "10.1016/j.entcs.2006.08.028",
language = "English",
volume = "168",
pages = "221--236",
journal = "Electronic notes in theoretical computer science",
issn = "1571-0661",
publisher = "Elsevier",

}

Audit-Based Access Control for Electronic Health Records. / Dekker, M.A.C.; Etalle, S.

In: Electronic notes in theoretical computer science, Vol. 168, 09.2006, p. 221-236.

Research output: Contribution to journalConference articleAcademicpeer-review

TY - JOUR

T1 - Audit-Based Access Control for Electronic Health Records

AU - Dekker, M.A.C.

AU - Etalle, S.

PY - 2006/9

Y1 - 2006/9

N2 - Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e.before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori access control. In this paper we show how the framework can be used in a practical scenario. In particular, we work out the example of an Electronic Health Record (EHR) system, we outline the full architecture needed for audit-based access control and we discuss the requirements and limitations of this approach concerning the underlying infrastructure and its users.

AB - Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e.before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori access control. In this paper we show how the framework can be used in a practical scenario. In particular, we work out the example of an Electronic Health Record (EHR) system, we outline the full architecture needed for audit-based access control and we discuss the requirements and limitations of this approach concerning the underlying infrastructure and its users.

KW - SCS-Cybersecurity

KW - Distributed access control

KW - Audit

KW - Accountability

KW - Electronic Health Record (EHR) systems

U2 - 10.1016/j.entcs.2006.08.028

DO - 10.1016/j.entcs.2006.08.028

M3 - Conference article

VL - 168

SP - 221

EP - 236

JO - Electronic notes in theoretical computer science

JF - Electronic notes in theoretical computer science

SN - 1571-0661

ER -