Audit-Based Access Control for Electronic Health Records

M.A.C. Dekker, S. Etalle

    Research output: Contribution to journalConference articleAcademicpeer-review

    38 Citations (Scopus)
    49 Downloads (Pure)


    Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e.before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori access control. In this paper we show how the framework can be used in a practical scenario. In particular, we work out the example of an Electronic Health Record (EHR) system, we outline the full architecture needed for audit-based access control and we discuss the requirements and limitations of this approach concerning the underlying infrastructure and its users.
    Original languageEnglish
    Pages (from-to)221-236
    Number of pages15
    JournalElectronic notes in theoretical computer science
    Publication statusPublished - Sep 2006
    Event2nd International Workshop on Views on Designing Complex Architectures, VODCA 2006 - Bertinoro, Italy
    Duration: 16 Sep 200617 Sep 2006
    Conference number: 2


    • SCS-Cybersecurity
    • Distributed access control
    • Audit
    • Accountability
    • Electronic Health Record (EHR) systems


    Dive into the research topics of 'Audit-Based Access Control for Electronic Health Records'. Together they form a unique fingerprint.

    Cite this