Latin American and Caribbean Consortium of Engineering Institutions
 

Conference Track:  Information Technology

Keywords:         Security, Software Engineering, Databases, Clinical Data

Contact Title:    Dr.

Contact First Name: Eduardo B.

Contact Last Name:  Fernandez

University:       Florida Atlantic University

Web:              http://www.cse.fau.edu/~ed

Position:         Professor of Computer Science and Engineering

Country:          USA

Email:            ed@cse.fau.edu

Fax:              561 297-2800

 

Paper Title:

Access Control Models for Clinical and Genetic Information

 

Abstract:

Clinical information is one of the most sensitive types of information. Its misuse could have a very serious effect on an individual’s life. A good part of this information is becoming accessible through distributed systems, including the Internet.  This means that the number of people that can potentially access information about patients has increased by orders of magnitude. There is also new information, genetic information, which was not available a few years ago. Genetic information is extremely sensitive, a person could lose his job or be denied insurance because of its disclosure. While access to all this information and exchange of information makes the job of health providers more effective, it also gives attackers much more incentives to perform illegal actions because of the larger potential economic gain. To provide guidelines for the protection of these records many countries are enacting laws that regulate the use of electronic patient records. In the US the recently approved Health Insurance Portability and Accountability Act (HIPAA) tries to do this. While several access control models have been proposed for general use, there has been little systematic work on specialized security models for medical systems. We are developing access control models for medical information. We use hybrid models that combine aspects of the access matrix and Role-Based Access Control. This model uses object-oriented diagrams, where authorizations are superimposed on the medical information. The models identify patterns and cover all the architectural levels of the system. The results will be tested in real medical databases, including a hospital and a medical laboratory.

 

Mailing Address:

 

Florida Atlantic University

Dept. of Computer Sci. & Engineering

777 Glades Road, SE-300

Boca Raton, FL 33431-0991

 

Phone: 561 297-3466

 

Authors:

Eduardo B. Fernandez, PhD / ed@cse.fau.edu / Florida Atlantic University / (P)

Maria M. Larrondo Petrie, PhD / petrie@fau.edu / Florida Atlantic University / (P)

 

 
LACCEI home Paper Index home