{"title":"Expression of Security Policy in Medical Systems for Electronic Healthcare Records","authors":"Nathan C. Lea, Tony Austin, Stephen Hailes, Dipak Kalra","volume":29,"journal":"International Journal of Health and Medical Engineering","pagesStart":470,"pagesEnd":475,"ISSN":"1307-6892","URL":"https:\/\/publications.waset.org\/pdf\/6983","abstract":"<p>This paper introduces a tool that is being developed for the expression of information security policy controls that govern electronic healthcare records. By reference to published findings, the paper introduces the theory behind the use of knowledge management for automatic and consistent security policy assertion using the formalism called the Secutype; the development of the tool and functionality is discussed; some examples of Secutypes generated by the tool are provided; proposed integration with existing medical record systems is described. The paper is concluded with a section on further work and critique of the work achieved to date.<\/p>\r\n","references":"[1] ISO 13606 Health informatics - Electronic Health Record\r\nCommunication Parts 1, 2 and 3, International Organization for\r\nStandardization,\r\nhttp:\/\/www.iso.org\/iso\/iso_catalogue\/catalogue_tc\/catalogue_detail.htm?\r\ncsnumber=40784 (last accessed 30th January 2009)\r\n[2] openEHR Clinical Models, The openEHR Foundation,\r\nhttp:\/\/www.openehr.org\/clinicalmodels\/project.html (last accessed 30th\r\nJanuary 2009).\r\n[3] Health Level 7 Record Information Model, www.hl7.org (last accessed\r\n30th January 2009)\r\n[4] Consultation on the Data Sharing Review, The Foundation for\r\nInformation Privacy Research\r\nhttp:\/\/www.fipr.org\/080215datasharing.pdf (last accessed 30th January\r\n2008)\r\n[5] R. Thomas and M. Walport, \"The Data Sharing Review, \" in\r\nhttp:\/\/www.justice.gov.uk\/docs\/data-sharing-review-report.pdf (last\r\naccessed 30th January 2009)\r\n[6] M.Y.Becker, \"Information Governance in NHS-s NPfIT: A Case for\r\nPolicy Specification,\" in International Journal of Medical Informatics\r\nvol. 76 (5-6), 2006, pp. 432-437.\r\n[7] The United Kingdom National Health Service Confidentiality Code of\r\nPractice,http:\/\/www.dh.gov.uk\/en\/Managingyourorganisation\/Informatio\r\nnpolicy\/PatientConfidentialityAndCaldicottGuardians\/DH_4100550\r\n(last accessed 30th January 2009)\r\n[8] University College London Research Governance\r\nhttp:\/\/www.ucl.ac.uk\/joint-rd-unit\/ResGov (last accessed 30th January\r\n2009)\r\n[9] A. Slowther, P. Boynton and S. Shaw, \"Research Governance: Ethical\r\nIssues,\" in Journal of the Royal Society of Medicine, vol. 99 (2), 2006,\r\npp. 65-72\r\n[10] E. Angell, A. J. Sutton, K. Windridge, M. Dixon-Woods, \"Consistency\r\nin Decision Making by Research Ethics Committees: a Controlled\r\nComparison\" in Journal of Medical Ethics, BMJ Publishing Group Ltd,\r\nvol. 32 (11), 2006, pp. 662-664\r\n[11] N. Lea, S. Hailes, T. Austin, D. Kalra, \"Knowledge Management for the\r\nProtection of Information in Electronic Medical Records,\" in eHealth\r\nBeyond the Horizon - Get IT There, Proceedings of MIE2008. IOS\r\nPress, 2008, pp. 685-90\r\n[12] T. Beale, \"Archetypes: Constraint-Based Domain Models for\r\nFuture-Proof Information Systems,\" in Eleventh OOPSLA Workshop on\r\nBehavioral Semantics: Serving the Customer (Seattle, Washington,\r\nUSA, November 4, 2002). Edited by Kenneth Baclawski and Haim\r\nKilov. Northeastern University, Boston, 2002, pp. 16-32\r\n[13] M. Sloman and E. Lupu, \"Security and Management Policy\r\nSpecification,\" IEEE Network vol. 16, 2002, pp. 10-19\r\n[14] The JBoss Community and Application Server, http:\/\/jboss.org\/ (last\r\naccessed 30th January 2008)\r\n[15] JBoss Seam Framework, http:\/\/seamframework.org\/ (last accessed 30th\r\nJanuary 2009)\r\n[16] Hibernate, http:\/\/www.hibernate.org\/ (last accessed 30th January 2009)\r\n[17] T. Austin, D. Kalra, A. Tapuria, N. Lea, D. Ingram, \"Implementation of\r\na Query Interface for a Generic Record Server,\" International Journal of\r\nMedical Informatics, Elsevier, vol. 77 (11), 2008, pp. 754-764","publisher":"World Academy of Science, Engineering and Technology","index":"Open Science Index 29, 2009"}