Access control is one of the key features of any health care organization. Without a strong access control mechanism, there is a risk of inappropriate use of personal health information. Here we focus on Personalized Access Control (PAC) [1] where the patient decides who can access his/her health record. We enhance the PAC model of [1] by proposing a prototypical framework, which incorporates a workflow into the PAC model to express the context of health care processes, and by providing a mechanism to capture a patient's consent to enforce the PAC policy. We enforce the "need to know" principle by associating roles with each task in a workflow and handle problems with delegation. We present a case study outlining the present working procedures of the Seniors' Wellness Program in our local health authority, using NOVA Workflow for workflow modeling and Ponder2 for representing and enforcing policy. © 2012 Springer-Verlag.
CITATION STYLE
Leyla, N., & MacCaull, W. (2012). A personalized access control framework for workflow-based health care information. In Lecture Notes in Business Information Processing (Vol. 100 LNBIP, pp. 273–284). Springer Verlag. https://doi.org/10.1007/978-3-642-28115-0_26
Mendeley helps you to discover research relevant for your work.