Authors: Nathan C. Lea, Tony Austin, Stephen Hailes, Dipak Kalra

Abstract:

This paper introduces a tool that is being developed for the expression of information security policy controls that govern electronic healthcare records. By reference to published findings, the paper introduces the theory behind the use of knowledge management for automatic and consistent security policy assertion using the formalism called the Secutype; the development of the tool and functionality is discussed; some examples of Secutypes generated by the tool are provided; proposed integration with existing medical record systems is described. The paper is concluded with a section on further work and critique of the work achieved to date.

Keywords: Information Security Policy, Electronic Healthcare Records, Knowledge Management, Archetypes, Secutypes.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1332974

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1301

References:

[1] ISO 13606 Health informatics - Electronic Health Record Communication Parts 1, 2 and 3, International Organization for Standardization, http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm? csnumber=40784 (last accessed 30th January 2009)
[2] openEHR Clinical Models, The openEHR Foundation, http://www.openehr.org/clinicalmodels/project.html (last accessed 30th January 2009).
[3] Health Level 7 Record Information Model, www.hl7.org (last accessed 30th January 2009)
[4] Consultation on the Data Sharing Review, The Foundation for Information Privacy Research http://www.fipr.org/080215datasharing.pdf (last accessed 30th January 2008)
[5] R. Thomas and M. Walport, "The Data Sharing Review, " in http://www.justice.gov.uk/docs/data-sharing-review-report.pdf (last accessed 30th January 2009)
[6] M.Y.Becker, "Information Governance in NHS-s NPfIT: A Case for Policy Specification," in International Journal of Medical Informatics vol. 76 (5-6), 2006, pp. 432-437.
[7] The United Kingdom National Health Service Confidentiality Code of Practice,http://www.dh.gov.uk/en/Managingyourorganisation/Informatio npolicy/PatientConfidentialityAndCaldicottGuardians/DH_4100550 (last accessed 30th January 2009)
[8] University College London Research Governance http://www.ucl.ac.uk/joint-rd-unit/ResGov (last accessed 30th January 2009)
[9] A. Slowther, P. Boynton and S. Shaw, "Research Governance: Ethical Issues," in Journal of the Royal Society of Medicine, vol. 99 (2), 2006, pp. 65-72
[10] E. Angell, A. J. Sutton, K. Windridge, M. Dixon-Woods, "Consistency in Decision Making by Research Ethics Committees: a Controlled Comparison" in Journal of Medical Ethics, BMJ Publishing Group Ltd, vol. 32 (11), 2006, pp. 662-664
[11] N. Lea, S. Hailes, T. Austin, D. Kalra, "Knowledge Management for the Protection of Information in Electronic Medical Records," in eHealth Beyond the Horizon - Get IT There, Proceedings of MIE2008. IOS Press, 2008, pp. 685-90
[12] T. Beale, "Archetypes: Constraint-Based Domain Models for Future-Proof Information Systems," in Eleventh OOPSLA Workshop on Behavioral Semantics: Serving the Customer (Seattle, Washington, USA, November 4, 2002). Edited by Kenneth Baclawski and Haim Kilov. Northeastern University, Boston, 2002, pp. 16-32
[13] M. Sloman and E. Lupu, "Security and Management Policy Specification," IEEE Network vol. 16, 2002, pp. 10-19
[14] The JBoss Community and Application Server, http://jboss.org/ (last accessed 30th January 2008)
[15] JBoss Seam Framework, http://seamframework.org/ (last accessed 30th January 2009)
[16] Hibernate, http://www.hibernate.org/ (last accessed 30th January 2009)
[17] T. Austin, D. Kalra, A. Tapuria, N. Lea, D. Ingram, "Implementation of a Query Interface for a Generic Record Server," International Journal of Medical Informatics, Elsevier, vol. 77 (11), 2008, pp. 754-764