Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 31836
Expression of Security Policy in Medical Systems for Electronic Healthcare Records

Authors: Nathan C. Lea, Tony Austin, Stephen Hailes, Dipak Kalra


This paper introduces a tool that is being developed for the expression of information security policy controls that govern electronic healthcare records. By reference to published findings, the paper introduces the theory behind the use of knowledge management for automatic and consistent security policy assertion using the formalism called the Secutype; the development of the tool and functionality is discussed; some examples of Secutypes generated by the tool are provided; proposed integration with existing medical record systems is described. The paper is concluded with a section on further work and critique of the work achieved to date.

Keywords: Information Security Policy, Electronic Healthcare Records, Knowledge Management, Archetypes, Secutypes.

Digital Object Identifier (DOI):

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1154


[1] ISO 13606 Health informatics - Electronic Health Record Communication Parts 1, 2 and 3, International Organization for Standardization, csnumber=40784 (last accessed 30th January 2009)
[2] openEHR Clinical Models, The openEHR Foundation, (last accessed 30th January 2009).
[3] Health Level 7 Record Information Model, (last accessed 30th January 2009)
[4] Consultation on the Data Sharing Review, The Foundation for Information Privacy Research (last accessed 30th January 2008)
[5] R. Thomas and M. Walport, "The Data Sharing Review, " in (last accessed 30th January 2009)
[6] M.Y.Becker, "Information Governance in NHS-s NPfIT: A Case for Policy Specification," in International Journal of Medical Informatics vol. 76 (5-6), 2006, pp. 432-437.
[7] The United Kingdom National Health Service Confidentiality Code of Practice, npolicy/PatientConfidentialityAndCaldicottGuardians/DH_4100550 (last accessed 30th January 2009)
[8] University College London Research Governance (last accessed 30th January 2009)
[9] A. Slowther, P. Boynton and S. Shaw, "Research Governance: Ethical Issues," in Journal of the Royal Society of Medicine, vol. 99 (2), 2006, pp. 65-72
[10] E. Angell, A. J. Sutton, K. Windridge, M. Dixon-Woods, "Consistency in Decision Making by Research Ethics Committees: a Controlled Comparison" in Journal of Medical Ethics, BMJ Publishing Group Ltd, vol. 32 (11), 2006, pp. 662-664
[11] N. Lea, S. Hailes, T. Austin, D. Kalra, "Knowledge Management for the Protection of Information in Electronic Medical Records," in eHealth Beyond the Horizon - Get IT There, Proceedings of MIE2008. IOS Press, 2008, pp. 685-90
[12] T. Beale, "Archetypes: Constraint-Based Domain Models for Future-Proof Information Systems," in Eleventh OOPSLA Workshop on Behavioral Semantics: Serving the Customer (Seattle, Washington, USA, November 4, 2002). Edited by Kenneth Baclawski and Haim Kilov. Northeastern University, Boston, 2002, pp. 16-32
[13] M. Sloman and E. Lupu, "Security and Management Policy Specification," IEEE Network vol. 16, 2002, pp. 10-19
[14] The JBoss Community and Application Server, (last accessed 30th January 2008)
[15] JBoss Seam Framework, (last accessed 30th January 2009)
[16] Hibernate, (last accessed 30th January 2009)
[17] T. Austin, D. Kalra, A. Tapuria, N. Lea, D. Ingram, "Implementation of a Query Interface for a Generic Record Server," International Journal of Medical Informatics, Elsevier, vol. 77 (11), 2008, pp. 754-764