Access control to the electronic health records: a case study of an Algerian health organisation

Abstract

Accessibility to information resources in health systems is a very important aspect. This article is about the protection of medical data and focused primarily on access control in health information systems. It is therefore a question of proposing a rigorous modelling allowing to take care of all the aspects related to the secure management of electronic health record. We proposed in the first time a model to the management of the electronic health record in the context of an Algerian health organisation. Based on this modelling and by using Or-BAC model, in a second time, we proposed a model of the access control to this electronic health record. The validation of this model using the MotOrBAC tool allowed us a safe passage to an implementable specification. As a result, we develop a set of simple and effective tools to support this aspect.