Abstract
This article discusses potential clashes between different types of security policies that regulate resource access requests on clinical patient data in hospitals by employees. Attribute-based Access Control (ABAC) is proposed as a proper means for such regulation. A proper representation of ABAC policies must include a handling of policy attributes among different policy types. In this article, we propose a semantic policy model with predefined policy conflict categories. A conformance verification function detects erroneous, clashing or mutually susceptible rules early during the policy planning phase. The model and conflicts are used in a conceptual application environment and evaluated in a technical experiment during an interoperability test event.
Highlights
Hospitals as crucial facilities of public health systems are categorized as critical infrastructure and are constrained by additional regulation due to the sensitivity of the processed medical data
This means that the test rules could not be applied because the Resource Access Policy and Access Control Policy of an EPPC document did not match with a suitable Resource Behavior Policy and Information Access Policy
The ihe:FolderCode must be defined as a subtype of the purpose of an Access Control Policy in order to establish the necessary linkage to our policy model
Summary
Hospitals as crucial facilities of public health systems are categorized as critical infrastructure and are constrained by additional regulation due to the sensitivity of the processed medical data. In acknowledging this strong correlation between safety and security, public administrations merged formerly separated safety and information security programs into consolidated guidelines that are considering information security as a fundamental corner stone of maintaining the availability, safety, and proper functioning of such critical infrastructure. Its defined objectives and controls assure a proper regulation of access to facilities that process information as well as the disclosure of protected (health) information [1].
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
