Fahl Sascha, Harbach Marian, Smith Matthew
Leibniz University Hannover, Distributed Computing & Security Group, Germany.
Stud Health Technol Inform. 2012;180:756-60.
We propose a novel human-centric, visual, and context-aware access control (AC) system for distributed clinical data management and health information systems. Human-centricity in this context means that medical staff should be able to configure AC rules, both in a timesaving and reliable manner. Since medical data often includes (meta-) information about a patient, it is essential that an AC system includes the patient into the AC process. To cater for the strong security needs in the medical domain, both the AC policy creation by medical staff as well as the patient-interaction feature need to be taken into account. While traditional AC systems offer sufficient security in theory, they lack in comfort and flexibility and as a result find no widespread acceptance with non tech-savvy users. Distributed medical institutions could enormously benefit from the opportunity of dynamic AC configuration at an end-user level while adhering to legal, ethical or other privacy requirements. Hence, this paper presents a human-centric visual AC model for medical data, addressing usability, information security and patient interaction.
我们提出了一种新颖的以用户为中心、可视化且具备上下文感知能力的访问控制(AC)系统,用于分布式临床数据管理和健康信息系统。在此背景下,以用户为中心意味着医护人员应能够以省时且可靠的方式配置AC规则。由于医疗数据通常包含有关患者的(元)信息,因此AC系统将患者纳入AC流程至关重要。为满足医疗领域强烈的安全需求,医护人员创建AC策略以及患者交互功能都需要加以考虑。虽然传统AC系统在理论上提供了足够的安全性,但它们缺乏舒适性和灵活性,因此未被非技术熟练的用户广泛接受。分布式医疗机构在遵守法律、道德或其他隐私要求的同时,能够从终端用户级别的动态AC配置机会中极大地受益。因此,本文提出了一种用于医疗数据的以用户为中心的可视化AC模型,以解决可用性、信息安全和患者交互问题。
