A front end authorization mechanism for hospital information systems.

Authorization is an important functionality that every hospital information system (HIS) should provide. An authorization mechanism permits information to be accessed only by properly authorized users. Authorization models and mechanisms have been widely investigated within the framework of HISs. However, their implementation into existing systems, that do not any longer meet increased authorization requirements, requires a major redesign effort. This paper describes a front end authorization mechanism that has been developed in an attempt to enhance the security features of an existing HIS without extensive modifications to the system structure.