Design of access control methods for protecting the confidentiality of patient information in networked systems.

Public awareness of the potential for violation of personal privacy in clinical information systems is increasing. Much of this increase can be attributed to the popularity and publicity of the World Wide Web. Nightly news reports of intruder break-ins and flaws in Internet software security have stimulated public interest in the security of clinical information systems available over the web. As part of the development of systems designed to provide clinical narratives to physicians over the Internet, we are exploring designs that provide additional protection and security to these systems. Specifically, we are developing and testing automated access control measures based on provider-patient relationships for controlling access to personally identifiable patient information.