<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>UTas ePrints - Professional Access Control</title>
<script type="text/javascript" src="http://eprints.utas.edu.au/javascript/auto.js"><!-- padder --></script>
<style type="text/css" media="screen">@import url(http://eprints.utas.edu.au/style/auto.css);</style>
<style type="text/css" media="print">@import url(http://eprints.utas.edu.au/style/print.css);</style>
<link rel="icon" href="/images/eprints/favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="/images/eprints/favicon.ico" type="image/x-icon" />
<link rel="Top" href="http://eprints.utas.edu.au/" />
<link rel="Search" href="http://eprints.utas.edu.au/cgi/search" />
<meta content="de la Motte, Leigh" name="eprints.creators_name" />
<meta content="Hartnett, Jacky" name="eprints.creators_name" />
<meta content="lhdela@utas.edu.au" name="eprints.creators_id" />
<meta content="j.hartnett@utas.edu.au" name="eprints.creators_id" />
<meta content="conference_item" name="eprints.type" />
<meta content="2007-02-19" name="eprints.datestamp" />
<meta content="2008-01-08 15:30:00" name="eprints.lastmod" />
<meta content="show" name="eprints.metadata_visibility" />
<meta content="Professional Access Control" name="eprints.title" />
<meta content="pub" name="eprints.ispublished" />
<meta content="280103" name="eprints.subjects" />
<meta content="public" name="eprints.full_text_status" />
<meta content="paper" name="eprints.pres_type" />
<meta content="Health Informatics, Access Control, Computer Security, Roles, Medical Records" name="eprints.keywords" />
<meta content="Topic area and paper objectives:
This paper investigates the hypotheses that it is possible to build a practical access control system
for patient records within a hospital domain that ensures access to all those who are at any one time
part of a particular patient's treating team yet at the same time provides appropriate barriers to
access for those not currently part of this team. A caveat for this hypothesis is that at no time
should a clinician be barred from access to a particular record, but that means should exist to ensure
that appropriate access is accepted and inappropriate access reported upon. Central to this idea is
that it should be possible to use standards of professional ethics and normal workflow to enable the
model.
Background and concise literature review:
Traditional models of access control do not cope well with the problem of how to define access
permissions for a team that is dynamic in nature (as is a treating team) and where the access is to
objects (patient records) only in the loosest 'owned' by those who have a need to access such
objects. In these models either the system administrator has to define permitted access in advance
(mandatory access control) or the owner of the data can define the permitted accesses (discretionary
access control) (Pfleeger 2000). Extensions to Role Based Access Control (RBAC) and Team
Based Access Control (TMAC) have provided the most useful solutions to date but still require a
system administrator or surrogate to define appropriate access in advance. (Ferraiolo & Kuhn 1992)
(Ramaswamy & Sandhu 1998) (NIST 2004) (Thomas 1997) (Georgiadis et al 2001) (Georgiadis
2002) However, work by Thomas & Sandhu (1997) and Alotaiby & Chen (2004) has shown that it
is possible to incorporate changes to access privileges as part of normal workflow.
Methods:
As a result of observing and discussing normal and unusual workflow patterns within the
Tasmanian hospital environment a set of scenarios were developed each of which characterised a
unique instance of change to whom should be able to access a patient record. The method used by
current access control models to handle each scenario was then analysed. A new definition of a
team in a hospital environment was then used to develop the Professional Access control (PAC)
model that was implemented and tested in Oracle. Testing was carried out using each scenario in a
simulated hospital of 3 wards, 20 staff and 20 patients.
Results and discussions:
Clinicians at a hospital were defined as either being Members: part of a patient's treating team,
Colleagues: having the same role and belonging to the same unit as the patient or Associates: part of
the hospital but not currently related to the patient. Being a team Member can be adjusted as part of
the normal hospital admission and referral processes. Emergency access is provided subject to
retrospective approval and auditing procedures. The model has been developed as an Oracle
implementation for a simulated hospital environment and tested against the 24 scenarios defined.
The Professional Access Control model allows for dynamic definition of the treating team and
facilitates guaranteed availability to clinicians appropriate to their relationship to a patient. This is
made possible by relying upon the professional ethics of clinicians rather than those of system
administrators. It relieves the burden of predefining access control from system administrators
without endowing clinicians with unnecessary system administration privileges." name="eprints.abstract" />
<meta content="2005-08" name="eprints.date" />
<meta content="published" name="eprints.date_type" />
<meta content="8" name="eprints.pages" />
<meta content="13th Health Informatics Conference HIC2005" name="eprints.event_title" />
<meta content="Melbourne, Australia" name="eprints.event_location" />
<meta content="31 Jul - 02 Aug 2005" name="eprints.event_dates" />
<meta content="conference" name="eprints.event_type" />
<meta content="UNSPECIFIED" name="eprints.thesis_type" />
<meta content="TRUE" name="eprints.refereed" />
<meta content="Alotaiby, F. T. and Chen, J. X. 2004, 'A Model for Team-based Access Control (TMAC 2004)', International
Conference on Information Technology: Coding and Computing (ITCC'04), IEEE, Las Vegas, Nevada, USA
de la Motte, L. H. and Hartnett, J. 2005, 'Trusted Access Control', submitted to Australasian Conference on
Information Security and Privacy (ACISP'05), Brisbane, Australia
Ferraiolo, D. and Kuhn, R. 1992, 'Role-Based Access Control', 15th National Computer Security Conference
Georgiadis, C. K., Mavridis, I., Pangalos, G. and Thomas, R. K. 2001, 'Flexible Team-Based Access Control
Using Contexts', SACMAT '01, ACM, Chantilly, Virginia, USA, pp. 21-27
Georgiadis, C. K., Mavridis, I. K. and Pangalos, G. I. 2002, 'Programming a view-based active access-control
system for healthcare environments.' Health Informatics Journal (2002): 191-198.
Hartnett, J. 2002, Research into the Implementation of Electronic Consent for the use of Patient Identifiable
Health Data, University of Tasmania - School of Computing.
Kalam, A. A. E., Baida, R. E., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miege, A., Saurel, C. and
Trouessin, G. 2003, 'Organisation based access control', 4th International IEEE Workshop on Policies for Distributed
Systems and Networks, IEEE, Lake Como, Italy, pp. 120-131
Kudo, M. 2002, 'PBAC: Provision-based access control model.' International Journal of Information Security
12: 116-130.
NIST 2004, Role Based Access Control. viewed 6th October, 2004, <http://csrc.nist.gov/rbac/>
Pfleeger, C. P. 2000, Security in Computing, Prentice Hall PTR, Upper Saddle River, New Jersey.
Ramaswamy, C. and Sandhu, R. 1998, 'Role-Based Access Control Features in Commercial Database
Management Systems', 21st National Information Systems Security Conference, Crystal City, Virginia, USA
Schneier, B. 2000, Secrets and Lies, John Wiley & Sons, Inc., New York.
Thomas, R. K. 1997, 'Team-based Access Control (TMAC): A Primitive for Applying Role-based Access
Controls in Collaborative Environments', RBAC '97, ACM, Fairfax Va USA, pp. 13-19
Thomas, R. K. and Sandhu, R. S. 1997, 'Task-based Authorisation Controls (TBAC): A Family of Models for
Active and Enterprise-oriented Authorisation Management', IFIP WG11.3 Workshop on Database Security, Chapman
& Hall, Lake Tahoe, California, USA
Woodcock, D. and Gillies, I. 2003, 'Generic middleware as a new paradigm for providing a single user interface
to multiple disparate web-based clinical applications', HIC 2003 RACGP 12CC Combined Conferences, Darling
Harbour, Sydney Australia" name="eprints.referencetext" />
<meta content="de la Motte, Leigh and Hartnett, Jacky (2005) Professional Access Control. In: 13th Health Informatics Conference HIC2005, 31 Jul - 02 Aug 2005, Melbourne, Australia." name="eprints.citation" />
<meta content="http://eprints.utas.edu.au/782/1/PAC.pdf" name="eprints.document_url" />
<link rel="schema.DC" href="http://purl.org/DC/elements/1.0/" />
<meta content="Professional Access Control" name="DC.title" />
<meta content="de la Motte, Leigh" name="DC.creator" />
<meta content="Hartnett, Jacky" name="DC.creator" />
<meta content="280103 Information Storage, Retrieval and Management" name="DC.subject" />
<meta content="Topic area and paper objectives:
This paper investigates the hypotheses that it is possible to build a practical access control system
for patient records within a hospital domain that ensures access to all those who are at any one time
part of a particular patient's treating team yet at the same time provides appropriate barriers to
access for those not currently part of this team. A caveat for this hypothesis is that at no time
should a clinician be barred from access to a particular record, but that means should exist to ensure
that appropriate access is accepted and inappropriate access reported upon. Central to this idea is
that it should be possible to use standards of professional ethics and normal workflow to enable the
model.
Background and concise literature review:
Traditional models of access control do not cope well with the problem of how to define access
permissions for a team that is dynamic in nature (as is a treating team) and where the access is to
objects (patient records) only in the loosest 'owned' by those who have a need to access such
objects. In these models either the system administrator has to define permitted access in advance
(mandatory access control) or the owner of the data can define the permitted accesses (discretionary
access control) (Pfleeger 2000). Extensions to Role Based Access Control (RBAC) and Team
Based Access Control (TMAC) have provided the most useful solutions to date but still require a
system administrator or surrogate to define appropriate access in advance. (Ferraiolo & Kuhn 1992)
(Ramaswamy & Sandhu 1998) (NIST 2004) (Thomas 1997) (Georgiadis et al 2001) (Georgiadis
2002) However, work by Thomas & Sandhu (1997) and Alotaiby & Chen (2004) has shown that it
is possible to incorporate changes to access privileges as part of normal workflow.
Methods:
As a result of observing and discussing normal and unusual workflow patterns within the
Tasmanian hospital environment a set of scenarios were developed each of which characterised a
unique instance of change to whom should be able to access a patient record. The method used by
current access control models to handle each scenario was then analysed. A new definition of a
team in a hospital environment was then used to develop the Professional Access control (PAC)
model that was implemented and tested in Oracle. Testing was carried out using each scenario in a
simulated hospital of 3 wards, 20 staff and 20 patients.
Results and discussions:
Clinicians at a hospital were defined as either being Members: part of a patient's treating team,
Colleagues: having the same role and belonging to the same unit as the patient or Associates: part of
the hospital but not currently related to the patient. Being a team Member can be adjusted as part of
the normal hospital admission and referral processes. Emergency access is provided subject to
retrospective approval and auditing procedures. The model has been developed as an Oracle
implementation for a simulated hospital environment and tested against the 24 scenarios defined.
The Professional Access Control model allows for dynamic definition of the treating team and
facilitates guaranteed availability to clinicians appropriate to their relationship to a patient. This is
made possible by relying upon the professional ethics of clinicians rather than those of system
administrators. It relieves the burden of predefining access control from system administrators
without endowing clinicians with unnecessary system administration privileges." name="DC.description" />
<meta content="2005-08" name="DC.date" />
<meta content="Conference or Workshop Item" name="DC.type" />
<meta content="PeerReviewed" name="DC.type" />
<meta content="application/pdf" name="DC.format" />
<meta content="http://eprints.utas.edu.au/782/1/PAC.pdf" name="DC.identifier" />
<meta content="de la Motte, Leigh and Hartnett, Jacky (2005) Professional Access Control. In: 13th Health Informatics Conference HIC2005, 31 Jul - 02 Aug 2005, Melbourne, Australia." name="DC.identifier" />
<meta content="http://eprints.utas.edu.au/782/" name="DC.relation" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/782/BibTeX/epprod-eprint-782.bib" title="BibTeX" type="text/plain" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/782/ContextObject/epprod-eprint-782.xml" title="OpenURL ContextObject" type="text/xml" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/782/ContextObject::Dissertation/epprod-eprint-782.xml" title="OpenURL Dissertation" type="text/xml" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/782/ContextObject::Journal/epprod-eprint-782.xml" title="OpenURL Journal" type="text/xml" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/782/DC/epprod-eprint-782.txt" title="Dublin Core" type="text/plain" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/782/DIDL/epprod-eprint-782.xml" title="DIDL" type="text/xml" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/782/EndNote/epprod-eprint-782.enw" title="EndNote" type="text/plain" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/782/HTML/epprod-eprint-782.html" title="HTML Citation" type="text/html; charset=utf-8" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/782/METS/epprod-eprint-782.xml" title="METS" type="text/xml" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/782/MODS/epprod-eprint-782.xml" title="MODS" type="text/xml" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/782/RIS/epprod-eprint-782.ris" title="Reference Manager" type="text/plain" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/782/Refer/epprod-eprint-782.refer" title="Refer" type="text/plain" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/782/Simple/epprod-eprint-782text" title="Simple Metadata" type="text/plain" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/782/Text/epprod-eprint-782.txt" title="ASCII Citation" type="text/plain; charset=utf-8" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/782/XML/epprod-eprint-782.xml" title="EP3 XML" type="text/xml" />
</head>
<body bgcolor="#ffffff" text="#000000" onLoad="loadRoutine(); MM_preloadImages('images/eprints/ePrints_banner_r5_c5_f2.gif','images/eprints/ePrints_banner_r5_c7_f2.gif','images/eprints/ePrints_banner_r5_c8_f2.gif','images/eprints/ePrints_banner_r5_c9_f2.gif','images/eprints/ePrints_banner_r5_c10_f2.gif','images/eprints/ePrints_banner_r5_c11_f2.gif','images/eprints/ePrints_banner_r6_c4_f2.gif')">
<div class="ep_noprint"><noscript><style type="text/css">@import url(http://eprints.utas.edu.au/style/nojs.css);</style></noscript></div>
<table width="795" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><script language="JavaScript1.2">mmLoadMenus();</script>
<table border="0" cellpadding="0" cellspacing="0" width="795">
<!-- fwtable fwsrc="eprints_banner_final2.png" fwbase="ePrints_banner.gif" fwstyle="Dreamweaver" fwdocid = "1249563342" fwnested="0" -->
<tr>
<td><img src="/images/eprints/spacer.gif" width="32" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="104" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="44" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="105" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="41" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="16" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="68" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="68" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="68" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="82" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="69" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="98" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="1" height="1" border="0" alt="" /></td>
</tr>
<tr>
<td colspan="12"><img name="ePrints_banner_r1_c1" src="/images/eprints/ePrints_banner_r1_c1.gif" width="795" height="10" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="1" height="10" border="0" alt="" /></td>
</tr>
<tr>
<td rowspan="6"><img name="ePrints_banner_r2_c1" src="/images/eprints/ePrints_banner_r2_c1.gif" width="32" height="118" border="0" alt="" /></td>
<td rowspan="5"><a href="http://www.utas.edu.au/"><img name="ePrints_banner_r2_c2" src="/images/eprints/ePrints_banner_r2_c2.gif" width="104" height="103" border="0" alt="" /></a></td>
<td colspan="10"><img name="ePrints_banner_r2_c3" src="/images/eprints/ePrints_banner_r2_c3.gif" width="659" height="41" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="1" height="41" border="0" alt="" /></td>
</tr>
<tr>
<td colspan="3"><a href="http://eprints.utas.edu.au/"><img name="ePrints_banner_r3_c3" src="/images/eprints/ePrints_banner_r3_c3.gif" width="190" height="31" border="0" alt="" /></a></td>
<td rowspan="2" colspan="7"><img name="ePrints_banner_r3_c6" src="/images/eprints/ePrints_banner_r3_c6.gif" width="469" height="37" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="1" height="31" border="0" alt="" /></td>
</tr>
<tr>
<td colspan="3"><img name="ePrints_banner_r4_c3" src="/images/eprints/ePrints_banner_r4_c3.gif" width="190" height="6" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="1" height="6" border="0" alt="" /></td>
</tr>
<tr>
<td colspan="2"><img name="ePrints_banner_r5_c3" src="/images/eprints/ePrints_banner_r5_c3.gif" width="149" height="1" border="0" alt="" /></td>
<td rowspan="2" colspan="2"><a href="/information.html" onMouseOut="MM_swapImgRestore();MM_startTimeout()" onMouseOver="MM_showMenu(window.mm_menu_0821132634_0,0,25,null,'ePrints_banner_r5_c5');MM_swapImage('ePrints_banner_r5_c5','','/images/eprints/ePrints_banner_r5_c5_f2.gif',1);"><img name="ePrints_banner_r5_c5" src="/images/eprints/ePrints_banner_r5_c5.gif" width="57" height="25" border="0" alt="About" /></a></td>
<td rowspan="2"><a href="/view/" onMouseOut="MM_swapImgRestore();MM_startTimeout()" onMouseOver="MM_showMenu(window.mm_menu_0821133021_1,0,25,null,'ePrints_banner_r5_c7');MM_swapImage('ePrints_banner_r5_c7','','/images/eprints/ePrints_banner_r5_c7_f2.gif',1);"><img name="ePrints_banner_r5_c7" src="/images/eprints/ePrints_banner_r5_c7.gif" width="68" height="25" border="0" alt="Browse" /></a></td>
<td rowspan="2"><a href="/perl/search/simple" onMouseOut="MM_swapImgRestore();MM_startTimeout()" onMouseOver="MM_showMenu(window.mm_menu_0821133201_2,0,25,null,'ePrints_banner_r5_c8');MM_swapImage('ePrints_banner_r5_c8','','/images/eprints/ePrints_banner_r5_c8_f2.gif',1);"><img name="ePrints_banner_r5_c8" src="/images/eprints/ePrints_banner_r5_c8.gif" width="68" height="25" border="0" alt="Search" /></a></td>
<td rowspan="2"><a href="/perl/register" onMouseOut="MM_swapImgRestore();MM_startTimeout();" onMouseOver="MM_showMenu(window.mm_menu_1018171924_3,0,25,null,'ePrints_banner_r5_c9');MM_swapImage('ePrints_banner_r5_c9','','/images/eprints/ePrints_banner_r5_c9_f2.gif',1);"><img name="ePrints_banner_r5_c9" src="/images/eprints/ePrints_banner_r5_c9.gif" width="68" height="25" border="0" alt="register" /></a></td>
<td rowspan="2"><a href="/perl/users/home" onMouseOut="MM_swapImgRestore();MM_startTimeout()" onMouseOver="MM_showMenu(window.mm_menu_0821133422_4,0,25,null,'ePrints_banner_r5_c10');MM_swapImage('ePrints_banner_r5_c10','','/images/eprints/ePrints_banner_r5_c10_f2.gif',1);"><img name="ePrints_banner_r5_c10" src="/images/eprints/ePrints_banner_r5_c10.gif" width="82" height="25" border="0" alt="user area" /></a></td>
<td rowspan="2"><a href="/help/" onMouseOut="MM_swapImgRestore();MM_startTimeout()" onMouseOver="MM_showMenu(window.mm_menu_0821133514_5,0,25,null,'ePrints_banner_r5_c11');MM_swapImage('ePrints_banner_r5_c11','','/images/eprints/ePrints_banner_r5_c11_f2.gif',1);"><img name="ePrints_banner_r5_c11" src="/images/eprints/ePrints_banner_r5_c11.gif" width="69" height="25" border="0" alt="Help" /></a></td>
<td rowspan="3" colspan="4"><img name="ePrints_banner_r5_c12" src="/images/eprints/ePrints_banner_r5_c12.gif" width="98" height="40" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="1" height="1" border="0" alt="" /></td>
</tr>
<tr>
<td rowspan="2"><img name="ePrints_banner_r6_c3" src="/images/eprints/ePrints_banner_r6_c3.gif" width="44" height="39" border="0" alt="ePrints home" /></td>
<td><a href="/" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('ePrints_banner_r6_c4','','/images/eprints/ePrints_banner_r6_c4_f2.gif',1);"><img name="ePrints_banner_r6_c4" src="/images/eprints/ePrints_banner_r6_c4.gif" width="105" height="24" border="0" alt="ePrints home" /></a></td>
<td><img src="/images/eprints/spacer.gif" width="1" height="24" border="0" alt="" /></td>
</tr>
<tr>
<td><img name="ePrints_banner_r7_c2" src="/images/eprints/ePrints_banner_r7_c2.gif" width="104" height="15" border="0" alt="" /></td>
<td colspan="8"><img name="ePrints_banner_r7_c4" src="/images/eprints/ePrints_banner_r7_c4.gif" width="517" height="15" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="1" height="15" border="0" alt="" /></td>
</tr>
</table></td>
</tr>
<tr><td><table width="100%" style="font-size: 90%; border: solid 1px #ccc; padding: 3px"><tr>
<td align="left"><a href="http://eprints.utas.edu.au/cgi/users/home">Login</a> | <a href="http://eprints.utas.edu.au/cgi/register">Create Account</a></td>
<td align="right" style="white-space: nowrap">
<form method="get" accept-charset="utf-8" action="http://eprints.utas.edu.au/cgi/search" style="display:inline">
<input class="ep_tm_searchbarbox" size="20" type="text" name="q" />
<input class="ep_tm_searchbarbutton" value="Search" type="submit" name="_action_search" />
<input type="hidden" name="_order" value="bytitle" />
<input type="hidden" name="basic_srchtype" value="ALL" />
<input type="hidden" name="_satisfyall" value="ALL" />
</form>
</td>
</tr></table></td></tr>
<tr>
<td class="toplinks"><!-- InstanceBeginEditable name="content" -->
<div align="center">
<table width="720" class="ep_tm_main"><tr><td align="left">
<h1 class="ep_tm_pagetitle">Professional Access Control</h1>
<p style="margin-bottom: 1em" class="not_ep_block"><span class="person_name">de la Motte, Leigh</span> and <span class="person_name">Hartnett, Jacky</span> (2005) <xhtml:em>Professional Access Control.</xhtml:em> In: 13th Health Informatics Conference HIC2005, 31 Jul - 02 Aug 2005, Melbourne, Australia.</p><p style="margin-bottom: 1em" class="not_ep_block"></p><table style="margin-bottom: 1em" class="not_ep_block"><tr><td valign="top" style="text-align:center"><a onmouseover="EPJS_ShowPreview( event, 'doc_preview_790' );" href="http://eprints.utas.edu.au/782/1/PAC.pdf" onmouseout="EPJS_HidePreview( event, 'doc_preview_790' );"><img alt="[img]" src="http://eprints.utas.edu.au/style/images/fileicons/application_pdf.png" class="ep_doc_icon" border="0" /></a><div class="ep_preview" id="doc_preview_790"><table><tr><td><img alt="" src="http://eprints.utas.edu.au/782/thumbnails/1/preview.png" class="ep_preview_image" border="0" /><div class="ep_preview_title">Preview</div></td></tr></table></div></td><td valign="top"><a href="http://eprints.utas.edu.au/782/1/PAC.pdf"><span class="ep_document_citation">PDF</span></a> - Requires a PDF viewer<br />462Kb</td></tr></table><div class="not_ep_block"><h2>Abstract</h2><p style="padding-bottom: 16px; text-align: left; margin: 1em auto 0em auto">Topic area and paper objectives:
This paper investigates the hypotheses that it is possible to build a practical access control system
for patient records within a hospital domain that ensures access to all those who are at any one time
part of a particular patient's treating team yet at the same time provides appropriate barriers to
access for those not currently part of this team. A caveat for this hypothesis is that at no time
should a clinician be barred from access to a particular record, but that means should exist to ensure
that appropriate access is accepted and inappropriate access reported upon. Central to this idea is
that it should be possible to use standards of professional ethics and normal workflow to enable the
model.
Background and concise literature review:
Traditional models of access control do not cope well with the problem of how to define access
permissions for a team that is dynamic in nature (as is a treating team) and where the access is to
objects (patient records) only in the loosest 'owned' by those who have a need to access such
objects. In these models either the system administrator has to define permitted access in advance
(mandatory access control) or the owner of the data can define the permitted accesses (discretionary
access control) (Pfleeger 2000). Extensions to Role Based Access Control (RBAC) and Team
Based Access Control (TMAC) have provided the most useful solutions to date but still require a
system administrator or surrogate to define appropriate access in advance. (Ferraiolo & Kuhn 1992)
(Ramaswamy & Sandhu 1998) (NIST 2004) (Thomas 1997) (Georgiadis et al 2001) (Georgiadis
2002) However, work by Thomas & Sandhu (1997) and Alotaiby & Chen (2004) has shown that it
is possible to incorporate changes to access privileges as part of normal workflow.
Methods:
As a result of observing and discussing normal and unusual workflow patterns within the
Tasmanian hospital environment a set of scenarios were developed each of which characterised a
unique instance of change to whom should be able to access a patient record. The method used by
current access control models to handle each scenario was then analysed. A new definition of a
team in a hospital environment was then used to develop the Professional Access control (PAC)
model that was implemented and tested in Oracle. Testing was carried out using each scenario in a
simulated hospital of 3 wards, 20 staff and 20 patients.
Results and discussions:
Clinicians at a hospital were defined as either being Members: part of a patient's treating team,
Colleagues: having the same role and belonging to the same unit as the patient or Associates: part of
the hospital but not currently related to the patient. Being a team Member can be adjusted as part of
the normal hospital admission and referral processes. Emergency access is provided subject to
retrospective approval and auditing procedures. The model has been developed as an Oracle
implementation for a simulated hospital environment and tested against the 24 scenarios defined.
The Professional Access Control model allows for dynamic definition of the treating team and
facilitates guaranteed availability to clinicians appropriate to their relationship to a patient. This is
made possible by relying upon the professional ethics of clinicians rather than those of system
administrators. It relieves the burden of predefining access control from system administrators
without endowing clinicians with unnecessary system administration privileges.</p></div><table style="margin-bottom: 1em" cellpadding="3" class="not_ep_block" border="0"><tr><th valign="top" class="ep_row">Item Type:</th><td valign="top" class="ep_row">Conference or Workshop Item (Paper)</td></tr><tr><th valign="top" class="ep_row">Keywords:</th><td valign="top" class="ep_row">Health Informatics, Access Control, Computer Security, Roles, Medical Records</td></tr><tr><th valign="top" class="ep_row">Subjects:</th><td valign="top" class="ep_row"><a href="http://eprints.utas.edu.au/view/subjects/280103.html">280000 Information, Computing and Communication Sciences > 280100 Information Systems > 280103 Information Storage, Retrieval and Management</a></td></tr><tr><th valign="top" class="ep_row">ID Code:</th><td valign="top" class="ep_row">782</td></tr><tr><th valign="top" class="ep_row">Deposited By:</th><td valign="top" class="ep_row"><span class="ep_name_citation"><span class="person_name">Mr Leigh de la Motte</span></span></td></tr><tr><th valign="top" class="ep_row">Deposited On:</th><td valign="top" class="ep_row">19 Feb 2007</td></tr><tr><th valign="top" class="ep_row">Last Modified:</th><td valign="top" class="ep_row">09 Jan 2008 02:30</td></tr><tr><th valign="top" class="ep_row">ePrint Statistics:</th><td valign="top" class="ep_row"><a target="ePrintStats" href="/es/index.php?action=show_detail_eprint;id=782;">View statistics for this ePrint</a></td></tr></table><p align="right">Repository Staff Only: <a href="http://eprints.utas.edu.au/cgi/users/home?screen=EPrint::View&eprintid=782">item control page</a></p>
</td></tr></table>
</div>
<!-- InstanceEndEditable --></td>
</tr>
<tr>
<td><!-- #BeginLibraryItem "/Library/footer_eprints.lbi" -->
<table width="795" border="0" align="left" cellpadding="0" class="footer">
<tr valign="top">
<td colspan="2"><div align="center"><a href="http://www.utas.edu.au">UTAS home</a> | <a href="http://www.utas.edu.au/library/">Library home</a> | <a href="/">ePrints home</a> | <a href="/contact.html">contact</a> | <a href="/information.html">about</a> | <a href="/view/">browse</a> | <a href="/perl/search/simple">search</a> | <a href="/perl/register">register</a> | <a href="/perl/users/home">user area</a> | <a href="/help/">help</a></div><br /></td>
</tr>
<tr><td colspan="2"><p><img src="/images/eprints/footerline.gif" width="100%" height="4" /></p></td></tr>
<tr valign="top">
<td width="68%" class="footer">Authorised by the University Librarian<br />
© University of Tasmania ABN 30 764 374 782<br />
<a href="http://www.utas.edu.au/cricos/">CRICOS Provider Code 00586B</a> | <a href="http://www.utas.edu.au/copyright/copyright_disclaimers.html">Copyright & Disclaimers</a> | <a href="http://www.utas.edu.au/accessibility/index.html">Accessibility</a> | <a href="http://eprints.utas.edu.au/feedback/">Site Feedback</a> </td>
<td width="32%"><div align="right">
<p align="right" class="NoPrint"><a href="http://www.utas.edu.au/"><img src="http://www.utas.edu.au/shared/logos/unioftasstrip.gif" alt="University of Tasmania Home Page" width="260" height="16" border="0" align="right" /></a></p>
<p align="right" class="NoPrint"><a href="http://www.utas.edu.au/"><br />
</a></p>
</div></td>
</tr>
<tr valign="top">
<td><p> </p></td>
<td><div align="right"><span class="NoPrint"><a href="http://www.eprints.org/software/"><img src="/images/eprintslogo.gif" alt="ePrints logo" width="77" height="29" border="0" align="bottom" /></a></span></div></td>
</tr>
</table>
<!-- #EndLibraryItem -->
<div align="center"></div></td>
</tr>
</table>
</body>
</html>
