<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>UTas ePrints - Using a Client-Task Based Approach to Achieve a Privacy Compliant Access Control System</title>
<script type="text/javascript" src="http://eprints.utas.edu.au/javascript/auto.js"><!-- padder --></script>
<style type="text/css" media="screen">@import url(http://eprints.utas.edu.au/style/auto.css);</style>
<style type="text/css" media="print">@import url(http://eprints.utas.edu.au/style/print.css);</style>
<link rel="icon" href="/images/eprints/favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="/images/eprints/favicon.ico" type="image/x-icon" />
<link rel="Top" href="http://eprints.utas.edu.au/" />
<link rel="Search" href="http://eprints.utas.edu.au/cgi/search" />
<meta content="de la Motte, Leigh" name="eprints.creators_name" />
<meta content="Hartnett, Jacky" name="eprints.creators_name" />
<meta content="lhdela@utas.edu.au" name="eprints.creators_id" />
<meta content="J.Hartnett@utas.edu.au" name="eprints.creators_id" />
<meta content="conference_item" name="eprints.type" />
<meta content="2007-02-19" name="eprints.datestamp" />
<meta content="2008-01-08 15:30:00" name="eprints.lastmod" />
<meta content="show" name="eprints.metadata_visibility" />
<meta content="Using a Client-Task Based Approach to Achieve a
Privacy Compliant Access Control System" name="eprints.title" />
<meta content="pub" name="eprints.ispublished" />
<meta content="280103" name="eprints.subjects" />
<meta content="public" name="eprints.full_text_status" />
<meta content="paper" name="eprints.pres_type" />
<meta content="Health Informatics, Medical Records, Privacy, Access Control, Computer Security, Workflow Management, Consent, Roles" name="eprints.keywords" />
<meta content="This paper seeks a solution to the problem of assuring the privacy of low value client information such as that maintained by a hospital. The proposed solution involves the development of a compliant low-cost system. It is based on the fundamental requirement that such a system needs to provide integration, generalization and inbuilt consent. Integration brings together the technical, managerial and regulatory components of an organisation's system. Generalization provides all the access control functionalities that are necessary for the system to be
useful in a diverse range of organisations. Inbuilt consent ensures that data owners consent to the use of their personally identified data. The Integrated System proposed here uses a Client-Task approach. It is based on the observation that a client is not a user of the system yet has a form of ownership over their personally identified data held within the system. Furthermore, in industries such as health, it is often the professionals and managers who determine who has access rather than systems administrators." name="eprints.abstract" />
<meta content="2006-10" name="eprints.date" />
<meta content="published" name="eprints.date_type" />
<meta content="9" name="eprints.pages" />
<meta content="1st Electronic Health Privacy and Security Symposium EhPASS2006" name="eprints.event_title" />
<meta content="Brisbane, Australia" name="eprints.event_location" />
<meta content="24-25 Oct 2006" name="eprints.event_dates" />
<meta content="conference" name="eprints.event_type" />
<meta content="UNSPECIFIED" name="eprints.thesis_type" />
<meta content="TRUE" name="eprints.refereed" />
<meta content="1. Al-Kahtani, M.A. and Sandhu, R., A Model for
Attribute-Based User-Role Assignment. in 18th Annual
Computer Security Applications Conference, (Las
Vegas, Nevada, USA, 2002), IEEE, 353.
2. Alotaiby, F.T. and Chen, J.X., A Model for Team-based
Access Control (TMAC 2004). in International
Conference on Information Technology: Coding and
Computing (ITCC'04), (Las Vegas, Nevada, USA,
2004), IEEE.
3. Atluri, V. and Warner, J., Supporting Conditional
Delegation in Secure Workflow Management Systems.
in Symposium on Access Control Models and
Technologies 2005, (Stockholm, Sweden, 2005), ACM
Press, New York, NY, USA, 59-66.
4. Bacon, J., Moody, K. and Yao, W. A Model of OASIS
Role-Based Access Control and Its Support for Active
Security. ACM Transactions on Information and System
Security, Vol. 5 (No. 4). 492-540.
5. Beresnevichiene, Y. A role and context based security
model, University of Cambridge Computer Laboratory,
Cambridge, 2003.
6. Bertino, E., Ferrari, E. and Atluri, V. The Specification
and Enforcement of Authorization Constraints in
Workflow Management Systems. ACM Transactions on
Information and System Security, Vol. 2 (No. 1). 65-104.
7. Botha, R.A. and Eloff, J.H.P. Separation of duties for
access control enforcement in workflow environments.
IBM Systems Journal, 40 (3). 666-682.
8. Caelli, W. and Rhodes, A. RBACManager:
Implementing a Minimal Role Based Access Control
Scheme (RBACM) Under the Windows NT 4.0
WorkstationÃÂî Operating System, 1999.
9. Chen, F. and Sandhu, R.S., Constraints for role-based
access control. in Symposium on Access Control Models
and Technologies, (Gaithersburg, Maryland, US, 1996),
ACM Press, New York, NY, USA.
10. Clark, D.D. and Wilson, D.H., A Comparison of
Commercial and Military Computer Security Policies.
in IEEE Computer Society Symposium on Security and
Privacy, (Oakland, USA, 1987).
11. Clarke, R., e-Consent: A Critical Element of Trust in e-
Business. in 15th Bled Electronic Commerce
Conference, (Bled, Slovenia, 2002).
12. Cohen, E., Thomas, R.K., Winsborough, W. and
Shands, D., Models for Coalitionbased Access Control
(CBAC). in Seventh ACM symposium on Access control
models and technologies, (Monterey, California, USA,
2002), ACM Press, 97-106.
13. Coiera, E. and Clarke, R. e-Consent: The Design and
Implementation of Consumer Consent Mechanisms in
an Electronic Environment. Journal of the American
Medical Informatics Association, 11 (2). 129-140.
14. Crook, R., Ince, D. and Nuseibeh, B., Towards an
Analytical Role Modelling Framework for Security
Requirements. in 8th International Workshop on
Requirements Engineering: Foundation for Software
Quality (REFSQ-02), (Essen, Germany, 2002).
15. de la Motte, L. Professional Access Control School of
Computing, University of Tasmania, Launceston, 2004.
16. Desmond, J. Roles or Rules: The Access Control
Debate, esecurityplanet, 2003.
17. El Kalam, A.A., Baida, R.E., Balbiani, P., Benferhat, S.,
Cuppens, F., Deswarte, Y., Miege, A., Saurel, C. and
Trouessin, G., Organisation based access control. in 4th
International IEEE Workshop on Policies for
Distributed Systems and Networks, (Lake Como, Italy,
2003), IEEE, 120-131.
18. Fernandez, R. Enterprise Dynamic Access Control
(EDAC) Overview, SSC San Diego, 2005.
19. Ferraiolo, D. Evolution of Access Control in
Commercial Products, 2003.
20. Ferraiolo, D. and Kuhn, R., Role-Based Access Control.
in 15th National Computer Security Conference,
(Baltimore, MD, 1992).
21. Ferraiolo, D.F., Ahn, G.-J., R.Chandramouli and
Gavrila, S.I., The Role Control Center: Features and
Case Studies. in 8th ACM Symposium on Access
Control Models And Technologies, (Como, Italy, 2003),
ACM Press New York, NY, USA, 12 - 20.
22. Fischer-Hubner, S. and Ott, A., From a Formal Privacy
Model to its Implementation. in 21st National
Information Systems Security Conference, (Arlington,
VA, 1998).
23. Georgiadis, C.K., Mavridis, I., Pangalos, G. and
Thomas, R.K., Flexible Team-Based Access Control
Using Contexts. in SACMAT '01, (Chantilly, Virginia,
USA, 2001), ACM, 21-27.
24. HealthConnect. Consent and Electronic Health Records
- A Discussion Paper, 2002.
25. Hung, P.C.K. and Karlapalem, K., A Secure Workflow
Model. in Australasian Information Security Workshop
(AISW2003), (Adelaide, Australia, 2003), Australian
Computer Society, Inc. - Conferences in Research and
Practice in Information Technology.
26. Kern, A. and Walhorn, C., Rule Support for RoleBased
Access Control. in Symposium on Access Control
Models and Technologies 2005, (Stockholm, Sweden,
2005), ACM Press, New York, NY, USA, 130-138.
27. Lampson, B.W. Computer Security in the Real World,
2002.
28. Li, N. and Mitchell, J.C., Design of a Role-based Trustmanagement
Framework. in IEEE Symposium on
Security and Privacy, 2002, (2002), IEEE.
29. Li, N. and Mitchell, J.C., RT: A Role-based Trustmanagement
Framework. in Third DARPA Information
Survivability Conference, (2003).
30. NCSC. A Guide to Understanding Discretionary Access
Control in Trusted Systems (Neon Orange Book), 1987.
31. Neumann, G. and Strembeck, M., An Approach to
Engineer and Enforce Context Constraints in an RBAC
Environment. in SACMAT '03, (Como, Italy, 2003),
ACM, 65-79.
32. OECD. OECD Guidelines on the Protection of Privacy
and Transborder Flows of Personal Data, 2006.
33. Povey, D. Optimistic Security: A New Access Control
Paradigm, 1999.
34. Rhodes, A. and Caelli, W. A Review Paper Role Based
Access Control, University of Queensland, Brisbane
Australia, 1999.
35. Rissanen, E., Firozabadi, B.S. and Sergot, M.
Discretionary Overriding of Access Control in the
Privilege Calculus, 2005.
36. Rissanen, E., Firozabadi, B.S. and Sergot, M. Towards
A Mechanism for Discretionary Overriding of Access
Control, 2004.
37. Russell, N., Hofstede, A.H.M.t., Edmond, D. and Aalst,
W.M.P.v.d. Workflow Resource Patterns, 2005.
38. Sandhu, R.S., Coynek, E.J., Feinsteink, H.L. and
Youmank, C.E. Role-Based Access Control Models.
IEEE Computer, 29 (2). 38-47.
39. Stevens, G. and Wulf, V. A New Dimension in Access
Control: Studying Maintenance Engineering across
Organizational Boundaries, 2002.
40. Thomas, R.K., Team-based Access Control (TMAC): A
Primitive for Applying Role-based Access Controls in
Collaborative Environments. in RBAC '97, (Fairfax Va
USA, 1997), ACM, 13-19.
41. Thomas, R.K. and Sandhu, R.S., Task-based
Authorisation Controls (TBAC): A Family of Models
for Active and Enterprise-oriented Authorisation
Management. in IFIP WG11.3 Workshop on Database
Security, (Lake Tahoe, California, USA, 1997),
Chapman & Hall.
42. Wang, L., Wijesekera, D. and Jajodia, S., A Logicbased
Framework for Attribute based Access Control. in
2004 ACM workshop on Formal methods in security
engineering, (2004)." name="eprints.referencetext" />
<meta content="de la Motte, Leigh and Hartnett, Jacky (2006) Using a Client-Task Based Approach to Achieve a Privacy Compliant Access Control System. In: 1st Electronic Health Privacy and Security Symposium EhPASS2006, 24-25 Oct 2006, Brisbane, Australia." name="eprints.citation" />
<meta content="http://eprints.utas.edu.au/783/1/ClientPrivacy.pdf" name="eprints.document_url" />
<link rel="schema.DC" href="http://purl.org/DC/elements/1.0/" />
<meta content="Using a Client-Task Based Approach to Achieve a
Privacy Compliant Access Control System" name="DC.title" />
<meta content="de la Motte, Leigh" name="DC.creator" />
<meta content="Hartnett, Jacky" name="DC.creator" />
<meta content="280103 Information Storage, Retrieval and Management" name="DC.subject" />
<meta content="This paper seeks a solution to the problem of assuring the privacy of low value client information such as that maintained by a hospital. The proposed solution involves the development of a compliant low-cost system. It is based on the fundamental requirement that such a system needs to provide integration, generalization and inbuilt consent. Integration brings together the technical, managerial and regulatory components of an organisation's system. Generalization provides all the access control functionalities that are necessary for the system to be
useful in a diverse range of organisations. Inbuilt consent ensures that data owners consent to the use of their personally identified data. The Integrated System proposed here uses a Client-Task approach. It is based on the observation that a client is not a user of the system yet has a form of ownership over their personally identified data held within the system. Furthermore, in industries such as health, it is often the professionals and managers who determine who has access rather than systems administrators." name="DC.description" />
<meta content="2006-10" name="DC.date" />
<meta content="Conference or Workshop Item" name="DC.type" />
<meta content="PeerReviewed" name="DC.type" />
<meta content="application/pdf" name="DC.format" />
<meta content="http://eprints.utas.edu.au/783/1/ClientPrivacy.pdf" name="DC.identifier" />
<meta content="de la Motte, Leigh and Hartnett, Jacky (2006) Using a Client-Task Based Approach to Achieve a Privacy Compliant Access Control System. In: 1st Electronic Health Privacy and Security Symposium EhPASS2006, 24-25 Oct 2006, Brisbane, Australia." name="DC.identifier" />
<meta content="http://eprints.utas.edu.au/783/" name="DC.relation" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/BibTeX/epprod-eprint-783.bib" title="BibTeX" type="text/plain" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/ContextObject/epprod-eprint-783.xml" title="OpenURL ContextObject" type="text/xml" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/ContextObject::Dissertation/epprod-eprint-783.xml" title="OpenURL Dissertation" type="text/xml" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/ContextObject::Journal/epprod-eprint-783.xml" title="OpenURL Journal" type="text/xml" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/DC/epprod-eprint-783.txt" title="Dublin Core" type="text/plain" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/DIDL/epprod-eprint-783.xml" title="DIDL" type="text/xml" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/EndNote/epprod-eprint-783.enw" title="EndNote" type="text/plain" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/HTML/epprod-eprint-783.html" title="HTML Citation" type="text/html; charset=utf-8" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/METS/epprod-eprint-783.xml" title="METS" type="text/xml" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/MODS/epprod-eprint-783.xml" title="MODS" type="text/xml" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/RIS/epprod-eprint-783.ris" title="Reference Manager" type="text/plain" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/Refer/epprod-eprint-783.refer" title="Refer" type="text/plain" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/Simple/epprod-eprint-783text" title="Simple Metadata" type="text/plain" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/Text/epprod-eprint-783.txt" title="ASCII Citation" type="text/plain; charset=utf-8" />
<link rel="alternate" href="http://eprints.utas.edu.au/cgi/export/783/XML/epprod-eprint-783.xml" title="EP3 XML" type="text/xml" />
</head>
<body bgcolor="#ffffff" text="#000000" onLoad="loadRoutine(); MM_preloadImages('images/eprints/ePrints_banner_r5_c5_f2.gif','images/eprints/ePrints_banner_r5_c7_f2.gif','images/eprints/ePrints_banner_r5_c8_f2.gif','images/eprints/ePrints_banner_r5_c9_f2.gif','images/eprints/ePrints_banner_r5_c10_f2.gif','images/eprints/ePrints_banner_r5_c11_f2.gif','images/eprints/ePrints_banner_r6_c4_f2.gif')">
<div class="ep_noprint"><noscript><style type="text/css">@import url(http://eprints.utas.edu.au/style/nojs.css);</style></noscript></div>
<table width="795" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><script language="JavaScript1.2">mmLoadMenus();</script>
<table border="0" cellpadding="0" cellspacing="0" width="795">
<!-- fwtable fwsrc="eprints_banner_final2.png" fwbase="ePrints_banner.gif" fwstyle="Dreamweaver" fwdocid = "1249563342" fwnested="0" -->
<tr>
<td><img src="/images/eprints/spacer.gif" width="32" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="104" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="44" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="105" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="41" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="16" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="68" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="68" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="68" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="82" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="69" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="98" height="1" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="1" height="1" border="0" alt="" /></td>
</tr>
<tr>
<td colspan="12"><img name="ePrints_banner_r1_c1" src="/images/eprints/ePrints_banner_r1_c1.gif" width="795" height="10" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="1" height="10" border="0" alt="" /></td>
</tr>
<tr>
<td rowspan="6"><img name="ePrints_banner_r2_c1" src="/images/eprints/ePrints_banner_r2_c1.gif" width="32" height="118" border="0" alt="" /></td>
<td rowspan="5"><a href="http://www.utas.edu.au/"><img name="ePrints_banner_r2_c2" src="/images/eprints/ePrints_banner_r2_c2.gif" width="104" height="103" border="0" alt="" /></a></td>
<td colspan="10"><img name="ePrints_banner_r2_c3" src="/images/eprints/ePrints_banner_r2_c3.gif" width="659" height="41" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="1" height="41" border="0" alt="" /></td>
</tr>
<tr>
<td colspan="3"><a href="http://eprints.utas.edu.au/"><img name="ePrints_banner_r3_c3" src="/images/eprints/ePrints_banner_r3_c3.gif" width="190" height="31" border="0" alt="" /></a></td>
<td rowspan="2" colspan="7"><img name="ePrints_banner_r3_c6" src="/images/eprints/ePrints_banner_r3_c6.gif" width="469" height="37" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="1" height="31" border="0" alt="" /></td>
</tr>
<tr>
<td colspan="3"><img name="ePrints_banner_r4_c3" src="/images/eprints/ePrints_banner_r4_c3.gif" width="190" height="6" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="1" height="6" border="0" alt="" /></td>
</tr>
<tr>
<td colspan="2"><img name="ePrints_banner_r5_c3" src="/images/eprints/ePrints_banner_r5_c3.gif" width="149" height="1" border="0" alt="" /></td>
<td rowspan="2" colspan="2"><a href="/information.html" onMouseOut="MM_swapImgRestore();MM_startTimeout()" onMouseOver="MM_showMenu(window.mm_menu_0821132634_0,0,25,null,'ePrints_banner_r5_c5');MM_swapImage('ePrints_banner_r5_c5','','/images/eprints/ePrints_banner_r5_c5_f2.gif',1);"><img name="ePrints_banner_r5_c5" src="/images/eprints/ePrints_banner_r5_c5.gif" width="57" height="25" border="0" alt="About" /></a></td>
<td rowspan="2"><a href="/view/" onMouseOut="MM_swapImgRestore();MM_startTimeout()" onMouseOver="MM_showMenu(window.mm_menu_0821133021_1,0,25,null,'ePrints_banner_r5_c7');MM_swapImage('ePrints_banner_r5_c7','','/images/eprints/ePrints_banner_r5_c7_f2.gif',1);"><img name="ePrints_banner_r5_c7" src="/images/eprints/ePrints_banner_r5_c7.gif" width="68" height="25" border="0" alt="Browse" /></a></td>
<td rowspan="2"><a href="/perl/search/simple" onMouseOut="MM_swapImgRestore();MM_startTimeout()" onMouseOver="MM_showMenu(window.mm_menu_0821133201_2,0,25,null,'ePrints_banner_r5_c8');MM_swapImage('ePrints_banner_r5_c8','','/images/eprints/ePrints_banner_r5_c8_f2.gif',1);"><img name="ePrints_banner_r5_c8" src="/images/eprints/ePrints_banner_r5_c8.gif" width="68" height="25" border="0" alt="Search" /></a></td>
<td rowspan="2"><a href="/perl/register" onMouseOut="MM_swapImgRestore();MM_startTimeout();" onMouseOver="MM_showMenu(window.mm_menu_1018171924_3,0,25,null,'ePrints_banner_r5_c9');MM_swapImage('ePrints_banner_r5_c9','','/images/eprints/ePrints_banner_r5_c9_f2.gif',1);"><img name="ePrints_banner_r5_c9" src="/images/eprints/ePrints_banner_r5_c9.gif" width="68" height="25" border="0" alt="register" /></a></td>
<td rowspan="2"><a href="/perl/users/home" onMouseOut="MM_swapImgRestore();MM_startTimeout()" onMouseOver="MM_showMenu(window.mm_menu_0821133422_4,0,25,null,'ePrints_banner_r5_c10');MM_swapImage('ePrints_banner_r5_c10','','/images/eprints/ePrints_banner_r5_c10_f2.gif',1);"><img name="ePrints_banner_r5_c10" src="/images/eprints/ePrints_banner_r5_c10.gif" width="82" height="25" border="0" alt="user area" /></a></td>
<td rowspan="2"><a href="/help/" onMouseOut="MM_swapImgRestore();MM_startTimeout()" onMouseOver="MM_showMenu(window.mm_menu_0821133514_5,0,25,null,'ePrints_banner_r5_c11');MM_swapImage('ePrints_banner_r5_c11','','/images/eprints/ePrints_banner_r5_c11_f2.gif',1);"><img name="ePrints_banner_r5_c11" src="/images/eprints/ePrints_banner_r5_c11.gif" width="69" height="25" border="0" alt="Help" /></a></td>
<td rowspan="3" colspan="4"><img name="ePrints_banner_r5_c12" src="/images/eprints/ePrints_banner_r5_c12.gif" width="98" height="40" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="1" height="1" border="0" alt="" /></td>
</tr>
<tr>
<td rowspan="2"><img name="ePrints_banner_r6_c3" src="/images/eprints/ePrints_banner_r6_c3.gif" width="44" height="39" border="0" alt="ePrints home" /></td>
<td><a href="/" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('ePrints_banner_r6_c4','','/images/eprints/ePrints_banner_r6_c4_f2.gif',1);"><img name="ePrints_banner_r6_c4" src="/images/eprints/ePrints_banner_r6_c4.gif" width="105" height="24" border="0" alt="ePrints home" /></a></td>
<td><img src="/images/eprints/spacer.gif" width="1" height="24" border="0" alt="" /></td>
</tr>
<tr>
<td><img name="ePrints_banner_r7_c2" src="/images/eprints/ePrints_banner_r7_c2.gif" width="104" height="15" border="0" alt="" /></td>
<td colspan="8"><img name="ePrints_banner_r7_c4" src="/images/eprints/ePrints_banner_r7_c4.gif" width="517" height="15" border="0" alt="" /></td>
<td><img src="/images/eprints/spacer.gif" width="1" height="15" border="0" alt="" /></td>
</tr>
</table></td>
</tr>
<tr><td><table width="100%" style="font-size: 90%; border: solid 1px #ccc; padding: 3px"><tr>
<td align="left"><a href="http://eprints.utas.edu.au/cgi/users/home">Login</a> | <a href="http://eprints.utas.edu.au/cgi/register">Create Account</a></td>
<td align="right" style="white-space: nowrap">
<form method="get" accept-charset="utf-8" action="http://eprints.utas.edu.au/cgi/search" style="display:inline">
<input class="ep_tm_searchbarbox" size="20" type="text" name="q" />
<input class="ep_tm_searchbarbutton" value="Search" type="submit" name="_action_search" />
<input type="hidden" name="_order" value="bytitle" />
<input type="hidden" name="basic_srchtype" value="ALL" />
<input type="hidden" name="_satisfyall" value="ALL" />
</form>
</td>
</tr></table></td></tr>
<tr>
<td class="toplinks"><!-- InstanceBeginEditable name="content" -->
<div align="center">
<table width="720" class="ep_tm_main"><tr><td align="left">
<h1 class="ep_tm_pagetitle">Using a Client-Task Based Approach to Achieve a Privacy Compliant Access Control System</h1>
<p style="margin-bottom: 1em" class="not_ep_block"><span class="person_name">de la Motte, Leigh</span> and <span class="person_name">Hartnett, Jacky</span> (2006) <xhtml:em>Using a Client-Task Based Approach to Achieve a Privacy Compliant Access Control System.</xhtml:em> In: 1st Electronic Health Privacy and Security Symposium EhPASS2006, 24-25 Oct 2006, Brisbane, Australia.</p><p style="margin-bottom: 1em" class="not_ep_block"></p><table style="margin-bottom: 1em" class="not_ep_block"><tr><td valign="top" style="text-align:center"><a onmouseover="EPJS_ShowPreview( event, 'doc_preview_791' );" href="http://eprints.utas.edu.au/783/1/ClientPrivacy.pdf" onmouseout="EPJS_HidePreview( event, 'doc_preview_791' );"><img alt="[img]" src="http://eprints.utas.edu.au/style/images/fileicons/application_pdf.png" class="ep_doc_icon" border="0" /></a><div class="ep_preview" id="doc_preview_791"><table><tr><td><img alt="" src="http://eprints.utas.edu.au/783/thumbnails/1/preview.png" class="ep_preview_image" border="0" /><div class="ep_preview_title">Preview</div></td></tr></table></div></td><td valign="top"><a href="http://eprints.utas.edu.au/783/1/ClientPrivacy.pdf"><span class="ep_document_citation">PDF</span></a> - Requires a PDF viewer<br />229Kb</td></tr></table><div class="not_ep_block"><h2>Abstract</h2><p style="padding-bottom: 16px; text-align: left; margin: 1em auto 0em auto">This paper seeks a solution to the problem of assuring the privacy of low value client information such as that maintained by a hospital. The proposed solution involves the development of a compliant low-cost system. It is based on the fundamental requirement that such a system needs to provide integration, generalization and inbuilt consent. Integration brings together the technical, managerial and regulatory components of an organisation's system. Generalization provides all the access control functionalities that are necessary for the system to be
useful in a diverse range of organisations. Inbuilt consent ensures that data owners consent to the use of their personally identified data. The Integrated System proposed here uses a Client-Task approach. It is based on the observation that a client is not a user of the system yet has a form of ownership over their personally identified data held within the system. Furthermore, in industries such as health, it is often the professionals and managers who determine who has access rather than systems administrators.</p></div><table style="margin-bottom: 1em" cellpadding="3" class="not_ep_block" border="0"><tr><th valign="top" class="ep_row">Item Type:</th><td valign="top" class="ep_row">Conference or Workshop Item (Paper)</td></tr><tr><th valign="top" class="ep_row">Keywords:</th><td valign="top" class="ep_row">Health Informatics, Medical Records, Privacy, Access Control, Computer Security, Workflow Management, Consent, Roles</td></tr><tr><th valign="top" class="ep_row">Subjects:</th><td valign="top" class="ep_row"><a href="http://eprints.utas.edu.au/view/subjects/280103.html">280000 Information, Computing and Communication Sciences > 280100 Information Systems > 280103 Information Storage, Retrieval and Management</a></td></tr><tr><th valign="top" class="ep_row">ID Code:</th><td valign="top" class="ep_row">783</td></tr><tr><th valign="top" class="ep_row">Deposited By:</th><td valign="top" class="ep_row"><span class="ep_name_citation"><span class="person_name">Mr Leigh de la Motte</span></span></td></tr><tr><th valign="top" class="ep_row">Deposited On:</th><td valign="top" class="ep_row">19 Feb 2007</td></tr><tr><th valign="top" class="ep_row">Last Modified:</th><td valign="top" class="ep_row">09 Jan 2008 02:30</td></tr><tr><th valign="top" class="ep_row">ePrint Statistics:</th><td valign="top" class="ep_row"><a target="ePrintStats" href="/es/index.php?action=show_detail_eprint;id=783;">View statistics for this ePrint</a></td></tr></table><p align="right">Repository Staff Only: <a href="http://eprints.utas.edu.au/cgi/users/home?screen=EPrint::View&eprintid=783">item control page</a></p>
</td></tr></table>
</div>
<!-- InstanceEndEditable --></td>
</tr>
<tr>
<td><!-- #BeginLibraryItem "/Library/footer_eprints.lbi" -->
<table width="795" border="0" align="left" cellpadding="0" class="footer">
<tr valign="top">
<td colspan="2"><div align="center"><a href="http://www.utas.edu.au">UTAS home</a> | <a href="http://www.utas.edu.au/library/">Library home</a> | <a href="/">ePrints home</a> | <a href="/contact.html">contact</a> | <a href="/information.html">about</a> | <a href="/view/">browse</a> | <a href="/perl/search/simple">search</a> | <a href="/perl/register">register</a> | <a href="/perl/users/home">user area</a> | <a href="/help/">help</a></div><br /></td>
</tr>
<tr><td colspan="2"><p><img src="/images/eprints/footerline.gif" width="100%" height="4" /></p></td></tr>
<tr valign="top">
<td width="68%" class="footer">Authorised by the University Librarian<br />
© University of Tasmania ABN 30 764 374 782<br />
<a href="http://www.utas.edu.au/cricos/">CRICOS Provider Code 00586B</a> | <a href="http://www.utas.edu.au/copyright/copyright_disclaimers.html">Copyright & Disclaimers</a> | <a href="http://www.utas.edu.au/accessibility/index.html">Accessibility</a> | <a href="http://eprints.utas.edu.au/feedback/">Site Feedback</a> </td>
<td width="32%"><div align="right">
<p align="right" class="NoPrint"><a href="http://www.utas.edu.au/"><img src="http://www.utas.edu.au/shared/logos/unioftasstrip.gif" alt="University of Tasmania Home Page" width="260" height="16" border="0" align="right" /></a></p>
<p align="right" class="NoPrint"><a href="http://www.utas.edu.au/"><br />
</a></p>
</div></td>
</tr>
<tr valign="top">
<td><p> </p></td>
<td><div align="right"><span class="NoPrint"><a href="http://www.eprints.org/software/"><img src="/images/eprintslogo.gif" alt="ePrints logo" width="77" height="29" border="0" align="bottom" /></a></span></div></td>
</tr>
</table>
<!-- #EndLibraryItem -->
<div align="center"></div></td>
</tr>
</table>
</body>
</html>
