Ferreira, Ana and Chadwick, David W. and Antunes, Luís
Modelling Access Control For Healthcare Information Systems.
In: Doctoral consortium at 9th International Conference on Enterprise Information Systems (ICEIS2007), 12th-16th June 2007, Funchal, Madeira - Portugal.
The widening use of Information Systems, which allow the collection, extraction, storage, management and search of information, is increasing the need for information security. After a user is successfully identified and authenticated to a system, he needs to be authorised to access the resources he/she requested. Access control is part of this last process that checks if a user can access those resources. This is particularly important in the healthcare environment where there is the need to control access to Electronic Medical Records (EMR). Although EMR can be an important support tool for the healthcare professional there are some barriers that prevent its successful integration. These barriers include the fact that healthcare professionals do not participate in the development of access control to access the EMR imposing them extra effort in its use. New access control policies to be implemented should focus on human processes and needs. The main objective of this project is to reduce EMR barriers by including healthcare professionals and patients in the definition and improvement of access control policies and models. If this can be achieved, we hypothesize that the EMR can be more successfully integrated into the healthcare practice and provide for better patient treatment.
- Depositors only (login required):