Open Access Repository

Professional Access Control


Downloads per month over past year

de la Motte, L and Hartnett, J 2005 , 'Professional Access Control', paper presented at the 13th Health Informatics Conference HIC2005, 31 Jul - 02 Aug 2005, Melbourne, Australia.

PAC.pdf | Download (473kB)
Available under University of Tasmania Standard License.

| Preview


Topic area and paper objectives:
This paper investigates the hypotheses that it is possible to build a practical access control system
for patient records within a hospital domain that ensures access to all those who are at any one time
part of a particular patient's treating team yet at the same time provides appropriate barriers to
access for those not currently part of this team. A caveat for this hypothesis is that at no time
should a clinician be barred from access to a particular record, but that means should exist to ensure
that appropriate access is accepted and inappropriate access reported upon. Central to this idea is
that it should be possible to use standards of professional ethics and normal workflow to enable the
Background and concise literature review:
Traditional models of access control do not cope well with the problem of how to define access
permissions for a team that is dynamic in nature (as is a treating team) and where the access is to
objects (patient records) only in the loosest 'owned' by those who have a need to access such
objects. In these models either the system administrator has to define permitted access in advance
(mandatory access control) or the owner of the data can define the permitted accesses (discretionary
access control) (Pfleeger 2000). Extensions to Role Based Access Control (RBAC) and Team
Based Access Control (TMAC) have provided the most useful solutions to date but still require a
system administrator or surrogate to define appropriate access in advance. (Ferraiolo & Kuhn 1992)
(Ramaswamy & Sandhu 1998) (NIST 2004) (Thomas 1997) (Georgiadis et al 2001) (Georgiadis
2002) However, work by Thomas & Sandhu (1997) and Alotaiby & Chen (2004) has shown that it
is possible to incorporate changes to access privileges as part of normal workflow.
As a result of observing and discussing normal and unusual workflow patterns within the
Tasmanian hospital environment a set of scenarios were developed each of which characterised a
unique instance of change to whom should be able to access a patient record. The method used by
current access control models to handle each scenario was then analysed. A new definition of a
team in a hospital environment was then used to develop the Professional Access control (PAC)
model that was implemented and tested in Oracle. Testing was carried out using each scenario in a
simulated hospital of 3 wards, 20 staff and 20 patients.
Results and discussions:
Clinicians at a hospital were defined as either being Members: part of a patient's treating team,
Colleagues: having the same role and belonging to the same unit as the patient or Associates: part of
the hospital but not currently related to the patient. Being a team Member can be adjusted as part of
the normal hospital admission and referral processes. Emergency access is provided subject to
retrospective approval and auditing procedures. The model has been developed as an Oracle
implementation for a simulated hospital environment and tested against the 24 scenarios defined.
The Professional Access Control model allows for dynamic definition of the treating team and
facilitates guaranteed availability to clinicians appropriate to their relationship to a patient. This is
made possible by relying upon the professional ethics of clinicians rather than those of system
administrators. It relieves the burden of predefining access control from system administrators
without endowing clinicians with unnecessary system administration privileges.

Item Type: Conference or Workshop Item (Paper)
Authors/Creators:de la Motte, L and Hartnett, J
Keywords: Health Informatics, Access Control, Computer Security, Roles, Medical Records
Item Statistics: View statistics for this item

Actions (login required)

Item Control Page Item Control Page