Difference between revisions of "ACWP Typical AC Scenarios in Healthcare"
Jump to navigation
Jump to search
| Line 1: | Line 1: | ||
[[ITI_Access_Control_White_Paper|IHE White Paper on Access Control]] | [[ITI_Access_Control_White_Paper|IHE White Paper on Access Control]] | ||
| − | == | + | == Access Control Scenarios in Healthcare == |
| − | * Internal Resource Security: Within a hospital access to a patient's medical data is restricted to personnel who are involved with the patient's | + | Access control in healthcare has many shapes depending on the legal framing, the people and resources involved in a data processing scenario, and the weighting of security objectives within an enterprise. Owed to the complexity of medical workflows these shapes often mix up which makes is impossible to analyze the complete set of use cases and scenarios that might occur. |
| − | + | ||
| − | * Patient Privacy Consent: Within a regional healthcare network the ability is provided to exchange medical patient data among the participating medical organizations (e. g. using IHE XDS). | + | The following list of rather clearly shaped scenarios sketches the use cases that have been considered during the development of this white paper. Even though this list is neither complete nor even touches all considerable issues it is representative for the challenges of access control in healthcare. It is assumed that most real-life access control scenarios can be mapped on the core consideration behind these use cases and therefore can be addressed by the models and methodologies provided by this white paper. |
| − | * Application Policy: A hospital offers its patients the opportunity to use a medication record where all dispensed | + | |
| + | * Internal Resource Security: Within a hospital access to a patient's medical data is restricted to personnel who are involved with the patient's medical treatment and the corresponding administrative activities (e. g. billing). Access to certain sensitive information is further limited to certain functional roles in order to ensure that this information is only disclosed to people who need to know it for a dedicated purpose. | ||
| + | * Patient Privacy Consent: Within a regional healthcare network the ability is provided to exchange medical patient data among the participating medical organizations (e. g. using IHE XDS). A patient may determine which organizations are allowed to request their medical data from other organizations within the network on a regular base. | ||
| + | * Application Policy: A hospital offers its patients the opportunity to use a medication record where all dispensed pharmaceutical products are recorded in order to discover potential interactions. To ensure the consistence and a proper use of this record a policy is agreed upon which states that only pharmacists and the patient may add entries to the record while only physicians and the patient are allowed to run a check against a new medication against the record. | ||
* Secondary Use: A patient grants access to certain of his medical data to a medical study provided that all data is pseudonymized before use. | * Secondary Use: A patient grants access to certain of his medical data to a medical study provided that all data is pseudonymized before use. | ||
| − | * Breaking Glass: In case of an emergency access restrictions from patient provided policies and internal security regulations are | + | * Breaking Glass: In case of an emergency access restrictions from patient provided policies and internal security regulations are overridden by a dedicated emergency policy which allows any physician to access all medical data of the patient. Part of this emergency policy is the obligation that an specific entry is written to a secure audit trail. |
| + | * Individual Opt-Out: A nurse is for a surgery in the hospital she works with. She does not want staff members working at the same department to get any insight into her administrative and medical data. | ||
Revision as of 14:45, 19 February 2009
IHE White Paper on Access Control
Access Control Scenarios in Healthcare
Access control in healthcare has many shapes depending on the legal framing, the people and resources involved in a data processing scenario, and the weighting of security objectives within an enterprise. Owed to the complexity of medical workflows these shapes often mix up which makes is impossible to analyze the complete set of use cases and scenarios that might occur.
The following list of rather clearly shaped scenarios sketches the use cases that have been considered during the development of this white paper. Even though this list is neither complete nor even touches all considerable issues it is representative for the challenges of access control in healthcare. It is assumed that most real-life access control scenarios can be mapped on the core consideration behind these use cases and therefore can be addressed by the models and methodologies provided by this white paper.
- Internal Resource Security: Within a hospital access to a patient's medical data is restricted to personnel who are involved with the patient's medical treatment and the corresponding administrative activities (e. g. billing). Access to certain sensitive information is further limited to certain functional roles in order to ensure that this information is only disclosed to people who need to know it for a dedicated purpose.
- Patient Privacy Consent: Within a regional healthcare network the ability is provided to exchange medical patient data among the participating medical organizations (e. g. using IHE XDS). A patient may determine which organizations are allowed to request their medical data from other organizations within the network on a regular base.
- Application Policy: A hospital offers its patients the opportunity to use a medication record where all dispensed pharmaceutical products are recorded in order to discover potential interactions. To ensure the consistence and a proper use of this record a policy is agreed upon which states that only pharmacists and the patient may add entries to the record while only physicians and the patient are allowed to run a check against a new medication against the record.
- Secondary Use: A patient grants access to certain of his medical data to a medical study provided that all data is pseudonymized before use.
- Breaking Glass: In case of an emergency access restrictions from patient provided policies and internal security regulations are overridden by a dedicated emergency policy which allows any physician to access all medical data of the patient. Part of this emergency policy is the obligation that an specific entry is written to a secure audit trail.
- Individual Opt-Out: A nurse is for a surgery in the hospital she works with. She does not want staff members working at the same department to get any insight into her administrative and medical data.
Discussion
Is the level of detail appropriate? Joerg.caumanns 16:10, 27 January 2009 (UTC)
Change Requests
- I am not very happy with the Treatment Contract scenario. The szenario itself should be kept with another title/motivation and another example for a treatment contract should be given. Joerg.caumanns 16:08, 27 January 2009 (UTC)
- An example related to patient safety, public health, or quality management should be added Joerg.caumanns 16:08, 27 January 2009 (UTC)
- TC090213 (suggestion): The introduction to this section should make clear that the following use cases are just samples that were used as a help to develop the WP
- TC090213 (input): further scenarios might be found in [PASS AC]
- TC090213 (add): use case with opt-out of a single identity should be added (1:1 relationship of subject and patient).