Title: MEDINFO 2010, PTS I AND II Search for Conference Proceedings Publications

Pages: 666-670

13th World Congress on Medical and Health Informatics of International-Medical-Informatics-Association (Medinfo)

Cape Town, SOUTH AFRICA, SEP 12-15, 2010

ISI Web of Knowledge - 5 Citations

Scopus - 10 Citations

Authenticus ID: P-007-WCN

DOI: 10.3233/978-1-60750-588-4-666

Abstract (EN): Translating legislation and regulations into access control systems in healthcare is, in practice, not a straightforward task. Excessive regulation can create barriers to appropriate patient treatment. The main objective of this paper is to present a new methodology that can define, from legislation to practice, an access control policy as well as a RBAC model, in order to comprise generic legislation and regulation issues together with the access control needs from the ends users of a healthcare information system. The methodology includes the use of document analysis as well as grounded theory and mixed methods research. This methodology can be easily applied within a healthcare practice or any other domain with similar requirements. It helps to bridge the gap between legislation and end users' needs, while integrating information security into the healthcare processes in a more meaningful way.

Language: English

Type (Professor's evaluation): Scientific

No. of pages: 5