Fan Zhang, Junwei Cao, et al.
IEEE TETC
A fundamental requirement for the healthcare industry is that the delivery of care comes first and nothing should interfere with it. As a consequence, the access control mechanisms used in healthcare to regulate and restrict the disclosure of data are often bypassed in case of emergencies. This phenomenon, called "break the glass", is a common pattern in healthcare organizations and, though quite useful and mandatory in emergency situations, from a security perspective, it represents a serious system weakness. Malicious users, in fact, can abuse the system by exploiting the break the glass principle to gain unauthorized privileges and accesses. In this paper, we propose an access control solution aimed at better regulating break the glass exceptions that occur in healthcare systems. Our solution is based on the definition of different policy spaces, a language, and a composition algebra to regulate access to patient data and to balance the rigorous nature of traditional access control systems with the "delivery of care comes first" principle. © 2010 Elsevier Ltd. All rights reserved.
Fan Zhang, Junwei Cao, et al.
IEEE TETC
Chi-Leung Wong, Zehra Sura, et al.
I-SPAN 2002
Chidanand Apté, Fred Damerau, et al.
ACM Transactions on Information Systems (TOIS)
Yigal Hoffner, Simon Field, et al.
EDOC 2004