FROM LEGISLATION TO PRACTICE - A Case Study of Break the Glass in Healthcare

P. Farinha, R. Cruz-Correia, L. Antunes, Filipe Almeida, A. Ferreira

2010

Abstract

Recommendations and regulations are available in healthcare to protect sensitive medical information. These regulations tend to be generic and orient attitudes within the medical practice and are usually not straightforward to be translated into practice. The main objective of this paper is to present the implementation of the Break the Glass (BTG) concept in a real healthcare setting in order to enforce the legislation for genetic information and evaluate the process of translating legislation into the healthcare practice. The user logs were analysed to assess if the BTG system was working as expected, providing genetic information confidentiality, as well as if the legislation was being enforced in a controlled and responsible manner. Results show that the process to translate legislation into practice could be faster and more efficient. User logs show that in terms of confidentiality the BTG features prevent more non authorised people from accessing genetic reports. We expect the tendency to be that only users who really need to access the reports will go through with the process of BTG. Enhancements to the system include the implementation of the access control management infrastructure within a more robust access control platform to perform the authentication and authorization processes.

References

  1. Break-glass: An approach to granting emergency access to healthcare systems, 2004. White paper, Joint - NEMA/COCIR/JIRA Security and Privacy Committee (SPC).
  2. Cruz-Correia R., Vieira-Marques P., Costa P., Ferreira A., Oliveira-Palhares E., Araújo F., et al., 2005. Integration of Hospital data using Agent Technologies - a case study. AICommunications special issue of ECAI. 18(3):191-200.
  3. Farinha P., Ferreira A., Cruz-Correia R., 2006. Gestão de acessos e recursos para estudos clínicos multicêntricos on-line. Actas da 1ª Conferência Ibérica de sistemas e Tecnologia de Informação. 1: 631-640.
  4. Ferraiolo, D. & Sandhu, R. & Gavrila, S. & Kuhn, R. & Chandramouli, R. (2001). Proposed NIST Standard for Role-based Access Control. ACM Transactions on Information and systems security. 4(3):224-274.
  5. Ferreira A., Cruz-Correia R., Costa-Pereira A., 2004. Securing a Web-based EPR: An approach to secure a centralized EPR within a hospital. Proceedings of the 6th International Conference on Enterprise Information Systems. 3: 54-9.
  6. Ferreira A., Cruz-Correia R., Antunes L., Farinha P., Oliveira-Palhares E., Chadwick D W., Costa-Pereira A., 2006. How to break access control in a controlled manner? Proceedings of the 19th IEEE Symposium on Computer-Based Medical Systems. 847-851.
  7. Lei nº 12/2005. Informação genética pessoal de saúde.
  8. Membres CdMaÉ, 1997. Protection des Données Médicales. Recommendation n° R (97) 5.
  9. Ministers CoE-Co. 2004. On the impact of information technologies on health care - the patient and Internet. Recommendation Rec (2004) 17.
  10. Povey D., 2000. Optimistic security: a new access control paradigm. Proceedings of the 1999 workshop on New security paradigms. ACM Press. 40-45.
  11. Rissanen E., Firozabadi S., Sergot M., 2004. Towards a Mechanism for Discretionary Overriding of Access Control. Proceedings of the 12th International Workshop on Security Protocols, Cambridge.
  12. Ross-Lee B., Weiser M., 1994. Healthcare Regulation: Past, present and future. JAOA - Healthcare policy. 94(1):74-84.
  13. Waegemann C., 2003. EHR vs. CPR vs. EMR. Healthcare Informatics online.
Download


Paper Citation


in Harvard Style

Farinha P., Cruz-Correia R., Antunes L., Almeida F. and Ferreira A. (2010). FROM LEGISLATION TO PRACTICE - A Case Study of Break the Glass in Healthcare . In Proceedings of the Third International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2010) ISBN 978-989-674-016-0, pages 114-120. DOI: 10.5220/0002748201140120


in Bibtex Style

@conference{healthinf10,
author={P. Farinha and R. Cruz-Correia and L. Antunes and Filipe Almeida and A. Ferreira},
title={FROM LEGISLATION TO PRACTICE - A Case Study of Break the Glass in Healthcare},
booktitle={Proceedings of the Third International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2010)},
year={2010},
pages={114-120},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002748201140120},
isbn={978-989-674-016-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Third International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2010)
TI - FROM LEGISLATION TO PRACTICE - A Case Study of Break the Glass in Healthcare
SN - 978-989-674-016-0
AU - Farinha P.
AU - Cruz-Correia R.
AU - Antunes L.
AU - Almeida F.
AU - Ferreira A.
PY - 2010
SP - 114
EP - 120
DO - 10.5220/0002748201140120