Title: A specification process for communicating security policies towards developing trusted e-health information systems

Authors: V. Lakshmi Narasimhan, Peter Croll, William Caelli

Addresses: East Carolina University, Greenville, NC 27858, USA. ' Southern Cross University, Coffs Harbour, NSW, Australia. ' Queensland University of Technology, Brisbane, Qld, Australia

Abstract: E-health systems must be capable of adhering to clearly defined security policies based upon legal requirements, regulations and ethical standards while catering for dynamic healthcare and professional needs. Further, such security policies, incorporating enterprise level principles of privacy, integrity and availability, coupled with appropriate audit and control processes, must be able to be clearly defined by enterprise management with the understanding that such policy will be reliably and continuously enforced. The ability, then, to map such e-health policies into mandatory access control structures for next generation secure computer systems is an essential requirement for the future. This paper provides some principles for addressing these issues and provides a solution space that tackles the technical challenges involved in their implementation.

Keywords: e-health systems; information systems; security policies; security standards; data privacy; information architecture; electronic healthcare; access control; trust.

DOI: 10.1504/IJHTM.2009.030693

International Journal of Healthcare Technology and Management, 2009 Vol.10 No.6, pp.378 - 392

Published online: 30 Dec 2009 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article