Modeling and Recognizing Policy Conflicts with Resource Access Requests on Protected Health Information

Authors

  • Raik Kuhlisch Institute of Computer Science, University of Rostock, Albert-Einstein-Str. 22, 18059 Rostock

DOI:

https://doi.org/10.7250/csimq.2017-11.01

Keywords:

Hospital intra-enterprise policy conflict, policy compliance verification, information security, knowledge representation.

Abstract

This article discusses potential clashes between different types of security policies that regulate resource access requests on clinical patient data in hospitals by employees. Attribute-based Access Control (ABAC) is proposed as a proper means for such regulation. A proper representation of ABAC policies must include a handling of policy attributes among different policy types. In this article, we propose a semantic policy model with predefined policy conflict categories. A conformance verification function detects erroneous, clashing or mutually susceptible rules early during the policy planning phase. The model and conflicts are used in a conceptual application environment and evaluated in a technical experiment during an interoperability test event.

Downloads

Published

31.07.2017

Issue

No. 11 (2017): Complex Systems Informatics and Modeling Quarterly

Section

Articles

License

Copyright (c) 2017 Raik Kuhlisch (Author)

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Kuhlisch, R. (2017). Modeling and Recognizing Policy Conflicts with Resource Access Requests on Protected Health Information. Complex Systems Informatics and Modeling Quarterly, 11, 1-19. https://doi.org/10.7250/csimq.2017-11.01
Crossref
Scopus
Google Scholar
Europe PMC