Bill Walton wrote: > Hi Thomas, > > Thomas Beale wrote: > > > /snip/ > > >>So. What do we know? >>- role-based access control is required. To make it work properly in a >>shared care community context (e.g. a hospital, 50 GPs, aged care homes, >>nursing care, social workers etc etc) then the roles need to be defined >>congruently. I seem to remember some Canadian project coming to the >>conclusion that really the roles need to be defined the same across the >>entire (national) health care system. I think this is both correct and a >>the same time unrealistic. > > > With all due respect, Thomas, it it's unrealistic then, IMO, it can't be > correct. (Pragmatism R Us ;-) ) > > I'd like to offer food for thought. The fundamental assumption at work here > seems to be that care givers will access the same system, thus driving the > need for all users of the system to be assigned roles that are defined > congruently. Let's consider an alternative model. > > When I travel from the U.S. to the U.K., I (the physical being) move from > one socio-cultural-legal model to another. That does not change who / what > I am, but it does change my behavior because I operate under a different set > of norms and mores in the new environment. I accept new forms of > interaction and find that familiar forms are no longer available. > > Why should it be any different for the information about me than it is for > me? > > If we work from a perspective that posits that health information will move > from system to system and be used / modified based on the rule sets in place > within the various systems, does that make the problem more amenable to > solution? > > >>I think we will be able to find ways of >>having diversely defined roles without every health care facility having >>incompatible definitions of "consultant", "treating physician" etc. >>Bernd's work on this area is pretty detailed. > > > I thank Bernd for opening my eyes to what should have been obvious to me at > a much earlier stage. The security problem with EHR systems is > fundamentally the same problem faced in OLAP databases. Or perhaps I should > say that it's the OLAP security problem with a twist. At least OLAP > databases are typically confined to one environment / business. It's clear > that the EHR problem is more difficult in that EHR's must, IMO, be capable > of moving between environments. Perhaps, by requiring a more generalized > solution, the EHR problem will actually be easier to solve. > > I don't know if you've checked out Mike Mair's paper but it implicitly poses > a very interesting question. "Is a biologically-based security model > fundamentally better aligned with the needs of an information system about > biological entities than alternative models?" I'm hopeful the list will > have some comments on Mike's paper. I think the question is worth some > thought / discussion. > > /snip/ > > Best regards, > Bill > > - > If you have any questions about using this list, > please send a message to d.lloyd at openehr.org > > Dear friends,
A crucial challenge for EHR security is the formalisation of policies and their rule-based but also interactive negotiation. This reflects some of the issues mentioned. Formal policy modelling is a CEN workitem over many years. Meanwhile (due to time constraints by other businesses also this project takes years), the issues mentioned are also content of a common 3 part CEN and ISO standard on Privilege Management and Access Control Management. Formal policy modelling and policy negotiation are essential aspect of the specification. Kindest regards Bernd - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
