Access control is a key feature of healthcare systems. Up until recently most healthcare information systems have been local to a healthcare facility and accessible only to clinicians. Currently there is a move towards making health information more accessible to patients. One example is the Personally Controlled Health Record (PCHR) where the patient is in charge of deciding who gets access to the information. In the PCHR the patient is the administrator of access control. While it certainly is possible to create roles representing people most patients would want to share with, like primary physician, it is also likely, and desirable, to afford the patients a high level of control and freedom to be able to create specialized access policies tailored to their personal wishes. We entitle this personalized access control. In this paper we present a semi-formal model for how we believe personalized access control may be realized. The model draws on and combines properties and concepts of both Role-Based Access Control (RBAC) and Discretionary Access Control (DAC) to achieve the desired properties. Throughout the paper we use the PCHR as a motivating example and to explain our reasoning and practical use of the model.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Connecting for health: The personal health working group final report. Technical report, Markle Foundation, July 1 2003.
	2	American national standard for information technology- role based access control. Technical Report INCITS 359--2004, American National Standards Institute, Inc., 3 February 2004.
	3	Mohammad A. Al-Kahtani , Ravi Sandhu, Rule-Based RBAC with Negative Authorization, Proceedings of the 20th Annual Computer Security Applications Conference, p.405-415, December 06-10, 2004  [doi>10.1109/CSAC.2004.32]
	4	M. I. Kim and K. B. Johnson. Personal health records: Evaluation of functionality and utility. J Am Med Inform Assoc, 9(2):171--180, 2002.
	5	K. D. Mandl, P. Szolovits, and I. S. Kohane. Public standards and patients? control: how to keep electronic medical records accessible but private commentary: Open approaches to electronic patient records commentary: A patient's viewpoint. BMJ, 322(7281):283--287, 2001.
	6	Sylvia Osborn , Ravi Sandhu , Qamar Munawer, Configuring role-based access control to enforce mandatory and discretionary access control policies, ACM Transactions on Information and System Security (TISSEC), v.3 n.2, p.85-106, May 2000  [doi>10.1145/354876.354878]
	7	Lillian Røstad, An Initial Model and a Discussion of Access Control in Patient Controlled Health Records, Proceedings of the 2008 Third International Conference on Availability, Reliability and Security, p.935-942, March 04-07, 2008  [doi>10.1109/ARES.2008.185]