| Exchange of patient records-prototype implementation of a security attributes service in X.500 |
| Full text |
 Pdf
(884 KB)
|
| Source
|
Conference on Computer and Communications Security
archive
Proceedings of the 2nd ACM Conference on Computer and communications security
table of contents
Fairfax, Virginia, United States
Pages: 30 - 38
Year of Publication: 1994
ISBN:0-89791-732-4
|
|
Authors
|
|
Marjan Jurečič
|
Albert-Ludwigs Universität Freiburg, Institut für Informatik and Gesellschaft Friedrichstr. 50 D-79098 Freiburg
|
|
Herbert Bunz
|
IBM, European Networking Center, Vangerowstraβe 18, D-69115 Heidelberg
|
|
| Sponsor |
|
| Publisher |
|
| Bibliometrics |
Downloads (6 Weeks): 2, Downloads (12 Months): 27, Citation Count: 0
|
|
|
 ABSTRACT
In Europe, the use of computers in health care industry has increased rapidly in recent years. This increase, however, has been accomplished with research efforts in the area of privacy and confidentiality of personal data. In the German legislation, protection of personal data is guaranteed by the constitution, granting a general right to privacy. This constitutional right has been amended by the German Central Court (Bundesverfassungsgericht). It says that each individual has the right to decide to whom and where he wants to give personal information.In the US, similar problems of granting privacy and confidentiality of sensitive medical data will emerge. The Clinton administration's health plan has led to a discussion on privacy and data protection in the US. If that health plan is realised, it will lead to an exchange of personal medical data over data-highways.In this paper, we will describe a prototype implementation of a secure hospital environment offering the basic functionality that is necessary for secure medical information storage and exchange inside a hospital computer network and the secure exchange of medical information over publicly accessible networks between different security domains. The functionality and security requirements have been derived in cooperation with a large university hospital in Germany, the University Hospital Freiburg. The relevant technical solution has been developed jointly by the IBM European Networking Center in Heidelberg and the Institute for Computing and Society University Freiburg. This paper will focus on the technical solutions to provide the needed functionality.The main topics of this paper will be the security services granted, especially the role-based Access Control as well as the storage and retrieval of the Privilege Attributes (ECMA-138) for the various users. We shall describe how the Directory Service (X.500) is used for storage, retrieval and management of organizational structure information as well as for the dynamic handling of user roles and Privilege Attributes Certificates according to the suggestions of ECMA-138.As a result, it can be shown that the security services and architectures currently under standardization are capable of providing sufficient security mechanisms. They also provide the flexibility necessary for the adoption to environments that deal with highly sensitive data even in a distributed applications environment.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
Department of Defense. Department of Defense Trusted Computer System Evaluation Criteria, December 1985.
|
| |
2
|
European Computer Manufacturers Association, Geneva. ECMA-138, Security in Open Systems Data Elements and Service Definitions, 1989.
|
| |
3
|
International Standards Organization, Geneva. Information Technology- Open Systems Interconnection - The Directory - Part 8: Authentication Framework.
|
| |
4
|
International Standards Organization, Geneva. ISO 7498-2- 1988(E), International Standard Security Architecture, 1988.
|
| |
5
|
International Standards Organization. ISO/IEC 7498-4: Information Processing Systems- Open Systems Interconnection - OSI Management Framework, 1989.
|
| |
6
|
International Standards Organization. ISO/IEC 9594-1: Information Technology - Open Systems lnterconnection - The Directory: Overview of Concepts, Models, and Services, 1989.
|
| |
7
|
International Standards Organization. ISO/IEC DIS 10164- 8: Information Technology- Open Systems Interc~nnection " Systems Management: Security Audit Trail Function, 1991.
|
| |
8
|
International Standards Organization. ISO/IEC DIS 10166: Information Technology- Text and office systems: Document Filing and Retrieval (DFR), 1991.
|
| |
9
|
International Standards Organization. ISO/IEC I0165-1: Information Technology - Open Systems Interconnection - Structure of Management Information: Management Information Model 1992.
|
| |
10
|
International Standards Organization. ISO/IEC 10165-2: Information Technology - Open Systems lnterconnection - Structure of Management Information: Definition of Management Information, 1992.
|
| |
11
|
International Standards Organization. ISO/IEC DIS 10164- 9: Information Technology - Open Systems lnterconnection - Systems Management: Objects and attributes for access control, 1993.
|
| |
12
|
Marian Jure~i~, Ulrich Kohl and Ernst Pelikan. Safercom - ein prototyp for datenschutz in verteilten klinikanwendungen. Datenschutz und Datensicherung, 3:146-152, March 1994.
|
| |
13
|
Michael Roe, Steve Hardcastle-Kille, Peter Williams and Peter Kirstein. The OSI Security Package: OSISEC User's Manual. University College London.
|
| |
14
|
Gary Stix. Dr. big brother. Scientific American, February 1994.
|
| |
15
|
X-Tel Service Ltd. The ISO Development Environment: User's Manual, 1991.
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
J.3