Røstad Access Control in Healthcare Information Systems

Access control is a key feature of healthcare information systems. Access control is about enforcing rules to ensure that only authorized users get access to resources in a system. In healthcare systems this means protecting patient privacy. However, the top priority is always to provide the best possible care for a patient. This depends on the clinicians having access to the information they need to make the best, most informed care decisions. Care processes are often unpredictable and hard to map to strict access control rules. As a result, in emergency or otherwise unexpected situations, clinicians need to be able to bypass access control. In a crisis, availability of information takes precedence over privacy concerns. This duality of concerns is what makes access control in healthcare systems so challenging and interesting as a research subject. To create access control models for healthcare we need to understand how healthcare works. Before creating a model we need to understand the requirements the model should fulfill. Though many access control models have been proposed and argued to be suitable for healthcare, little work has been published on access control requirements for healthcare. This thesis work has focused on exploring these requirements. The process of trying to better understand the requirements for access control in healthcare has led to a number of smaller, distinct, but related projects being conducted within the context of this thesis. The main focus areas and contributions can be summarized as: • Requirements: Studies performed on audit data, in workshops, by observation and interviews have helped discover requirements. Results from this work include methods for access control requirements elicitation in addition to the actual requirements discovered. • Process-based access control: The main conclusion from the requirements work is that access control should be tailored to care processes. Care processes are highly dynamic and often unpredictable, and access control needs to adapt to this. This thesis suggests how existing sources of process information may be used for this purpose. • Patient-controlled health records (PCHR): In a PCHR the patient is the administrator of access control. This thesis explores the consequences of making the patient the administrator and proposes a model for access control in a PCHR. A usability study has been performed to investigate how visualization can help keeping the patients informed of the consequences of their actions when they are in charge of access control.