Access Control Requirements for a Health Information System: Lab Design and Implementation
Added on -2019-09-22
Design and implement a file system and access control structure for a Health Information System for an aged-care facility. Use Linux or Windows and write a BASH script to set fine-grained permissions. Audit the system to verify the policies, models, and implementations are appropriate.
| 4 pages
| 1409 words
| 176 views
Trusted by 2+ million users, 1000+ happy students everyday
1This lab will be based on information taken from the following case study:Evered, M. and Bogeholz, S., A case study in access control requirements for a health information system, Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation, 32, 53--61, 2004.The case study is based on a Health Information System for an aged-care facility. The facility offers singleroom accommodation for some 30 residents. UsersFor this lab, we will use 10 users:Gloria (Manager) [username: gloria] Linda (Health Care Worker) [username: linda]Ian (Health Care Worker) [username: ian]Mary (Doctor) [username: mary]Markus (Doctor) [username: markus]Margaret (Patient) [username: margaret]George (Patient) [username: george]Russell (Patient) [username: russell]Patricia (Patient) [username: patricia]Mangle (admin/superuser) [username: amangle]The audit scripts will be tested using the admin/super user. All usernames must be as listed above for auditing purposes.
2DataPersonal InformationoStatic data entered into the system when a resident is admitted. This includes personal details such as name, sex, religion etc., medical insurance information; medical information such as blood group, allergies etc.; contact details for the resident’s doctor; contact details of a responsible person who is to be contacted in emergencies; and contact details for whom, if the resident is not mentally capable, can make decisions and provide signatures on behalf of the resident.Care PlanoThis is a working document that contains detailed information and instructions regarding the day-to-day care of the resident, eg. assistance required with meals, hygiene etc. A care plan is started for each resident on admission and is updated on a regular basis. Old versions of the care plan are archived.Progress NotesoThese are observational entries covering such aspects as physical mobility, appetite, behavior, mood and the general state of the resident. Progress notes are used to updatethe care plan. Progress notes older than one year are also archived.Medical RecordsoA number of different doctors visit the facility with one doctor visiting each week on ‘clinical day’. Residents can choose which of these doctors they wish to attend to them. The facility requires that each resident undergo a medical examination at least every six months and medication is reviewed at least every three months. After each examinationthe doctor adds an entry to the medical records of the patient.Access RulesManageroHas the broadest access to the information, including access to personal, financial, clinical and medical information about each resident. oThe manager has full control of past and present medical records and is the only person who can rename or delete records from the systemoOnly the manager is allowed to edit personal information and to start or update the careplan of a resident. The care plan is updated in consultation with the resident or the responsible person.oOnly the manager is allowed to delete the information about a resident but here also that right is restricted. Privacy laws require that the information be held for a certain period after a resident leaves the facility.Health Care WorkersoHealth care workers can view the care plan for each resident and add progress note entries based on their observations. oAccess to emergency details is available for all staff.oHealth care workers can view recent medical records of residents (up to one year old) but cannot normally view older medical information. For a special purpose, access to an older medical record can be sought and obtained from the manager.DoctorsoDoctors have access to all the medical information of all residents and can add entries totheir medical records. oDoctors can also add private notes about a resident, which, on the basis of doctor-patient confidentiality, are not visible to health care staff or the manager.
Found this document preview useful?
You are reading a preview Upload your documents to download or Become a Desklib member to get accesss