Authorization for Electronic Health Records - PowerPoint PPT Presentation

Mia_John
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Authorization for Electronic Health Records PowerPoint Presentation
Download Presentation
Authorization for Electronic Health Records

play fullscreen
1 / 14
Download Presentation
Authorization for Electronic Health Records
234 Views
Download Presentation

Authorization for Electronic Health Records

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

    1. Authorization for Electronic Health Records Moritz Y. Becker Microsoft Research, Cambridge moritzb@microsoft.com

    2. EHR in the UK Intro on SecPAL* Approach SecPAL-based EHR demo Conclusion

    3. EHR in the UK NHS: National Health Service CfH: Connecting for Health NPfIT: National Programme for IT Ambitious, expensive and controversial Main parts: EHR service Choose & book ePrescriptions IT infrastructure NPfIT: conceived in 2002: timescale 2010NPfIT: conceived in 2002: timescale 2010

    4. EHR Authorization Policy Idioms Roles: GP, radiologist, gynaecologist, ... GPs can transfer patients to other clinicians Legitimate Relationships (LR) Between patients and their current clinicians Between patients and their agents People with a LR with the patient can read this item Sealed Envelopes Patient can hide specified items from specified clinicians Clinicians can hide specified items from patient Consent

    5. EHR Authorization: The Problem Hard to understand Hard to implement Hard to verify Hard to maintain

    6. EHR in the UK Intro on SecPAL* Approach SecPAL-based EHR demo Conclusion

    7. AuthZ: The Naive Approach Insecure Doesnt scale Not maintainable

    8. AuthZ: Reference Monitor Lots of different technologies Large part of policy still hardcoded Error-prone and hard to maintain

    9. AuthZ: The Policy Approach Policy is specified in a high-level language Admin only has to maintain policy

    10. EHR in the UK Intro on SecPAL* Approach SecPAL-based EHR demo Conclusion

    11. AuthZ: The Policy Approach

    12. SecPAL-based EHR Prototype

    13. EHR in the UK Intro on Policy Approach SecPAL*-based EHR demo Conclusion

    14. The SecPAL Approach: Advantages Policy is human-readable and machine-enforceable Highly expressive (reduces ref monitor) Reduces system down times Increased maintainability Based on logic and formal semantics Formal analysis tools