CSAIL Publications and Digital Archive header
bullet Research Abstracts Home bullet CSAIL Digital Archive bullet Research Activities bullet CSAIL Home bullet

link to publications.csail.mit.edu link to www.csail.mit.edu horizontal line


Research Abstracts - 2007
horizontal line

horizontal line

vertical line
vertical line

Context- and Role-Based Dynamic Access Control in Distributed Healthcare Information Systems

Lillian RÝstad


I am a PhD-student at the Norwegian University of Science and Technology (NTNU) currently visiting CSAIL/MIT (HST) to perform research in the Indivo-project (www.indivohealth.org). Access control is the main topic of my PhD-project and access control is part of the information security research domain. However, access control will be studied in a health care context. As such, the work done in this project is part of both the information security and health care informatics research domains.


Health care informatics and access control is a research area that has received quite a bit of attention over the past decade however little progress have been made and right now seems to be a point in time for taking status [1] and considering where to go from here [3][4]. Access control is about making sure authorized users have access to information and resources - and preventing access to the same information and resources for unauthorized users. When dealing with health care information there are two main viewpoints on access control: availability of an optimal information basis for making medical decisions for health care personnel and protecting the patientís right to privacy [2]. Preferably, it should be possible to satisfy both these viewpoints simultaneously.

Current work

The goal of the Indivo project is to develop open-source software for a patient-controlled electronic health record (PCHR). In a PCHR the patient is in control of the information and decides who will be granted access. My work on the Indivo project focuses on creating a model and implementation for access control in PCHR.


[1] Ab Bakker, Access to EHR and access control at a moment in the past: a discussion of the need and an exploration of the consequences, International Journal of Medical Informatics, vol. 73, pp. 267-270, 2004

[2] Rebecca T.Mercuri, The HIPAA-potamus in Health Care Data Security, Communications of the ACM, vol. 47, no. 7, pp.25-28, 2004

[3] Bernd Blobel, Authorisation and access control for electronic health record systems, International Journal of Medical Informatics, vol. 73, pp. 251-257, 2004

[4] Mark Evered and Serge BŲgeholz, A Case Study in Access Control Requirements for a Health Information System, Australasian Information Security Workshop, 2004


vertical line
vertical line
horizontal line

MIT logo Computer Science and Artificial Intelligence Laboratory (CSAIL)
The Stata Center, Building 32 - 32 Vassar Street - Cambridge, MA 02139 - USA
tel:+1-617-253-0073 - publications@csail.mit.edu