A specification process for communicating security policies towards developing trusted e-health information systems

摘要

E-health systems must be capable of adhering to clearly defined security policies based upon legal requirements, regulations and ethical standards while catering for dynamic healthcare and professional needs. Further, such security policies, incorporating enterprise level principles of privacy, integrity and availability, coupled with appropriate audit and control processes, must be able to be clearly defined by enterprise management with the understanding that such policy will be reliably and continuously enforced. The ability, then, to map such e-health policies into mandatory access control structures for next generation secure computer systems is an essential requirement for the future. This paper provides some principles for addressing these issues and provides a solution space that tackles the technical challenges involved in their implementation.