Although there are many different models available for expressing access control in information technology (IT) environments, emergency situations are usually handled in a way that is either complex to manage for the policy designer or adds additional tasks for the users who are facing the emergency situation. As the title suggests, this book tackles the problem of handling emergency situations that most IT systems have to face. Almost all policy models existing today are written in a machine-readable format and remain mostly static at runtime. This places a lot of responsibility on the policy designer, since he/she needs to provision beforehand all the possible normal and emergency situations that may arise in the lifetime of the IT system under analysis. However, even a talented IT policy designer can define a "sufficiently faithful approximation" of the future contexts that may trigger the emergency situation. This is particularly true for the healthcare domain, where healthcare information exchange (HIE) software is used to manage patient data, which is often classified as private healthcare information. When there is an emergency situation, the healthcare professionals and patients are usually under stressful conditions; HIE software will not interfere with the work yet preserve patient consent (for example, avoid too many security rules).
展开▼