MS2014-01: Security modeling for Health Information Exchanges

posted Feb 18, 2014, 5:11 AM by Marco Spruit   [ updated Apr 14, 2015, 2:29 AM ]


@Forcare in Zeist: As a result of growing and ageing populations there is a growing demand for increasing the efficiency of healthcare delivery. Collaboration is an important factor to increase efficiency and information technology a driver to facilitate this. The Healthcare industry is catching up with other industries. An example is are clinical information sharing infrastructures, starting to get more and more adopted. Security is an important factor for clinical information sharing. In the context of more collaboration it is quite a big and important challenge in healthcare IT how to apply security models in a multi-location, multi-organization set up. Especially when kept in mind security policies and patient record access should be transparent for not only healthcare providers and institutions but also patients themselves.

Tentative research question

How to apply a single security model for a number of autonomous institutions. How to deal with identity management, access policies and access control.


paper and prototype

Scientific context

Situational Process Improvement In CYbersecurity (SPICY) maturity model, based on the Information Security Focus Area Maturity (ISFAM) model.