Secondary use of data in EHR systems

Fan Yang; Chris Hankin; Flemming Nielson; Hanne Riis Nielson

arXiv:1201.4262·cs.PL·January 23, 2012·1 cites

Secondary use of data in EHR systems

Fan Yang, Chris Hankin, Flemming Nielson, Hanne Riis Nielson

PDF

Open Access

TL;DR

This paper presents an approach using aspect-oriented programming to enforce complex security policies, including predictive access control, in mobile, distributed EHR systems for secondary data use.

Contribution

It introduces a novel method where advice analyzes future data use to enforce security policies, addressing challenges in secondary EHR data utilization.

Findings

01

Effective enforcement of predictive access control policies

02

Separation of security concerns from system logic

03

Applicability to mobile, distributed EHR systems

Abstract

We show how to use aspect-oriented programming to separate security and trust issues from the logical design of mobile, distributed systems. The main challenge is how to enforce various types of security policies, in particular predictive access control policies - policies based on the future behavior of a program. A novel feature of our approach is that advice is able to analyze the future use of data. We consider a number of different security policies, concerning both primary and secondary use of data, some of which can only be enforced by analysis of process continuations.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsSecurity and Verification in Computing · Advanced Software Engineering Methodologies · Distributed systems and fault tolerance