Resend: [CPR security policies at BHS]

[Konstantin Beznosov <beznosov@baptisthealth.net>]

oops. Forgot to attach files :)

------- Begin Forwarded Message -------
As per last MIRACLE conference call, I'm sending (attached) a list of
computerized patient record CPR security policies at BHS. 

The document is work in progress. Nonetheless, I consider it as a good sample
of what a healthcare information system, such as MIRACLE, should enforce.
Please keep in mind, that the policies listed in the document are
technology-independent, i.e. part of them can be enforced through information
system security rules, and some have to be enforced via procedures and human
involvement. The policies are intended to be the source for deriving
technology-dependent security rules for CPR infrastructure. Such rules can be
the first real exercise for MIRACLE project, as well as HRAC submitters to
realize how reach the access rule language should be and for COAS submitters to
see how HRAC can be applied to COAS to enforce most of the policies on clinical
observations of various types.

Since the information in the document is of general interest not only for
MIRACLE project but also for HRAC (and maybe COAS) submitters and supporters,
I'm CC-ing to the corresponding mailing lists (sorry for x-posting).

Please remember, it's by no means a complete and comprehensive list of
policies. We are working on it.

Konstantin
-----------------------------------
Distributed Computing Architect
Baptist Health Systems of South Florida
voice: 305.596.1960 x6469

-------  End Forwarded Message  -------

cpr-sec-policies.pdf

cpr-sec-policies.ps