[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Resend: [CPR security policies at BHS]

To: hrac-rfp@cs.fiu.edu
Subject: Re: Resend: [CPR security policies at BHS]
From: Jim Williams <jgwilliams@mindspring.com>
Date: Mon, 29 Jun 1998 22:00:13 -0400
CC: rdg@mitre.org
References: <01bd9fc2$b0bd26e0$1b033390@moccasin.tycho.ncsc.mil>
Reply-To: jgwilliams@mindspring.com
Sender: owner-hrac-rfp@cs.fiu.edu

The constraints on psychological information in the Baptist Healthcare
policy remind me of the mental-health constraints modeled by T.C. Ting.
His goal was to produce a policy model for mental health records in
Connecticut.  His work clearly indicates that the access controls seen
in traditional operating systems don't suffice.  

   T.C. Ting, "Application Information Security Semantics:  A Case of 
   Mental Health Delivery," DATABASE SECURITY III: Status and Prospects,
   Elsevier Science 1990.

My take on his work is that one needs role based access control, with
parameterized roles.  A similar but different conclusion is reached in
the following paper:

   L. Notargiacomo and R.D. Graubart, "Health Delivery:  The Problem 
   Solved?"  DATABASE SECURITY IV: Status and Prospects, Elsevier 
   Science, 1991.

I'll be happy to send copies of either paper to those interested.


-- Jim Williams
----------------
Broadcast message to hrac-rfp from Jim Williams <jgwilliams@mindspring.com>.
Go to http://cadse.cs.fiu.edu/omg/hrac-rfp to browse the mail list archive.

References:
- Re: Resend: [CPR security policies at BHS]
  - From: "David M. Chizmadia" <dmc@tycho.ncsc.mil>

Prev by Date: hrac: the conference call agenda
Next by Date: who was on the conference call?
Prev by thread: Re: Resend: [CPR security policies at BHS]
Next by thread: Orlando kick-off meeting minutes
Index(es):
- Date
- Thread