More Web Proxy on the site http://driver.im/

research-article

Introducing privacy in a hospital information system

Authors:

Stefano Braghin,

Alberto Coen-Porisini,

Pietro Colombo,

Sabrina Sicari,

Alberto TrombettaAuthors Info & Claims

SESS '08: Proceedings of the fourth international workshop on Software engineering for secure systems

Pages 9 - 16

https://doi.org/10.1145/1370905.1370907

Published: 17 May 2008 Publication History

Abstract

Security and privacy issues in healthcare data management play a fundamental role in the widespread adoption of medical information systems. As a consequence, it is very important to define the right means for expressing and managing policies in order to comply with privacy-related standards and regulations.

In this work, we extend an open source hospital information system in order to provide support for expressing and enforcing privacy-related policies, using as a starting point a conceptual model the authors developed in a previous work.

References

[1]

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities of 23 November 1995 No L. 281 p. 31

[2]

Decreto Legislativo n. 196, 30 Giugno 2003, Codice in materia di protezione dei dati personali, Gazzetta Ufficiale n. 174 del 29-7-2003 - Suppl. Ord. n. 123 http://www.hipaa.org

[3]

A. Coen-Porisini, P. Colombo, S. Sicari, A. Trombetta. A Conceptual Model for Privacy Policies. In Proc. of Software Engineering Application (SEA'07), Cambridge, Boston, 2007.

Digital Library

[4]

Q. Ni, A. Trombetta, E. Bertino, and J. Lobo. Privacyaware Role-Based Access Control. In Proc. of ACM Symp. on Access Control Methods And Technologies (SACMAT'07), 2007.

Digital Library

[5]

A. V. Lamsweerde and E. Letier. Handling Obstacles in Goal-Oriented Requirement Engineering. IEEE Trans. Soft. Eng, 26:978--1005, 2000.

Digital Library

[6]

L. Liu, E. Yu, and J. Mylopoulos. Analyzing Security Requirements as Relationships among Strategic Actors. In SREIS'02, e-proceedings, Raleigh, 2002.

[7]

H. Mouratidis, P. Giorgini, and G. Mason. Integrating Security and Systems Engineering towards the Modelling of Secure Information System. In 15th Int. Conf. of Advanced Info. System Engineering (CAiSE'03), vol. 2681 of LNCS, pages 63--78. Springer-Verlang, Berlin, 2003.

Digital Library

[8]

H. Mouratidis, P. Giorgini, and G. A. Manson. An Ontology for Modelling Security: The Tropos Approach. In V. Palade, R. J. Howlett, and L. C. Jain, editors, KES, vol. 2773 of Lecture Notes in Computer Science, pages 1387--1394. Springer, 2003.

[9]

L. Chung. Dealing with Security Requirements during the Development of Information System. In 5th Int. Conf. of Advanced Info.System Engineering (CaiSE'93), Paris (France).

Digital Library

[10]

J. Mylopolulos, L. Chung, and B. Nixon. Representing and Using non Functional Requirements: a Process Oriented Approach. IEEE Trans. Soft. Eng., 18:483--497, 1992.

Digital Library

[11]

A. Anton. Goal-Based Requirements Analysis. In 2nd IEEE Int. Conf. on Requirements Engineering (ICRE'96), pages 136--144, Colorado Springs Co, 1996.

Digital Library

[12]

E. Kavakli, C. Kalloniatis, P. Loucopoulos, and S. Gritzalis. Incorporating Privacy Requirements into the System Design Process. The PRIS Conceptual Framework. Internet research, 16:978--1005, 2006.

[13]

R. Agrawal, P. Bird, T. Grandison, J. Kiernan, S. Logan, and W. Rjaibi. Extending Relational Database Systems to Automatically Enforce Privacy Policies. In ICDE, pages 1013--1022. IEEE Computer Society, 2005.

Digital Library

[14]

T. Mielikinen. Privacy Problems with Anonymized Transaction Databases. In 7th Int. Conf. Discovery Science (DS 2004), Lecture Notes in Computer Science.

[15]

A. Narayanan and V. Shmatikov. Obfuscated Databases and Group Privacy. In 12th ACM conference on Computer and communications security (CCS '05), pages 102--111, New York, NY, USA, 2005. ACM Press.

Digital Library

[16]

Legislazione Sanitaria e Sociale, Edizione giuridiche Simone, 2006, ISBN 88-244-7728-3

[17]

http://www.care2x.org/

[18]

http://www.php.net/

[19]

http://www.adodb.sourceforge.net/

Cited By

Yu XSamarasinghe NMannan MYoussef A(2022)Got Sick and Tracked: Privacy Analysis of Hospital Websites2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW55150.2022.00034(278-286)Online publication date: Jun-2022
https://doi.org/10.1109/EuroSPW55150.2022.00034
Sicari SRizzardi ACoen-Porisini A(2022)Home quarantine patient monitoring in the era of COVID-19 diseaseSmart Health10.1016/j.smhl.2021.10022223(100222)Online publication date: Mar-2022
https://doi.org/10.1016/j.smhl.2021.100222
Gharib MGiorgini PMylopoulos J(2022)COPri v.2 — A core ontology for privacy requirementsData & Knowledge Engineering10.1016/j.datak.2021.101888133:COnline publication date: 23-Apr-2022
https://dl.acm.org/doi/10.1016/j.datak.2021.101888
Show More Cited By

Index Terms

Introducing privacy in a hospital information system

Recommendations

A conceptual model for privacy policies
SEA '07: Proceedings of the 11th IASTED International Conference on Software Engineering and Applications

Nowadays privacy is a key issue and enterprises have adopted various strategies to protect customers privacy and to make public their privacy policies. This paper presents a conceptual model for the definition and enforcement of privacy policies. The ...
A privacy preserving authorisation system for the cloud

In this paper we describe a policy based authorisation infrastructure that a cloud provider can run as an infrastructure service for its users. It will protect the privacy of users@? data by allowing the users to set their own privacy policies, and then ...
E-P3P privacy policies and privacy authorization
WPES '02: Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society

Enterprises collect large amounts of personal data from their customers. To ease privacy concerns, enterprises publish privacy statements that outline how data is used and shared. The Platform for Enterprise Privacy Practices (E-P3P) defines a fine-...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SESS '08: Proceedings of the fourth international workshop on Software engineering for secure systems

May 2008

72 pages

ISBN:9781605580425

DOI:10.1145/1370905

Program Chairs:
Bart De Win
Katholieke Universiteit Leuven, Belgium
,
Seok-Won Lee
University of North Carolina at Charlotte
,
Mattia Monga
Università a degli Studi di Milano, Italy

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 May 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ICSE '08

Sponsor:

ICSE '08: International Conference on Software Engineering

May 17 - 18, 2008

Leipzig, Germany

Acceptance Rates

Overall Acceptance Rate 8 of 11 submissions, 73%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
1,109
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)2

Reflects downloads up to 24 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yu XSamarasinghe NMannan MYoussef A(2022)Got Sick and Tracked: Privacy Analysis of Hospital Websites2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW55150.2022.00034(278-286)Online publication date: Jun-2022
https://doi.org/10.1109/EuroSPW55150.2022.00034
Sicari SRizzardi ACoen-Porisini A(2022)Home quarantine patient monitoring in the era of COVID-19 diseaseSmart Health10.1016/j.smhl.2021.10022223(100222)Online publication date: Mar-2022
https://doi.org/10.1016/j.smhl.2021.100222
Gharib MGiorgini PMylopoulos J(2022)COPri v.2 — A core ontology for privacy requirementsData & Knowledge Engineering10.1016/j.datak.2021.101888133:COnline publication date: 23-Apr-2022
https://dl.acm.org/doi/10.1016/j.datak.2021.101888
Ayem GThandekkattu SVajjhala N(2022)Adopting a Blockchain-Based Algorithmic Model for Electronic Healthcare Records (EHR) in NigeriaNext Generation of Internet of Things10.1007/978-981-19-1412-6_14(167-175)Online publication date: 27-Sep-2022
https://doi.org/10.1007/978-981-19-1412-6_14
Gharib MGiorgini PMylopoulos J(2021)An Ontology for Privacy Requirements via a Systematic Literature ReviewJournal on Data Semantics10.1007/s13740-020-00116-59:4(123-149)Online publication date: 7-Jan-2021
https://doi.org/10.1007/s13740-020-00116-5
Ghani NSelamat HSidek Z(2018)Credential purpose-based access control for personal data protectionJournal of Web Engineering10.5555/2871264.287127314:3-4(346-360)Online publication date: 21-Dec-2018
https://dl.acm.org/doi/10.5555/2871264.2871273
Gharib MGiorgini PMylopoulos J(2017)Towards an Ontology for Privacy Requirements via a Systematic Literature ReviewConceptual Modeling10.1007/978-3-319-69904-2_16(193-208)Online publication date: 21-Oct-2017
https://doi.org/10.1007/978-3-319-69904-2_16
Bindahman SZakaria N(2011)Privacy in Health Information Systems: A ReviewInformatics Engineering and Information Science10.1007/978-3-642-25483-3_23(285-295)Online publication date: 2011
https://doi.org/10.1007/978-3-642-25483-3_23
Ghazinour KMajedi MBarker K(2009)A Model for Privacy Policy VisualizationProceedings of the 2009 33rd Annual IEEE International Computer Software and Applications Conference - Volume 0210.1109/COMPSAC.2009.156(335-340)Online publication date: 20-Jul-2009
https://dl.acm.org/doi/10.1109/COMPSAC.2009.156
De Win BLee SMonga MSchäfer WDwyer MGruhn V(2008)The fourth international workshop on software engineering for secure systemsCompanion of the 30th international conference on Software engineering10.1145/1370175.1370251(1069-1070)Online publication date: 10-May-2008
https://dl.acm.org/doi/10.1145/1370175.1370251

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents