In International Symposium on Health Information Management Research (ISHIMR), 9, 2005. Website abstract bibtex
The Electronic Patient Record (EPR) constitutes the informational basis for communication and cooperation in and between healthcare organizations. Information security is then essential; moreover access control, which manages the first contact between users of a system and its functionalities and features. The Biostatistics and Medical Informatics Department of Porto's Faculty of Medicine recently implemented a centralized EPR in order to integrate heterogeneous patient information within a university hospital. More than 300 doctors access this system every day, and this number is increasing, stressing the need for the definition of a proper access control policy, and subsequent model development and implementation. This was achieved using a centralized database technology in order to perform the authentication and authorization procedures. Other technologies, such as single sign on were also implemented and worked well with the model. Further, an access control management tool was developed and is used to perform those tasks. The developed infrastructure is a good starting point to build upon because most policy procedures for this complex healthcare organization were already implemented and further modules can be added as needed.