Abstract
Internet access to medical data has greatly facilitated information sharing. As health care institutions become more willing or more pressured to share some of their protected information, tools are being developed to facilitate the information transfer while protecting the privacy of the data. To this end, under the TIHI project, we have designed a security mediator a software entity that screens both incoming queries and outgoing results for compliance with a medical institution’s policies pertaining to data privacy. The system is under the control of a security officer who enters simple rules into the system that implement the policies of the institution. In this paper, we describe the WWW implementation of the security mediator dual interface. The customer interface allows outsiders to request and receive filtered medical information from a hospital database. The security officer interface permits rule editing and resolution of cases not covered by the rule-set.
Chapter PDF
Similar content being viewed by others
References
G. Wiederhold, M. Bilello, V. Sarathy, X.L. Qian (1996) A Security Mediator for Health Care Information. Proceedings of the 1996 AMIA (formerly SCAMC) Conference, 120–124.
G. Wiederhold, M. Bilello, V. Sarathy, X.L. Qian. (1996) Protecting Collaboration. Proceedings of the NISSC 1996 National Information Systems Security Conference, Baltimore, MD, 561–569.
D.R. Johnson, F.F. Sayjdari, J.P. Van Tassel (1995) Missi security policy: A formal approach, Technical Report R2SPO-TR001, National Security Agency Central Service.
B. Braithwaite (1996) National health information privacy bill generates heat at SCAMC. Journal of the American Informatics Association, 3 (1): 9596.
M. Hardwick, D.L. Spooner, T. Rando, K.C. Morris (1996) Sharing Manufacturing Information in Virtual Enterprises. Comm. ACM, 39 (2): 46–54.
P.P. Griffiths, B.W. Wade (1976) An Authorization Mechanism for a Relational Database System. ACM Transactions on Database Systems, 1 (3): 242–255.
M. Schaefer, G. Smith (1995) Assured Discretionary Access Control for Trusted RDBMS. Proceedings of the Ninth IFIP WG 11.3 Working Conference on Database Security, 275–289.
T.C. Rindfleisch (1997) Confidentiality, Information Technology, and Health Care. Communications of the Association of Computing Machinery, Report SMI-97–0663.
National Research Council (1997) For the Record: Protecting Electronic Health Information, National Academy of Sciences.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1998 IFIP
About this chapter
Cite this chapter
Wiederhold, G., Bilello, M., Donahue, C. (1998). Web implementation of a security mediator for medical databases. In: Lin, T.Y., Qian, S. (eds) Database Security XI. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35285-5_4
Download citation
DOI: https://doi.org/10.1007/978-0-387-35285-5_4
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2914-5
Online ISBN: 978-0-387-35285-5
eBook Packages: Springer Book Archive