Secure Interaction Models for the HealthAgents System

  • Liang Xiao
  • Paul Lewis
  • Srinandan Dasmahapatra
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5219)


Distributed decision support systems designed for healthcare use can benefit from services and information available across a decentralised environment. The sophisticated nature of collaboration among involved partners who contribute services or sensitive data in this paradigm, however, demands careful attention from the beginning of designing such systems. Apart from the traditional need of secure data transmission across clinical centres, a more important issue arises from the need of consensus for access to system-wide resources by separately managed user groups from each centre. A primary concern is the determination of interactive tasks that should be made available to authorised users, and further the clinical resources that can be populated into interactions in compliance with user clinical roles and policies. To this end, explicit interaction modelling is put forward along with the contextual constraints within interactions that together enforce secure access, the interaction participation being governed by system-wide policies and local resource access being governed by node-wide policies. Clinical security requirements are comprehensively analysed, prior to the design and building of our security model. The application of the approach results in a Multi-Agent System driven by secure interaction models. This is illustrated using a prototype of the HealthAgents system.


Clinical Information System Multi-Agent System Security Model 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Pereira, A.L., Muppavarapu, V., Chung, S.M.: Role-based access control for grid database services using the community authorization service. In: Transactions on Dependable and Secure Computing, vol. 3(2), pp. 156–166. IEEE, Los Alamitos (2006)Google Scholar
  2. 2.
    M-Tech Information Technology, Inc.: Beyond Roles: A Practical Approach to Enterprise User Provisioning (2006)Google Scholar
  3. 3.
    Wooldridge, M., Jennings, N.R., Kinny, D.: The Gaia methodology for agent-oriented analysis and design. Journal of Autonomous Agents and Multi-Agent Systems 3(3), 285–312 (2000)CrossRefGoogle Scholar
  4. 4.
    Zhang, L., Ahn, G., Chu, B.: A role-based delegation framework for healthcare information systems. In: 7th ACM Symposium on Access Control Models and Technologies, pp. 125–134. ACM, New York (2002)Google Scholar
  5. 5.
    Joint Computer Group of the GMSC and RCGP: GMSC and RCGP guidelines for the extraction and use of data from general practitioner computer systems by organisations external to the practice. Appendix III In: Committee on Standards of Data Extraction from General Practice Guidelines (1988)Google Scholar
  6. 6.
    Hawker, A.: Confidentiality of personal information: a patient survey. Journal of Informatics in Primary Care, 16–19 (1995)Google Scholar
  7. 7.
    Anderson, R.J.: Clinical system security: interim guidelines. British Medical Journal 312, 109–111 (1996)Google Scholar
  8. 8.
    Pitchford, R.A., Kay, S.: GP Practice computer security survey. Journal of Informatics in Primary Care, 6–12 (1995)Google Scholar
  9. 9.
    Anderson, R.J.: Patient Confidentiality - At Risk from NHS Wide Networking. Proceedings of Healthcare 96 (1996)Google Scholar
  10. 10.
    BMA - British Medical Association,
  11. 11.
    Chandramouli, R.: Business Process Driven Framework for defining an Access Control Service based on Roles and Rules. In: 23rd National Information Systems Security Conference (2000)Google Scholar
  12. 12.
    Robertson, D.: A lightweight coordination calculus for agent systems. In: Leite, J.A., Omicini, A., Torroni, P., Yolum, p. (eds.) DALT 2004. LNCS (LNAI), vol. 3476, pp. 183–197. Springer, Heidelberg (2005)Google Scholar
  13. 13.
    Robertson, D., et al.: Open Knowledge: Semantic Webs Through Peer-to-Peer Interaction. OpenKnowledge Manifesto (2006),
  14. 14.
    Crook, R., Ince, D., Nuseibeh, B.: Modelling Access Policies Using Roles in Requirements Engineering. Information and Software Technology 45(14), 979–991 (2003)CrossRefGoogle Scholar
  15. 15.
    Calam, D.: Information Governance - Security, Confidentiality and Patient Identifiable Information,
  16. 16.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. Computer 29(2), 38–47 (1996)CrossRefGoogle Scholar
  17. 17.
    Blobel, B.: Authorisation and access control for electronic health record systems. International Journal of Medical Informatics 73(3), 251–257 (2004)CrossRefGoogle Scholar
  18. 18.
  19. 19.
    Xiao, L., Lewis, P., Gibb, A.: Developing a Security Protocol for a Distributed Decision Support System in a Healthcare Environment. In: 30th International Conference on Software Engineering, pp. 673–682. ACM, New York (2008)Google Scholar
  20. 20.
    Hu, J., Weaver, A.C.: Dynamic, Context-Aware Access Control for Distributed Healthcare Applications. In: 1st Workshop on Pervasive Security, Privacy and Trust (2004)Google Scholar
  21. 21.
    Omicini, A., Ricci, A., Viroli, M.: RBAC for organisation and security in an agent coordination infrastructure. Electronic Notes in Theoretical Computer Science 128(5), 65–85 (2005)CrossRefGoogle Scholar
  22. 22.
    Anderson, R.: Undermining data privacy in health information. BMJ 322, 442–443 (2001)CrossRefGoogle Scholar
  23. 23.
    Denley, I., Smith, S.W.: Privacy in clinical information systems in secondary care. BMJ 318, 1328–1331 (1999)Google Scholar
  24. 24.
    Xiao, L., Greer, D.: Adaptive Agent Model: Software Adaptivity using an Agent-oriented Model Driven Architecture. Information & Software Technology. Elsevier. In: Press (2008),
  25. 25.
    Xiao, L., Peet, A., Lewis, P., Dashmapatra, S., Sáez, C., Croitoru, M., Vicente, J., Gonzalez-Velez, H., Lluchi Ariet, M.: An Adaptive Security Model for Multi-agent Systems and Application to a Clinical Trials Environment. In: 31st IEEE Annual International Computer Software and Applications Conference, pp. 261–266. IEEE, Los Alamitos (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Liang Xiao
    • 1
  • Paul Lewis
    • 1
  • Srinandan Dasmahapatra
    • 1
  1. 1.University of SouthamptonUK

Personalised recommendations