Security Policy Modeling and Enforcement Tools for Clinical Workflows
Small Business Information
Odyssey Research Assoc., Inc.
33 Thornwood Drive, Suite 500, Ithaca, NY, 14850
AbstractClassical access control and security models are inadequate for the health care domain. Our innovation for Phase I is to produce a security reference model for workflow based on clinical requirements and realistic hospital scenarios. This model will also incorporate important features such as the ability to scale up, security policies that can be composed, modified and extended to meet changes in workflow process, support for role based and task based access control and extensibility and interoperability of security features. We will assess the relationship of the model to current workflow products and determine areas where current workflow products conform to the model and where they are lacking in support. Based upon the model and assessment in Phase I, our Phase II plan is to develop a suite of four products - a security policy definition tool, a security enforcement tool, vertical modules for the medical domain on top of a commercial workflow package and a computerized patient record (CPR) tool. Together these four products will offer the security features necessary to meet the security and privacy requirements demanded by patients as well as the flexibility needed by healthcare professionals to perform their routine work as well as providing support in crisis situations.
* information listed above is at the time of submission.