-
Be the first to like this
Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.
Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.
Published on
The core tenet of the healthcare field is that care delivery comes first and nothing should interfere with it. Consequently, the access control mechanisms, used in healthcare to regulate and restrict the disclosure of data, are often bypassed, especially in emergency cases. This concept is called ‘break the glass’ (BtG) phenomenon and is common in healthcare organizations. Though useful and necessary in emergency situations, from a security perspective, it is an important system flaw. Malicious users can exploit the system by breaking the glass to gain unauthorized privileges and accesses. Also, as the proportion of system accesses that are BtG increases, it becomes easier for an attacker to hide in the crowd of the audit log. In this paper, we build upon existing work that defined policy spaces to help manage the impact of the break the glass phenomenon in healthcare systems. We present a system that enables the inference and discovery of facts that require further scrutiny. This significantly reduces the burden on the person investigating potentially suspicious activity in the audit logs of healthcare information systems.
Be the first to like this
Login to see the comments