Skip to main content
SpringerLink
Log in

Enhancing medical database security

  • Articles
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

A methodology for the enhancement of database security in a hospital environment is presented in this paper which is based on both the discretionary and the mandatory database security policies. In this way the advantages of both approaches are combined to enhance medical database security. An appropriate classification of the different types of users according to their different needs and roles and a User Role Definition Hierarchy has been used. The experience obtained from the experimental implementation of the proposed methodology in a major general hospital is briefly discussed. The implementation has shown that the combined discretionary and mandatory security enforcement effectively limits the unauthorized access to the medical database, without severely restricting the capabilities of the system.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Lunt, T., Security in database systems: A research perspective.Comp. Sec. 11:41–56, 1992.

    Google Scholar 

  2. Pangalos, G., Security in Medical database systems. SEISMED Project, Doc. no. INT/S.7/92, EEC, September 1992.

  3. Pernaul, G., Security constraint processing in multilevel secure AMAC schemata. Lecture Notes in Computer Science, Computer Security-ESORICS 92, 1992.

  4. Ting, T.C., A user-role based data security approach. InDatabase Security: Status and Prospects, Landwehr (ed.), North Holland, 1988.

  5. Denning, D., An evolution of views,Research Directions in Database Security, Springer-Verlag, 1992.

  6. Biskup, J., Medical database security.Data Protection and Confidentiality in Health Informatics, EEC/DGXII (ed.)., IOS Press, 1991.

  7. Ting, T.C., Demurjian, S.A., and Hu, M.Y., A specification methodology for user-role based security in an object-oriented design model. Experience with a health care application, Procedures of Sixth IFIP WG11.3 Working Conf. on Database Security, North Holland, 1993.

  8. An Introduction: Trusted Oracle RDBMS, ORACLE co., October 1991.

  9. Notargiacomo, L., and Graubart, D., Health delivery: The problem solved?Database Security IV, Status and Prospects, North Holland, 1991.

    Google Scholar 

  10. Ting, T.C., Demurjian, S.A., and Hu, M.Y., Requirements, capabilities, and functionalities of user-role based security for an object-oriented design model.Database Security, V: Status and Prospects, Landwehr and Jajodia (ed.), North Holland, 1992.

  11. Hoppenstand, G.S., and Hsiao, D.K., Secure access control with high access precision: An efficient approach to multilevel security. InDatabase Security, II Status and Prospects, Landwehr (ed.), North Holland, 1989.

Download references

Author information

Authors and Affiliations

  1. From the Computers Division, Faculty of Technology, General Department, Aristotelian University, 540 06, Thessaloniki, Greece

    G. Pangalos, M. Khair & L. Bozios

  2. Information Systems Department, AHEPA University Hospital, 54636, Thessaloniki, Greece

    G. Pangalos, M. Khair & L. Bozios

Authors
  1. G. Pangalos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. M. Khair
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. L. Bozios
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

About this article

Cite this article

Pangalos, G., Khair, M. & Bozios, L. Enhancing medical database security. J Med Syst 18, 159–171 (1994). https://doi.org/10.1007/BF00996700

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1007/BF00996700

Keywords

Search

Navigation