Abstract
A methodology for the enhancement of database security in a hospital environment is presented in this paper which is based on both the discretionary and the mandatory database security policies. In this way the advantages of both approaches are combined to enhance medical database security. An appropriate classification of the different types of users according to their different needs and roles and a User Role Definition Hierarchy has been used. The experience obtained from the experimental implementation of the proposed methodology in a major general hospital is briefly discussed. The implementation has shown that the combined discretionary and mandatory security enforcement effectively limits the unauthorized access to the medical database, without severely restricting the capabilities of the system.
Similar content being viewed by others
References
Lunt, T., Security in database systems: A research perspective.Comp. Sec. 11:41–56, 1992.
Pangalos, G., Security in Medical database systems. SEISMED Project, Doc. no. INT/S.7/92, EEC, September 1992.
Pernaul, G., Security constraint processing in multilevel secure AMAC schemata. Lecture Notes in Computer Science, Computer Security-ESORICS 92, 1992.
Ting, T.C., A user-role based data security approach. InDatabase Security: Status and Prospects, Landwehr (ed.), North Holland, 1988.
Denning, D., An evolution of views,Research Directions in Database Security, Springer-Verlag, 1992.
Biskup, J., Medical database security.Data Protection and Confidentiality in Health Informatics, EEC/DGXII (ed.)., IOS Press, 1991.
Ting, T.C., Demurjian, S.A., and Hu, M.Y., A specification methodology for user-role based security in an object-oriented design model. Experience with a health care application, Procedures of Sixth IFIP WG11.3 Working Conf. on Database Security, North Holland, 1993.
An Introduction: Trusted Oracle RDBMS, ORACLE co., October 1991.
Notargiacomo, L., and Graubart, D., Health delivery: The problem solved?Database Security IV, Status and Prospects, North Holland, 1991.
Ting, T.C., Demurjian, S.A., and Hu, M.Y., Requirements, capabilities, and functionalities of user-role based security for an object-oriented design model.Database Security, V: Status and Prospects, Landwehr and Jajodia (ed.), North Holland, 1992.
Hoppenstand, G.S., and Hsiao, D.K., Secure access control with high access precision: An efficient approach to multilevel security. InDatabase Security, II Status and Prospects, Landwehr (ed.), North Holland, 1989.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Pangalos, G., Khair, M. & Bozios, L. Enhancing medical database security. J Med Syst 18, 159–171 (1994). https://doi.org/10.1007/BF00996700
Issue Date:
DOI: https://doi.org/10.1007/BF00996700