Model of accountability, confidentiality and override for healthcare and other applications

Jim Longstaff, M. A. Lockyer, G. Capper, M. G. Thick

    Research output: Contribution to conferencePaperpeer-review

    16 Citations (Scopus)


    A UML model of Authorization is described, which was developed for an Electronic Medical Records application in collaboration with the UK NHS Information Authority. The model is an enhancement of the UK Healthcare Model (HcM), in that it provides extra classes for use with HcM classes. It provides powerful confidentiality specification capabilities, which can also be used in other applications. A Role (actually called AgentActivityType for consistency with the HcM) may be directly associated with an Accountability. An Accountability is an agreement where one Party commissions a second Party to undertake Activities under the authority of that Accountability. Four types of Confidentiality Permission are defined which allow access to data items (SubjectPhenomena), or to data items with specific types (SubjectPhenomenonType). Access can be granted to individual Agents, or to AuthorizedAgents acting in specified Roles. A model of override allows the Confidentiality Permissions to be overridden in a strictly controlled way. Override facilities are granted to Agents by establishing appropriate Accountabilities, and any use of override is logged. Access to data can be granted to groups of Agents, and to groups of Roles. Establishing access rights for a group involves defining a set of Confidentiality Permissions for the group. The Authorization Model is illustrated throughout the paper by examples from healthcare. In particular a demanding scenario (child abuse) is presented. In this scenario complex restrictions must be placed on the data, which might result in inappropriate actions if clinicians and other professionals are denied access to the data.

    Original languageEnglish
    Number of pages6
    Publication statusPublished - 1 Jan 2000
    Event5th ACM Workshop on Role-Based Access Control - Berlin, Ger
    Duration: 26 Jul 200027 Jul 2000


    Conference5th ACM Workshop on Role-Based Access Control
    Abbreviated titleRBAC
    CityBerlin, Ger


    Dive into the research topics of 'Model of accountability, confidentiality and override for healthcare and other applications'. Together they form a unique fingerprint.

    Cite this