Managing privacy in peer-to-peer distribution of clinical documents




Obry, Christina

Journal Title

Journal ISSN

Volume Title



Security and privacy are two of the most important aspects of any medical information mediation system. Governments have established privacy legislations to prevent abuse of patients' personal data. These legislations require organizations to obtain consents prior to information usage and exchange. The consents are defined as policies. However, policies are often not precise and adequate enough to address all possible eventualities and exceptions. Unanticipated emergency cases may cause conflicts between a patient's right for privacy and the need to receive treatments from well-informed care-givers. In these situations. the patient's safety should have precedence. Therefore, care-givers should have the ability to override the patient's privacy policies on behalf of the patient. This thesis presents a mechanism, which restricts access to sensitive, medical data based on defined policies, but which also allows overriding the policies in emergency cases. The overriding process is monitored and audited in order to prevent misuse.



medical records, access control