Security management for services that are integrated across enterprise boundaries

Abstract

This thesis addresses the problem of security management for services that are integrated across enterprise boundaries, as typically found in multi-agency environments. We consider the multi-agency environment as a collaboration network. The Electronic Health Record is a good example of an application in the multi-agency service environment, as there are different authorities claiming rights to access the personal and medical data of a patient. In this thesis we use the Electronic Health Record as the main context. Policies are determined by security goals, goals in turn are determined by regulations and laws. In general goals can be subtle and difficult to formalise, especially across admin boundaries as with the Electronic Health Record. Security problems may result when designers attempt to apply general principles to cases that have subtleties in the full detail. It is vital to understand such subtleties if a robust solution is to be achieved Existing solutions are limited in that they tend only to deal with pre- determined goals and fail to address situations in which the goals need to be negotiated. The task-based approach seems well suited to addressing this. This work is structured in five parts. In the first part we review current declarations, legislation and regulations to bring together a global, European and national perspective for security in health services and we identify requirements. In the second part we investigate a proposed solution for security in the Health Service by examining the BMA (British Medical Association) model. The third part is a development of a novel task-based CTCP ICTRP model based on two linked protocols. The Collaboration Task Creation Protocol (CTCP) establishes a framework for handling a request for information and the Collaboration Task Runtime Protocol (CTRP) runs the request under the supervision of CTCP. In the fourth part we validate the model against the Data Protection Act and the Caldicott Principles and review for technical completeness and satisfaction of software engineering principles. Finally in the fifth part we apply the model to two case studies in the multi- agency environment a simple one (Dynamic Coalition) for illustration purposes and a more complex one (Electronic Health Record) for evaluating the model's coverage, neutrality and focus, and exception handling.