Re: [Health] Access control model

[Gijs van Enckevort]

Hi Ronald and Luis,

Thanks for pointing out the demo-database. Unfortunately though, it is a little too simple for my application. I'm starting to understand how to implement an access control policy in gnuHealth, but since I'm not familiar enough with the field too come up with a realistic one myself for a bigger setting. Decisions like: can all doctors access all data of all patients, or just all data of patients in their department. Perhaps even some basic info about all patients, and all details of patients they have treated.
And what kind of access do managers, researchers or administrative employees have?
Is such a more extensive or more fine-grained access control policy available somewhere?

Regards,
Gijs van Enckevort

Op 8-3-2013 20:42, ronald munjoma schreef:

Hi Gijs,

On 8 March 2013 10:51, Gijs van Enckevort <address@hidden> wrote:

I'm currently doing my Master in Information Security Technology and my Master thesis is on creating a data leakage/data misuse detection system. We're looking into using GNUhealth for implementing and testing our system.

To get accurate (logged) data to test our model, we want to have a realistic access control policy (for a small number of users). Is there a demo with these in place available somewhere or can anyone help me with acquiring/setting up one?

You can find information about the demo server on wikibooks [0]

 

Alternatively, simply describing a policy for different roles would help as well.

Thanks in advance!

Kind regards,
Gijs van Enckevort

[0] http://en.wikibooks.org/wiki/GNU_Health/The_Demo_database#The_online_Demo_Database

Regards

Ronald Munjoma