Download This PaperScenario-Based Templates Supporting Usable Privacy Policy Authoring
12 Pages Posted: 18 Jun 2014
Date Written: June 23, 2014
Abstract
Because of the sensitivity of information systems storing and processing health-records of patients,access control considerations are of utmost importance to establish a foundation for privacy. Privacy represents an individual concern, therefore we believe that in principle only the patient can be the sole author of privacy settings. Still in a multi-stakeholder domain like health-care, information systems have to properly provide access to required health-data. Patient’s privacy settings might therefore interfere with health-care domain activities, leading to problems regarding the effective use of an information system. We see a potential solution to this problem by aligning typical working activities of the healthcare domain with corresponding access control settings. As health-care stakeholders as well as patients are typically not security experts, usability is a key factor in building policy authoring tools. In this context we emphasize the awareness of stakeholders regarding the implications of their settings. In this work we propose a scenario-based approach with integrated access control aspects to support the development of privacy policy authoring tools. In this way medical stakeholders and privacy-concerned patients do not have to directly define privacy policies (which we think is in feasible), but instead are provided with tools to generate these policies by taking health-care domain activities into consideration.
Suggested Citation: Suggested Citation