Confidential communications

Medical information is very private and sensitive. With the digitization of medical data, it is becoming accessible through distributed systems, including the Internet. Access to all this information and appropriate exchange of data makes the job of health providers more effective, however, the number of people that can potentially access this information increases by orders of magnitude. Private health information is not well protected. We present guidelines for security models for medical information systems. First, we model the structure of the medical information in the form of object-oriented patterns. Second, we study models and patterns in use today and compare them to our patterns. Next we define requirements necessary for controlling access, and describe the common policies and restrictions of security models for medical applications. We present some of the medical record access control restrictions directly in a conceptual model of the medical information.