Access and usage control requirements for patient controlled record type of healthcare information system

This paper addresses the issue of access and usage control requirements in healthcare information system. Our work aims at identifying the access and usage control requirements for a particular healthcare information system where patients have pivotal right to grant or deny access to their health records. We term this system "Patient Controlled Record type of Healthcare Information System or PCRHIS". It is worth noting that the requirements, presented in this paper, are the results of our studies from both user's requirements and legal issues (based on 95/46/EC Directive) under the scope of Walloon Healthcare Network (WHN). The WHN project aims at providing an electronic healthcare facility for patients in Walloon region, Belgium, that joins all healthcare institutions, clinics, and physicians and allows sharing of patients' health records when needed. The main contribution of this work is that, with these requirements as a reference, one can identify an appropriate access and usage control model. This applies not only to the proposed system under the scope of WHN project but also to any system that has similar model.