A systematic approach for analysis and design of secure health informationsystems

A toolset using object-oriented techniques including the nowadays popular u nified modelling language (UML) approach has been developed to facilitate t he different users' views for security analysis and design of health care i nformation systems. Paradigm and concepts used are based on the component a rchitecture of information systems and on a general layered security model. The toolset was developed in 1996/1997 within the ISHTAR project funded by the European Commission as well as through international standardisation a ctivities. Analysing and systematising real health care scenarios, only six and nine use case types could be found in the health and the security-rela ted view, respectively. By combining these use case types, the analysis and design of any thinkable system architecture can be simplified significantl y. Based on generic schemes, the environment needed for both communication and application security can be established by appropriate sets of security services and mechanisms. Because of the importance and the basic character of electronic health care record (EHCR) systems, the understanding of the approach is facilitated by (incomplete) examples for this application. (C) 2001 Elsevier Science Ireland Ltd. All rights reserved.