Audit-based Compliance Control (AC2) for EHR Systems

Traditionally, medical data is stored and processed using paper-based files. Recently, medical facilities have started to store, access and exchange medical data in digital form. The drivers for this change are mainly demands for cost reduction, and higher quality of health care. The main concerns when dealing with medical data are availability and confidentiality. Unavailability (even temporary) of medical data is expensive. Physicians may not be able to diagnose patients correctly, or they may have to repeat exams, adding to the overall costs of health care. In extreme cases availability of medical data can even be a matter of life or death. On the other hand, confidentiality of medical data is also important. Legislation requires medical facilities to observe the privacy of the patients, and states that patients have a final say on whether or not their medical data can be processed or not. Moreover, if physicians, or their EHR systems, are not trusted by the patients, for instance because of frequent privacy breaches, then patients may refuse to submit (correct) information, complicating the work of the physicians greatly. \ud \ud In traditional data protection systems, confidentiality and availability are conflicting requirements. The more data protection methods are applied to shield data from outsiders the more likely it becomes that authorized persons will not get access to the data in time. Consider for example, a password verification service that is temporarily not available, an access pass that someone forgot to bring, and so on. In this report we discuss a novel approach to data protection, Audit-based Compliance Control (AC2), and we argue that it is particularly suited for application in EHR systems. In AC2, a-priori access control is minimized to the mere authentication of users and objects, and their basic authorizations. More complex security procedures, such as checking user compliance to policies, are performed a-posteriori by using a formal and automated auditing mechanism. To support our claim we discuss legislation concerning the processing of health records, and we formalize a scenario involving medical personnel and a basic EHR system to show how AC2 can be used in practice. \ud \ud This report is based on previous work (Dekker & Etalle 2006) where we assessed the applicability of a-posteriori access control in a health care scenario. A more technically detailed article about AC2 recently appeared in the IJIS journal, where we focussed however on collaborative work environments (Cederquist, Corin, Dekker, Etalle, & Hartog, 2007). In this report we first provide background and related work before explaining the principal components of the AC2 framework. Moreover we model a detailed EHR case study to show its operation in practice. We conclude by discussing how this framework meets current trends in healthcare and by highlighting the main advantages and drawbacks of using an a-posteriori access control mechanism as opposed to more traditional access control mechanisms

Fiscal Rules and Fiscal Performance in the EU and Japan

Fiscal rules specify quantitative targets for key budgetary aggregates. In this paper, we review the experience with such rules in Japan and in the EU. Comparing the performance of fiscal policy in the 1980s and 1990s until 2003, we find that the fiscal rule of the 1980s exerted some but not much disciplinary influence on Japanese fiscal policy. The fiscal rule of the Maastricht Treaty had a significant impact on political budget cycles in the EU, but did little to constrain fiscal policy in the large member states. Since the start of the European Monetary Union, the disciplinary effect of the fiscal rule in the EU has vanished. Next, we discuss the importance of budgetary institutions for the effectiveness of fiscal rules. In Europe, a number of countries adopted strong fiscal rules, i.e., a fiscal rule combined with a design of the budget process enabling governments to commit to the rule. We find that strong fiscal rules have been effective. We conclude with some suggestions for the design of a strong fiscal rule in Japan

Refinement for Administrative Policies

Flexibility of management is an important requisite for access control systems as it allows users to adapt the access control system in accordance with practical requirements. This paper builds on earlier work where we defined administrative policies for a general class of RBAC models. We present a formal definition of administrative refinnement and we show that there is an ordering for administrative privileges which yields administrative refinements of policies. We argue (by giving an example) that this privilege ordering can be very useful in practice, and we prove that the privilege ordering is tractable

Strengthening the accountability of independent regulatory agencies: From performance back to democracy

The autonomy of independent regulatory agencies (IRAs) raises concerns about how to keep them accountable. Remarkably, the process of Europeanisation has led to the emergence of a multilevel regulatory system linking IRAs to national and supranational actors but, on the other side, this process has influenced the capacity to make IRAs accountable. The literature about the accountability deficit of IRAs has tried to address this question, but the interplay between delegation, \u2018multi-levelisation\u2019 and accountability has not been thoroughly investigated yet. Notably, theoretical analysis of IRAs\u2019 accountability in multilevel regulatory environments is still scarce. This article is aimed at contributing to the debate by pointing out that any theoretical discussion about the accountability of IRAs should be framed in normative terms and, precisely, should reconsider a crucial dimension neglected so far, that is, the goals accountability is expected to achieve. The article, in fact, argues that in multilevel regulatory environments the impact of devices adopted to improve the accountability of IRAs is generally weakened by the presence of a \u2018neutral\u2019 idea of accountability, which dilutes its power. The only way to strengthen the effect of accountability is to bring politics and democratic values back into the regulatory process

European Administrative Reform and Agencies

administrative adaptation; agency theory; institutions

Rule-Based Application Development using Webdamlog

We present the WebdamLog system for managing distributed data on the Web in a peer-to-peer manner. We demonstrate the main features of the system through an application called Wepic for sharing pictures between attendees of the sigmod conference. Using Wepic, the attendees will be able to share, download, rate and annotate pictures in a highly decentralized manner. We show how WebdamLog handles heterogeneity of the devices and services used to share data in such a Web setting. We exhibit the simple rules that define the Wepic application and show how to easily modify the Wepic application.Comment: SIGMOD - Special Interest Group on Management Of Data (2013

Privacy in an Ambient World

Privacy is a prime concern in today's information society. To protect\ud the privacy of individuals, enterprises must follow certain privacy practices, while\ud collecting or processing personal data. In this chapter we look at the setting where an\ud enterprise collects private data on its website, processes it inside the enterprise and\ud shares it with partner enterprises. In particular, we analyse three different privacy\ud systems that can be used in the different stages of this lifecycle. One of them is the\ud Audit Logic, recently introduced, which can be used to keep data private when it\ud travels across enterprise boundaries. We conclude with an analysis of the features\ud and shortcomings of these systems

The limits of law in the protection of public health and the role of public health ethics

Peer reviewe

Multiple safety net regulators and agency problems in the European Union: Is prompt corrective action partly the solution?

This paper discusses the institutional changes needed in Europe if prompt corrective action (PCA) is to be effective in supervising and resolving cross-border banking groups. The paper identifies these changes starting with enhancements in the availability of information on banking groups’ financial condition to prudential supervisors. Next, the paper considers the collective decision making by prudential supervisors with authority to make discretionary decisions within the PCA framework as soon as a bank in a cross-border banking group falls below the minimum capital standard. Finally, the paper analyzes the coordination measures that should be implemented if PCA requires the bank to be resolved.