PSecurity Specification Language for Distributed Health Information System (DiHIS)

The introduction of policy based management which to manage distributed, complex and numerous systems is widely accepted and used in various sectors. The policy creators create policies that suit best for their operations and management. Since there are numerous of policies, this research focuses on the security policies only which are appointed to the distributed system of health information system. In order to implement the security policies, we need a language that can represent the security policies for distributed health information system completely. From the literature review conducted, there are numerous of security languages have been introduced since two decades ago. Those languages carry their own approaches representing the security policy and some of them do not support the characteristics of distributed system. There is no security language to implement the security policy for distributed health information system. This thesis introduces and initiates a security language to implement security policies in distributed health information system called DiHIS. Adding to that, there are three existing security languages used for discussion and comparison with the proposed DiHIS security language. They are ASL, LaSCO and Ponder. DiHIS security language has shown that it is able to represent the Security Policy Model for Clinical Information System completely compares to those three security languages. This language also has an added value when it covers the Need To Know Policy which other security languages do not. Need To Know Policy is one of the crucial issues in the health sector. DiHIS security language has also been tested with the application domain in health information system. The strength of the language can be seen with the ability of DiHIS to represent the security policies in various connections between various organizations involved in distributed health information system

PSecurity Specification Language for Distributed Health Information System (DiHIS)

The introduction of policy based management which to manage distributed, complex and numerous systems is widely accepted and used in various sectors. The policy creators create policies that suit best for their operations and management. Since there are numerous of policies, this research focuses on the security policies only which are appointed to the distributed system of health information system. In order to implement the security policies, we need a language that can represent the security policies for distributed health information system completely. From the literature review conducted, there are numerous of security languages have been introduced since two decades ago. Those languages carry their own approaches representing the security policy and some of them do not support the characteristics of distributed system. There is no security language to implement the security policy for distributed health information system. This thesis introduces and initiates a security language to implement security policies in distributed health information system called DiHIS. Adding to that, there are three existing security languages used for discussion and comparison with the proposed DiHIS security language. They are ASL, LaSCO and Ponder. DiHIS security language has shown that it is able to represent the Security Policy Model for Clinical Information System completely compares to those three security languages. This language also has an added value when it covers the Need To Know Policy which other security languages do not. Need To Know Policy is one of the crucial issues in the health sector. DiHIS security language has also been tested with the application domain in health information system. The strength of the language can be seen with the ability of DiHIS to represent the security policies in various connections between various organizations involved in distributed health information system

Initial experiences in developing e-health solutions across Scotland

The MRC funded Virtual Organisations for Trials and Epidemiological Studies (VOTES) project is a collaborative effort between e-Science, clinical and ethical research centres across the UK including the universities of Oxford, Glasgow, Imperial, Nottingham and Leicester. The project started in September 2005 and is due to run for 3 years. The primary goal of VOTES is to develop a reusable Grid framework through which a multitude of clinical trials and epidemiological studies can be supported. The National e-Science Centre (NeSC) at the University of Glasgow are looking at developing the Scottish components of this framework. This paper presents the initial experiences in developing this framework and in accessing and using existing data sets, services and software across the NHS in Scotland

Data privacy by design: digital infrastructures for clinical collaborations

The clinical sciences have arguably the most stringent security demands on the adoption and roll-out of collaborative e-Infrastructure solutions such as those based upon Grid-based middleware. Experiences from the Medical Research Council (MRC) funded Virtual Organisations for Trials and Epidemiological Studies (VOTES) project and numerous other real world security driven projects at the UK e-Science National e-Science Centre (NeSC – www.nesc.ac.uk) have shown that whilst advanced Grid security and middleware solutions now offer capabilities to address many of the distributed data and security challenges in the clinical domain, the real clinical world as typified by organizations such as the National Health Service (NHS) in the UK are extremely wary of adoption of such technologies: firewalls; ethics; information governance, software validation, and the actual realities of existing infrastructures need to be considered from the outset. Based on these experiences we present a novel data linkage and anonymisation infrastructure that has been developed with close co-operation of the various stakeholders in the clinical domain (including the NHS) that addresses their concerns and satisfies the needs of the academic clinical research community. We demonstrate the implementation of this infrastructure through a representative clinical study on chronic diseases in Scotland

Security oriented e-infrastructures supporting neurological research and clinical trials

The neurological and wider clinical domains stand to gain greatly from the vision of the grid in providing seamless yet secure access to distributed, heterogeneous computational resources and data sets. Whilst a wealth of clinical data exists within local, regional and national healthcare boundaries, access to and usage of these data sets demands that fine grained security is supported and subsequently enforced. This paper explores the security challenges of the e-health domain, focusing in particular on authorization. The context of these explorations is the MRC funded VOTES (Virtual Organisations for Trials and Epidemiological Studies) and the JISC funded GLASS (Glasgow early adoption of Shibboleth project) which are developing Grid infrastructures for clinical trials with case studies in the brain trauma domain

Semantic security: specification and enforcement of semantic policies for security-driven collaborations

Collaborative research can often have demands on finer-grained security that go beyond the authentication-only paradigm as typified by many e-Infrastructure/Grid based solutions. Supporting finer-grained access control is often essential for domains where the specification and subsequent enforcement of authorization policies is needed. The clinical domain is one area in particular where this is so. However it is the case that existing security authorization solutions are fragile, inflexible and difficult to establish and maintain. As a result they often do not meet the needs of real world collaborations where robustness and flexibility of policy specification and enforcement, and ease of maintenance are essential. In this paper we present results of the JISC funded Advanced Grid Authorisation through Semantic Technologies (AGAST) project (www.nesc.ac.uk/hub/projects/agast) and show how semantic-based approaches to security policy specification and enforcement can address many of the limitations with existing security solutions. These are demonstrated into the clinical trials domain through the MRC funded Virtual Organisations for Trials and Epidemiological Studies (VOTES) project (www.nesc.ac.uk/hub/projects/votes) and the epidemiological domain through the JISC funded SeeGEO project (www.nesc.ac.uk/hub/projects/seegeo)

Where has all the psychology gone? A critical review of evidence-based psychological practice in correctional settings

Evidence-Based Practice (EBP) represents the gold standard for effective clinical psychological practice. In this review, we examine ways in which EBP tenets are being neglected by correctional psychologists worldwide. We examine three key aspects of EBP currently being neglected: (a) individualized and flexible client focus, (b) the therapeutic alliance, and (c) psychological expertise. We also highlight two highly related issues responsible for correctional psychologists' neglect of EBP. The first relates to policy makers' and correctional psychologists' overreliance on the Risk–Need–Responsivity Model to guide correctional practice. We argue that the narrow focus and implementation of this model has resulted in a severe identity problem for correctional psychologists that has severely exacerbated the dual relationship problem. That is, the tension psychologists experience as a result of engaging in psychological practice while also obliging the risk and security policies of correctional systems. The second issue concerns psychologists' response to the dual relationship problem. In short, psychology, as a discipline appears to have acquiesced to the dual-relationship problem. In our view, this constitutes a ‘crisis’ for the discipline of correctional psychology. We offer several recommendations for injecting EBP back into correctional psychology for the individual, psychology as a discipline, and correctional policy makers

E-infrastructures fostering multi-centre collaborative research into the intensive care management of patients with brain injury

Clinical research is becoming ever more collaborative with multi-centre trials now a common practice. With this in mind, never has it been more important to have secure access to data and, in so doing, tackle the challenges of inter-organisational data access and usage. This is especially the case for research conducted within the brain injury domain due to the complicated multi-trauma nature of the disease with its associated complex collation of time-series data of varying resolution and quality. It is now widely accepted that advances in treatment within this group of patients will only be delivered if the technical infrastructures underpinning the collection and validation of multi-centre research data for clinical trials is improved. In recognition of this need, IT-based multi-centre e-Infrastructures such as the Brain Monitoring with Information Technology group (BrainIT - www.brainit.org) and Cooperative Study on Brain Injury Depolarisations (COSBID - www.cosbid.de) have been formed. A serious impediment to the effective implementation of these networks is access to the know-how and experience needed to install, deploy and manage security-oriented middleware systems that provide secure access to distributed hospital based datasets and especially the linkage of these data sets across sites. The recently funded EU framework VII ICT project Advanced Arterial Hypotension Adverse Event prediction through a Novel Bayesian Neural Network (AVERT-IT) is focused upon tackling these challenges. This chapter describes the problems inherent to data collection within the brain injury medical domain, the current IT-based solutions designed to address these problems and how they perform in practice. We outline how the authors have collaborated towards developing Grid solutions to address the major technical issues. Towards this end we describe a prototype solution which ultimately formed the basis for the AVERT-IT project. We describe the design of the underlying Grid infrastructure for AVERT-IT and how it will be used to produce novel approaches to data collection, data validation and clinical trial design is also presented

Supporting security-oriented, inter-disciplinary research: crossing the social, clinical and geospatial domains

How many people have had a chronic disease for longer than 5-years in Scotland? How has this impacted upon their choices of employment? Are there any geographical clusters in Scotland where a high-incidence of patients with such long-term illness can be found? How does the life expectancy of such individuals compare with the national averages? Such questions are important to understand the health of nations and the best ways in which health care should be delivered and measured for their impact and success. In tackling such research questions, e-Infrastructures need to provide tailored, secure access to an extensible range of distributed resources including primary and secondary e-Health clinical data; social science data, and geospatial data sets amongst numerous others. In this paper we describe the security models underlying these e-Infrastructures and demonstrate their implementation in supporting secure, federated access to a variety of distributed and heterogeneous data sets exploiting the results of a variety of projects at the National e-Science Centre (NeSC) at the University of Glasgow