Authorization schema for electronic health-care records : For Uganda

Abstract: This master’s thesis project began at the Karolinska University Hospital. This thesis discusses how to design an authorization schema focused on ensuring each patient’s data privacy within a hospital information system. It begins with an overview of the current problem, followed by a review of related work. The overall project’s goal is to create and evaluate an authorization schema that can ensure each patient’s data confidentiality. Authorization has currently become a very important aspect in information systems, to the point of being a necessity when implementing a complete system for managing access control in certain complex environments. This requirement lead to the approach that this master thesis takes for effectively reasoning about authorization requests in situations where a great number of parameters could affect the access control assessment. This study is part of the ICT4MPOWER project developed in Sweden by both public and private organizations with the objective of improving health-care aid in Uganda through the use of information and communication technologies.  More concretely, this work defines an authorization schema that can cope with the increasing needs of sophisticated access control methods where a complex environment exists and policies require certain flexibility.