Role based Access Control for a Medical Database

L.A. Slevin and A. Macfie (UK)


RBAC, Authorization, medical database, NHS


This paper describes the testing the applicability of Role Based Access Control (RBAC) within an existing medical database in the Oncology Department at St. Bartholomew’s Hospital in London, United Kingdom (UK). We show how role hierarchies and RBAC rules are derived for this particular database, and observe the outcomes of our RBAC implementation. Our work is in line with the UK Government’s initiative to make historical patient data available to as wide an audience as possible and to include RBAC as a security mechanism within the National Program for Information Technology (NPfIT) of the UK National Health Service (NHS).

Important Links:

Go Back