Skip to Main Content
In the last few years, the necessity of having documents in electronic format has been growing over and over. This phenomenon affects also healthcare organizations that have adopted a new model for managing clinical information based on so called Electronic Patient Records. On the one hand, the introduction of such models allows to easily share information among several and widespread healthcare organizations. On the other hand, this arises several questions, like how to guarantee security requirements as, e.g., confidentiality, integrity, and privacy of the information shared. In this paper, we present a formal framework for specifying and analysing policies that regulate the information sharing, in such a way that the security requirements of the author of the policy are satisfied. In particular, we consider a set of authorization, obligation, and prohibition clauses aiming at preserving confidentiality, integrity, and privacy of the clinical data of a patient.