Home

Find us on

Past Programs

	Keynote: Securing IT in Healthcare: Part III Patty Mechael mHealth Alliance May 16, 2013
	Keynote: SITH3, Technology-Enabled Remote Monitoring and Support Wendy Nilsen National Institutes of Health (NIH) May 17, 2013
	Intersection of mHealth and Behavioral Health SITH3 Workshop, Panel 1 May 17, 2013

Newsletter

ISTS Information Pamphlet

Search ISTS

Institute for Security, Technology, and Society
Dartmouth College
6211 Sudikoff Laboratory
Hanover, NH 03755 USA
info.ists@dartmouth.edu

Home > Projects > Health IT Security > TISH >

Access Control
Thread 1

Thread 1 Team Members

Effective use of healthcare IT requires that the right parties (such as clinicians, patients, and insurance adjusters) be able to access the information and computational resources they need, in a timely manner. However, because the information involved is sensitive and personal, healthcare enterprises need to manage this access carefully. Permitting inappropriate disclosure or modification of this data is socially irresponsible and possibly life threatening to patients – and also exposes the enterprises to legal, regulatory and economic repercussions. Besides the obvious internal risk of users having too much access (and abusing it) or too little (threatening patient care), we see many broader system-level risks: users may find the official IT system so unusable as to move their access and processing outside it (creating security, management, and reliability nightmares), or engage in behavior that defaults to all personnel having maximal access (also creating such nightmares).

Research

The Thread 1 team has collaborated with clinical liaisons and a number of industry partners to advance their research. Several publications are available through the TISH publications database (see the TISH homepage) and below:

S Sinclair and Sean Smith, "What's Wrong with Access Control in the Real World?", IEEE Security and Privacy, vol. 8, no. 4, pp. 74-77, July/Aug. 2010, doi:10.1109/MSP.2010.139.
Joseph Cooley and Sean Smith, "Dr. Jekyll or Mr. Hyde: Information Security in the Ecosystem of Healthcare", 1st USENIX Workshop on Health Security and Privacy. HealthSec '10. Washington, DC, on August 10, 2010. (Video of presentation available here.)

Education and Outreach

Seminar at the University of Pennsylvania on "The Role of Humans in Information Security Decisions", January 26, 2012.
Course at Dartmouth College on "Misperception and Security: CS169", Winter Term 2012.
Seminar on the "State of the Art Authentication in Healthcare", May 25, 2010.
Invited panel at SPIMACS 2010, "Talking Across the Disciplines of Technology and Health" (moderated by Graduate Student Sara Sinclair)

News

Impact: Students Participate in Federally Funded Research

Team

smith

The Thread 1 team is led by Professor Sean Smith (Computer Science). Other team members have included Graduate Students Gabe Weaver and Rebecca Shapiro and Undergraduates Jack Bowman and Amy Zhang.