Privacy includes the right of individuals and organizations to determine for themselves when, how and to what extent information about them is communicated to others. The growing need of managing large amounts of medical data raises important legal and ethical challenges. E-Health systems must be capable of adhering to clearly defined security policies based upon legal requirements, regulations and standards while catering for dynamic healthcare and professional needs. Such security policies, incorporating enterprise level principles of privacy, integrity and availability, coupled with appropriate audit and control processes, must be able to be clearly defined by enterprise management with the understanding that such policy will be reliably and continuously enforced. This chapter addresses the issue of identifying and fulfilling security requirements for critical applications in the e-health domain. In this chapter the authors describe the main privacy and security measures that may be taken by the implementation of e-health projects.
Security Requirements Specification in Service-Oriented Business Process Management
