Abstract

Abstract
Access control models describe frameworks that dictate how subjects (e.g. users) access resources. In the Role-Based Access Control (RBAC) model access to resources is based on the role the user holds within the organization. RBAC is a rigid model where access control decisions have only two output options: Grant or Deny. Break The Glass (BTG) policies on the other hand are flexible and allow users to break or override the access controls in a controlled and justifiable manner. The main objective of this paper is to integrate BTG within the NEST/ANSI RBAC model in a transparent and secure way so that it can be adopted generically in any domain where unanticipated or emergency situations may occur. The new proposed model, called BTG-RBAC, provides a third decision option BTG, which grants authorized users permission to break the glass rather than be denied access. This can easily be implemented in any application without major changes to either the application code or the RBAC authorization infrastructure, apart from the decision engine. Finally, in order to validate the model, we discuss how the BTG-RBAC model is being introduced within a Portuguese healthcare institution where the legislation requires that genetic information must be accessed by a restricted group of healthcare professionals. These professionals, advised by the ethical committee, have required and asked for the implementation of the BTG concept in order to comply with the said legislation.

Abstract
We introduce Computational Depth, a measure for the amount of "nonrandom" or "useful" information in a string by considering the difference of various Kolmogorov complexity measures. We investigate three instantiations of Computational Depth: Basic Computational Depth, a clean notion capturing the spirit of Bennett's Logical Depth. Time-t Computational Depth and the resulting concept of Shallow Sets, a generalization of sparse and random sets based on low depth properties of their characteristic sequences. We show that every, computable set that is reducible to a shallow set has polynomial-size circuits. Distinguishing Computational Depth, measuring when strings are easier to recognize than to produce. We show that if a Boolean formula has a nonnegligible fraction of its satisfying assignments with low depth, then we can find a satisfying assignment efficiently.

Abstract
The wider use of healthcare information systems and the easier integration and sharing of patient clinical information can facilitate a wider access to medical records. The main goal of this paper is to perform a systematic review to analyze published work that studied the impact of facilitating patients' access to their medical record. Moreover, this review includes the analysis of the potential benefits and drawbacks on patient attitudes, doctor-patient relationship and on medical practice. In order to fill a gap in terms of the electronic medical record (EMR) impact within this issue, this review will focus on the use of EMR for patients to access their medical records as well as the advantages and disadvantages that this can bring. The articles included in the study were identified using MEDLINE and Scopus databases and revised according to their title and abstract and, afterwards, their full text was read considering inclusion and exclusion criteria. From the 165 articles obtained in MEDLINE a total of 12 articles were selected. From Scopus, 2 articles were obtained, so a total of 14 articles were included in the review. The studies revealed that patients' access to medical records can be beneficial for both patients and doctors, since it enhances communication between them whilst helping patients to better understand their health condition. The drawbacks (for instance causing confusion and anxiety to patients) seem to be minimal. However, patients continue to show concerns about confidentiality and understanding what is written in their records. The studies showed that the use of EMR can bring several advantages in terms of security solutions as well as improving the correctness and completeness of the patient records.

Abstract
The Electronic Medical Record (EMR) is a very important support tool for patients and healthcare professionals but it has some barriers that prevent its successful integration within the healthcare practice. These barriers comprise not only security concerns but also costs, in terms of time and effort, as well as relational and educational issues that can hinder its proper use. Access control is an essential part of the EMR and provides for its confidentiality by checking if a user has the necessary rights to access the resources he/she requested. This paper comprehensively reviews the published material about access control in healthcare. The review reveals that most of the access control systems that are published in the literature are just studies or prototypes in which healthcare professionals and patients did not participate in the definition of the access control policies, models or mechanisms. Healthcare professionals usually needed to change their workflow patterns and adapt their tasks and processes in order to use the systems. If access control could be improved according to the users' needs and be properly adapted to their workflow patterns we hypothesise that some of the barriers to the effective use of EMR could be reduced. Then EMR could be more successfully integrated into the healthcare practice and provide for better patient treatment.

Abstract
Access control to Electronic Patient Records (EPR) may greatly depend on users' objectives and needs. The purpose of this study is to assess the opinions of medical doctors within a university hospital towards access control to an EPR. We selected a randomized sample of 58 doctors from a university hospital and 45 structured interviews were applied. 42 respondents (93%) agree with the existence of access control levels to patient information according to healthcare professionals' category and 31 (69%) think that more sensitive information (e.g. HIV) should be accessed only by doctors that treat those patients. As 24 doctors (53%) feel that there is no need for them to see all information about all the patients, 41 (91%) think that nurses should not be able to do it also. Further, 31 doctors (69%) believe that patients themselves should not access their full medical record. These results show that it is very hard to get to a consensual policy regarding access control to. EPR by its regular users. There is therefore the need for a multidisciplinary agreement that can include healthcare professionals' experiences and needs in order to define the most appropriate and efficient way to perform access control to the EPR.