Abstract
We introduce Computational Depth, a measure for the amount of "nonrandom" or "useful" information in a string by considering the difference of various Kolmogorov complexity measures. We investigate three instantiations of Computational Depth: center dot Basic Computational Depth, a clean notion capturing the spirit of Bennett's Logical Depth. We show that a Turing machine M runs in time polynomial on average over the time-bounded universal distribution if and only if for all inputs x, M uses time exponential in the basic computational depth of x. center dot Sublinear-time Computational Depth and the resulting concept of Shallow Sets, a generalization of sparse and random sets based on low depth properties of their characteristic sequences. We show that every computable set that is reducible to a shallow set has polynomial-size circuits. center dot Distinguishing Computational Depth, measuring when strings are easier to recognize than to produce. We show that if a Boolean formula has a nonnegligible fraction of its satisfying assignments with low depth, then we can find a satisfying assignment efficiently.

Abstract
The Electronic Medical Record (EMR) allows for the distributed collection and searching of healthcare information. However, it usually does not integrate easily into healthcare professionals' daily workflows. Barriers to its acceptance include costs such as time and effort, but also relational and educational issues. Access controls are likely to increase the barrier to acceptance, since their design and implementation are very complex and thus costly. Three literature reviews were performed in order to gain insight to this problem. The two reviews regarding access control implementation (A and B) showed that the definition of an access control policy was ACP(A)=29% and ACP(B)=58%, and the participation of end users in its development within Information Systems (IS) was UPD(A)=0% and UPD(B)=0%. The review regarding evaluation methods (Review C) showed that most chosen methods were not appropriate for the evaluation that needed to be performed (CMI(C)=44%) and that the ISs were difficult to use (SDU(C)=22%) and did not simplify the workflow environment for which they were implemented (CWD(C)=19%). The goal of this paper is to propose that future access control systems for EMR should monitor healthcare professionals' attitudes, opinions and experiences through the use of comprehensive evaluation methods to improve the acceptance of EMR.

Abstract
Under a standard hardness assumption we exactly characterize the worst-case running time of languages that are in average polynomial-time over all polynomial-time samplable distributions. More precisely we show that if exponential time is not infinitely often in subexponential space, then the following are equivalent for any algorithm A: For all P-samplable distributions mu, A runs in time polynomial on mu-average. For all polynomial p, the running time for A is bounded by 2(O(Kp(x)-K(x)+log(|x|))) for all inputs x. where K(x) is the Kolmogorov complexity (size of smallest program generating x) and K-p(x) is the size of the smallest program generating x within time p(|x|). To prove this result we show that, under the hardness assumption, the polynomial-time Kolmogorov distribution, m(p)(x) = 2(-Kp(x)), is universal among the P-samplable distributions.

Abstract
Purpose: The objective of this paper is to showthat grounded theory (GT), together with mixed methods, can be used to involve healthcare professionals in the design and enhancement of access control policies to Electronic Medical Record (EMR) systems. Methods: The mixed methods applied for this research included, in this sequence, focus groups (main qualitative method that used grounded theory for the data analysis) and structured questionnaires (secondary quantitative method). Results: Results showed that the presented methodology can be used to involve healthcare professionals in the definition of access control policies to EMR systems and explore these issues in a diversified and integrated way. The methodology allowed for the generation of great amounts of data in the beginning of the study and in a short time span. Results from the applied methodology revealed a first glimpse of the theories to be generated and integrated, with future research, into access control policies. Conclusions: The methodological research described in this paper is very rarely, if ever, applied in developing security tools such as access control. Nevertheless, it can be an effective way of involving healthcare professionals in the definition and enhancement of access control policies and in making information security more grounded into their workflows and daily practices.

Abstract
Although there is an initial plan describing the rules to access an Electronic Medical Record (EMR) that is devised by implementers and software engineers, its access in practice is often different from what was envisaged. Healthcare professionals do not normally participate in the design of working tools, so they have to adapt their workflows around the systems in order to use them for their daily practice (being this one of the main reasons for health information systems failure); or they may circumvent the rules established for accessing the system because those rules are too cumbersome, time-consuming, or both. The objective of this paper is to study the usability of authentication and access control features in the healthcare environment with the use of qualitative methods. Usability studies using qualitative data collection and analysis can deeper explore people's behaviour when interacting with security technology and help understand better the context, workflows, needs and beliefs of users. This can facilitate in defining better security technology that is closer to the healthcare practice.

Abstract
Access control defines what users can perform within a system. It is usually defined by software engineers and end users are seldom asked for cooperation. The main objective of this paper is to gather the necessary knowledge from the end users of an Electronic Medical Record (EMR) regarding access control and, with their collaboration, define a list of usable access control rules and access control model, which are closer to user needs and workflows. Access control standards in healthcare were also analyzed. Afterwards, focus groups were applied to health professionals and several access control rules were extracted from the analysis of all the information that was gathered. The Break The Glass - Role Based Access Control model (BTG-RBAC) was created and includes the generated access control rules, which are closer to users' workflows and needs and can, therefore, improve EMR's usability while reducing some barriers for its effective integration.