Abstract
American and European Legislation for protection of medical data agree that the patient has the right to play a pivotal role in the decisions regarding the content and distribution of her/his medical records. The Role Based Access Control (RBAC) model is the most commonly used authorization model in healthcare. The first goal of this work is to review if existing models and standards provide for patients accessing their medical records and customizing access control rules, the second goal is to define and propose an authorization model based on RBAC to be used and customized by the patient. A literature review was performed and encompassed 22 articles and standards from which 12 were included for analysis. Results show that existing standards define guidelines for these issues but they are too generic to be directly applied to real healthcare settings. The proposed authorization model combines characteristics of RBAC, ISO/TS 13606-4, temporal constraints and break the glass. With this model we hope to start bridging the gap between legislation and what really happens in practice in terms of patients controlling and being actively involved in their healthcare. Future work includes the implementation and evaluation of the proposed model in a healthcare setting.

Abstract
Electronic Health Records (EHR) are a collection of all individuals health data, in an electronic form, generated during relevant interactions with the healthcare system. The federated database systems provides intercommunication between different and autonomous data units, which enables sharing data. This paper aims to be a state-of-art on the requirements to take into account when developing a federated system. For that, we did a literature review on PubMed, ISI Web of Knowledge, Scopus and Google Scholar. Federated systems must ensure interoperability using open standards; guarantee the system value through high quality services; have modular architecture to allow developments, maintenance and evolutions, and finally, enable the "monotonic" systems with an incremental evolution. When developing these systems we have to avoid semantic, functional and instance conflicts to ensure the correct functionality. We concluded that federated systems are a good option in health's domain. They allow a high volume of data storage in healthcare that can be accessed in any place, at any time, by health professionals. Thus, we believe that federated systems are a tool to improve the quality and efficiency of health care.

Abstract
The widening use of Information Systems, which allow the collection, extraction, storage, management and search of information, is increasing the need for information security. After a user is successfully identified and authenticated to a system, he needs to be authorised to access the resources he/she requested. Access control is part of this last process that checks if a user can access those resources. This is particularly important in the healthcare environment where there is the need to control access to Electronic Medical Records (EMR). Although EMR can be an important support tool for the healthcare professional there are some barriers that prevent its successful integration. These barriers include the fact that healthcare professionals do not participate in the development of access control to access the EMR imposing them extra effort in its use. New access control policies to be implemented should focus on human processes and needs. The main objective of this project is to reduce EMR barriers by including healthcare professionals and patients in the definition and improvement of access control policies and models. If this can be achieved, we hypothesize that the EMR can be more successfully integrated into the healthcare practice and provide for better patient treatment.

Abstract
Teleradiology is the acquisition and transmission of radiologic images and respective diagnosis from a different location where the patient performed the exam. A teleradiology system was implemented in the ACES Alto Tras-os-Montes I Nordeste, in the Northeast of Portugal in 2008, aiming to overcome the shortage of this healthcare resource and expertise in the region. The main objective of this paper is to assess users' satisfaction with the use of the teleradiology system presented above and investigate the main changes and impact that this system had for the patients and healthcare professionals involved in the process. Focus groups were applied and allowed to ascertaining the users' perspectives regard the system. The main characteristic of the participants was that they used the system to perform their work on a daily basis or they benefited from its use. A focus group was performed for each of the three categories: Radiology Technicians, Primary Care Physicians and Patients, and they lasted one hour on average. Both healthcare professionals and patients have benefited with the introduction of the teleradiology system. The methodology applied allowed to better explore why it is so for each different group and for the various aspects of the system.

Abstract
Recommendations and regulations are available in healthcare to protect sensitive medical information. These regulations tend to be generic and orient attitudes within the medical practice and are usually not straightforward to be translated into practice. The main objective of this paper is to present the implementation of the Break the Glass (BTG) concept in a real healthcare setting in order to enforce the legislation for genetic information and evaluate the process of translating legislation into the healthcare practice. The user logs were analysed to assess if the BTG system was working as expected, providing genetic information confidentiality, as well as if the legislation was being enforced in a controlled and responsible manner. Results show that the process to translate legislation into practice could be faster and more efficient. User logs show that in terms of confidentiality the BTG features prevent more non authorised people from accessing genetic reports. We expect the tendency to be that only users who really need to access the reports will go through with the process of BTG. Enhancements to the system include the implementation of the access control management infrastructure within a more robust access control platform to perform the authentication and authorization processes.

Abstract
Health Information Systems (HIS) are often deployed with inadequate security mechanisms and with users being generally pointed out as the weakest link. The launch of the Portuguese digital national identification smart card, the Citizen Card (CC), with strong authentication and digital signing capabilities, represents a new and viable economic opportunity for securing a HIS and at the same time foster the creation of a much more secure national health information infrastructure. Smart cards are being deployed in healthcare in several places around the world with highly encouraging results. Major programs have already been deployed with great success, although there are some well identified issues that need to be addressed. The CC is a versatile and secure card, with the latest in encryption and tamper resistance technologies, with standard support for a Public Key Infrastructure (PKI). We present the advantages and enumerate some of the problems of using a smart card in a HIS, as well as the CC possible contributions in this area, namely as an easy, inexpensive, widely deployed way of using current technology to protect HIS security, and ultimately patient information, while at the same time fostering the expansion and deployment of inter operable HIS. Issues are identified that will need to be resolved and a detailed plan for further work to assess the level of impact the CC can have on the national HIS is indicated.