{"id":"https://openalex.org/W1988529726","doi":"https://doi.org/10.1145/1987993.1988006","title":"Evaluating access control of open source electronic health record systems","display_name":"Evaluating access control of open source electronic health record systems","publication_year":2011,"publication_date":"2011-05-22","ids":{"openalex":"https://openalex.org/W1988529726","doi":"https://doi.org/10.1145/1987993.1988006","mag":"1988529726"},"language":"en","primary_location":{"id":"doi:10.1145/1987993.1988006","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1987993.1988006","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 3rd Workshop on Software Engineering in Health Care","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5038127300","display_name":"Eric Helms","orcid":null},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Eric Helms","raw_affiliation_strings":["North Carolina State University, Raleigh, NC, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"North Carolina State University, Raleigh, NC, USA","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5028171895","display_name":"Laurie Williams","orcid":"https://orcid.org/0000-0003-3300-6540"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Laurie Williams","raw_affiliation_strings":["North Carolina State University, Raleigh, NC, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"North Carolina State University, Raleigh, NC, USA","institution_ids":["https://openalex.org/I137902535"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":9.7271,"has_fulltext":false,"cited_by_count":21,"citation_normalized_percentile":{"value":0.97442886,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"63","last_page":"70"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10350","display_name":"Electronic Health Records Systems","score":0.9961000084877014,"subfield":{"id":"https://openalex.org/subfields/3605","display_name":"Health Information Management"},"field":{"id":"https://openalex.org/fields/36","display_name":"Health Professions"},"domain":{"id":"https://openalex.org/domains/4","display_name":"Health Sciences"}},{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.9919000267982483,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/certification","display_name":"Certification","score":0.8158220052719116},{"id":"https://openalex.org/keywords/health-insurance-portability-and-accountability-act","display_name":"Health Insurance Portability and Accountability Act","score":0.6413335204124451},{"id":"https://openalex.org/keywords/best-practice","display_name":"Best practice","score":0.5910544395446777},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.5103082060813904},{"id":"https://openalex.org/keywords/software-portability","display_name":"Software portability","score":0.49616608023643494},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.48857149481773376},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.4697699248790741},{"id":"https://openalex.org/keywords/health-care","display_name":"Health care","score":0.43245401978492737},{"id":"https://openalex.org/keywords/nist","display_name":"NIST","score":0.417753666639328},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4159051179885864},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.3838474154472351},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.33423006534576416},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.3255695700645447},{"id":"https://openalex.org/keywords/confidentiality","display_name":"Confidentiality","score":0.22970205545425415}],"concepts":[{"id":"https://openalex.org/C46304622","wikidata":"https://www.wikidata.org/wiki/Q374814","display_name":"Certification","level":2,"score":0.8158220052719116},{"id":"https://openalex.org/C2778306010","wikidata":"https://www.wikidata.org/wiki/Q606563","display_name":"Health Insurance Portability and Accountability Act","level":3,"score":0.6413335204124451},{"id":"https://openalex.org/C184356942","wikidata":"https://www.wikidata.org/wiki/Q830382","display_name":"Best practice","level":2,"score":0.5910544395446777},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.5103082060813904},{"id":"https://openalex.org/C63000827","wikidata":"https://www.wikidata.org/wiki/Q3080428","display_name":"Software portability","level":2,"score":0.49616608023643494},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.48857149481773376},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.4697699248790741},{"id":"https://openalex.org/C160735492","wikidata":"https://www.wikidata.org/wiki/Q31207","display_name":"Health care","level":2,"score":0.43245401978492737},{"id":"https://openalex.org/C111219384","wikidata":"https://www.wikidata.org/wiki/Q6954384","display_name":"NIST","level":2,"score":0.417753666639328},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4159051179885864},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.3838474154472351},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.33423006534576416},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.3255695700645447},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.22970205545425415},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C50522688","wikidata":"https://www.wikidata.org/wiki/Q189833","display_name":"Economic growth","level":1,"score":0.0},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.0},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1987993.1988006","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1987993.1988006","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 3rd Workshop on Software Engineering in Health Care","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":18,"referenced_works":["https://openalex.org/W1980437932","https://openalex.org/W1997862012","https://openalex.org/W2046941282","https://openalex.org/W2060690494","https://openalex.org/W2065076704","https://openalex.org/W2065246078","https://openalex.org/W2095881341","https://openalex.org/W2123298731","https://openalex.org/W2141255867","https://openalex.org/W2142483115","https://openalex.org/W2149581025","https://openalex.org/W2149608677","https://openalex.org/W2154026403","https://openalex.org/W2154765153","https://openalex.org/W2157814042","https://openalex.org/W2161660670","https://openalex.org/W2166602595","https://openalex.org/W2626643089"],"related_works":["https://openalex.org/W2158491338","https://openalex.org/W2807901368","https://openalex.org/W2133733652","https://openalex.org/W107105315","https://openalex.org/W2072658171","https://openalex.org/W2606392311","https://openalex.org/W1584537303","https://openalex.org/W4388155270","https://openalex.org/W2320042380","https://openalex.org/W4301229064"],"abstract_inverted_index":{"Incentives":[0],"and":[1,13,25,44,72,109,127,134,182,189],"penalties":[2],"for":[3,125,213],"healthcare":[4],"providers":[5],"as":[6],"laid":[7],"out":[8],"in":[9,22,33,82,100,104,121,139,150],"the":[10,23,34,37,52,77,80,105,122,140,145,148,169,180,186,214],"American":[11],"Recovery":[12],"Reinvestment":[14],"Act":[15,111],"of":[16,27,39,54,57,63,79,93,147,179,217],"2009":[17],"have":[18],"caused":[19],"tremendous":[20],"growth":[21],"development":[24,69],"installation":[26],"electronic":[28],"health":[29,59],"record":[30],"(EHR)":[31],"systems":[32,50,102,159],"US.":[35],"For":[36],"benefit":[38],"protecting":[40],"patient":[41,218],"privacy,":[42],"regulations":[43],"certification":[45,73,116,183],"criteria":[46,95,173,184],"related":[47,192],"to":[48,67,97,193],"EHR":[49,83,101,158,203],"stipulate":[51],"use":[53,115],"access":[55,84,98,131,151,194,210],"control":[56,99,132,152,211],"protected":[58],"information.":[60],"The":[61],"goal":[62],"this":[64,87],"research":[65,166],"is":[66],"guide":[68],"teams,":[70],"regulators,":[71],"bodies":[74],"by":[75,153],"assessing":[76],"state":[78,146],"practice":[81,149],"control.":[85,195],"In":[86],"paper,":[88],"we":[89],"present":[90],"a":[91],"compilation":[92],"25":[94,162],"relative":[96],"found":[103,138],"Health":[106],"Insurance":[107],"Portability":[108],"Accountability":[110],"(HIPAA)":[112],"regulation,":[113],"meaningful":[114],"criteria,":[117],"best":[118,136,190],"practices":[119,137,191],"embodied":[120],"National":[123],"Institute":[124],"Standards":[126],"Technology":[128],"(NIST)":[129],"role-based":[130],"standard,":[133],"other":[135],"literature.":[141],"We":[142],"then":[143],"examine":[144],"evaluating":[154],"four":[155],"open":[156,201],"source":[157,202],"using":[160],"these":[161],"evaluation":[163],"criteria.":[164],"Our":[165],"indicates":[167],"that":[168,200],"NIST":[170],"Meaningful":[171],"Use":[172],"provide":[174],"HIPAA":[175],"compliance,":[176],"but":[177],"none":[178],"regulatory":[181],"address":[185],"implementation":[187],"standards,":[188],"Additionally,":[196],"our":[197],"results":[198],"indicate":[199],"system":[204],"designers":[205],"are":[206],"not":[207],"implementing":[208],"robust":[209],"mechanisms":[212],"adequate":[215],"protection":[216],"data.":[219]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2018,"cited_by_count":3},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":2},{"year":2014,"cited_by_count":3},{"year":2013,"cited_by_count":3},{"year":2012,"cited_by_count":3}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}