Skip to main content

Table 3 Assets identified for BP2: “Access the medical record of a foreign patient”

From: Comprehensive user requirements engineering methodology for secure and interoperable health data exchange

ID Description Category Comments
A1 Medical record information Information The main asset to be protected.
A2 HCP credentials Information e.g. usernames, passwords etc.
A3 HCP authentication means Infrastructure e.g. eID card
A4 Intention of accessing medical record Information The intention of accessing a patient’s medical record is crucial. On the one hand, it could imply an attack attempt and, in this case, the medical record owner should be notified. On the other hand, it should be protected as it clearly implies that the doctor intends to conduct a medical transaction, and this could contain sensitive information.