Table 3 Assets identified for BP2: “Access the medical record of a foreign patient”
ID | Description | Category | Comments |
|---|---|---|---|
A1 | Medical record information | Information | The main asset to be protected. |
A2 | HCP credentials | Information | e.g. usernames, passwords etc. |
A3 | HCP authentication means | Infrastructure | e.g. eID card |
A4 | Intention of accessing medical record | Information | The intention of accessing a patient’s medical record is crucial. On the one hand, it could imply an attack attempt and, in this case, the medical record owner should be notified. On the other hand, it should be protected as it clearly implies that the doctor intends to conduct a medical transaction, and this could contain sensitive information. |