Department of Computer Science and Technology

Technical reports

A formal security policy for an NHS electronic health record service

Moritz Y. Becker

March 2005, 81 pages

DOI: 10.48456/tr-628


The ongoing NHS project for the development of a UK-wide electronic health records service, also known as the ‘Spine’, raises many controversial issues and technical challenges concerning the security and confidentiality of patient-identifiable clinical data. As the system will need to be constantly adapted to comply with evolving legal requirements and guidelines, the Spine’s authorisation policy should not be hard-coded into the system but rather be specified in a high-level, general-purpose, machine-enforceable policy language.

We describe a complete authorisation policy for the Spine and related services, written for the trust management system Cassandra, and comprising 375 formal rules. The policy is based on the NHS’s Output-based Specification (OBS) document and deals with all requirements concerning access control of patient-identifiable data, including legitimate relationships, patients restricting access, authenticated express consent, third-party consent, and workgroup management.

Full text

PDF (0.6 MB)

BibTeX record

  author =	 {Becker, Moritz Y.},
  title = 	 {{A formal security policy for an NHS electronic health
         	   record service}},
  year = 	 2005,
  month = 	 mar,
  url = 	 {},
  institution =  {University of Cambridge, Computer Laboratory},
  doi = 	 {10.48456/tr-628},
  number = 	 {UCAM-CL-TR-628}