835 Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited. Chapter 38 DOI: 10.4018/978-1-4666-2919-6.ch038 INTRODUCTION This chapter considers perhaps the most impor- tant topic in the acceptance of Information and Communication Technology (ICT) systems in healthcare. This topic covers the security from unauthorized access, the secure availability, the trust and the privacy protection of the HIS. The issues are discussed and a model access system – implemented in a Greek hospital – is presented. By understanding the key challenges and adopt- ing strategies to improve security control policy between the user and the data of the HIS, hospi- Efstratia Mourtou St. Andrew General Hospital, Greece Modeling Access Control in Healthcare Organizations ABSTRACT Since Hospital Information Systems (HIS) are designed to support doctors and healthcare professionals in their daily activities, information security plays a vital role in managing access control. Efciency and efectiveness of information security policy is crucial, especially when dealing with situations that afect the status and life-history of the patient. In addition, the rules and procedures to follow, in order to provide confdentiality of sensitive information, have to focus on management of events on any table of the HIS. On the other hand, control and statement constraints, as well as events and security audit- ing techniques, play also an important role, due to the heterogeneity of healthcare professionals’ roles, actions and physical locations, as well as to the specifc characteristics and needs of the healthcare or- ganizations. This chapter will frst explore issues in managing access control and security of healthcare information by reviewing the possible threats and vulnerabilities as well as the basic attributes of the hospital’s security plan. The authors will then present a hierarchical access model that, from a security policy perspective, refers to data ownership and access control issues. The authors conclude the chapter with discussions of upcoming security issues.