This article looks at the development in the increasing use of medical records in the Danish Courts as well as outside the courts in cases of personal injury. The Danish Supreme Court puts the presence of all material above the protection of the confidential relationship between doctor and patient. It is not yet clear to what extent the use of medical records will be accepted. This development raises questions regarding legal security for patients and sets higher requirements for medical and legal personnel. Medical records give important testimony in cases regarding personal injury. It is therefore important for medical personnel to be aware of the content of the medical record, as it might be used and interpreted in the courtroom in a different manner than intended.
In health care, it is mandatory to maintain the privacy and confidentiality of medical data. To achieve this, a fine-grained access control and an access log for accessing medical images are two important aspects that need to be considered in health care systems. Fine-grained access control provides access to medical data only to authorized persons based on priority, location, and content. A log captures each attempt to access medical data. This article describes an overall middleware infrastructure required for secure access to Digital Imaging and Communication in Medicine (DICOM) images, with an emphasis on access control and log maintenance. We introduce a hybrid access control model that combines the properties of two existing models. A trust relationship between hospitals is used to make the hybrid access control model scalable across hospitals. We also discuss events that have to be logged and where the log has to be maintained. A prototype of security middleware infrastructure is implemented.