This paper proposes a security model which is generic enough to cover all the diversity of Health Care Computing and Communication Systems (HCCS). One of the aims of this model is to facilitate the HCCS interoperability, with a sufficient flexibility to take into account any improvement or change in the security policy. This model achieves a good compromise between the respect of the least privilege principle and the flexibility of the access control, in order to facilitate the healthcare professional work, while preserving patient interests, according to national and European legislation. To make security policy management easier and cope with access right complexity, the model is based on two concepts: roles and groups of objects. It also defines precisely the various types of contexts that can exist in really distributed and cooperative systems such as HCCS. This model describes the HCCS security policy in an expressive and simple specification language, which is based on deontic logic.
