Towards a practical healthcare information security model for healthcare institutions

In recent years, a number of countries have introduced plans for national electronic patient record (EPR) systems. This paper argues that, in the near future, both patients and healthcare stakeholders will be able to access medical records from WWW-based EPR systems. We contend that the primary impediment to the successful implementation and widespread uptake of the EPR concept is the fact that current healthcare information security (HIS) applications are not sufficiently robust. This paper identifies two main Information Security technologies: 1) Public key infrastructure (PKI) and 2) Biometrics that hold a lot of promise in a healthcare context. The key contribution of this paper is to propose a novel multi-layered HIS framework based on a combination of PKI, Smartcard and Biometrics technologies. We argue that this new HIS framework could assist healthcare institutions to provide a truly secure infrastructure for the electronic transmission of clinical data in the future. This paper also makes a case for the creation of a new nodal HIS body because existing information security bodies like the Forum of Incident Response and Security Teams are for general-purpose organizations and not specifically suited for the healthcare sector.

[1]  R. Perrin Biometrics technology adds innovation to healthcare organization security systems. , 2002, Healthcare financial management : journal of the Healthcare Financial Management Association.

[2]  Anne E. James,et al.  Telehealth systems: considering knowledge management and ICT issues , 2001, 2001 Conference Proceedings of the 23rd Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[3]  Y Etheridge PKI (public key infrastructure)--how and why it works. , 2001, Health management technology.

[4]  J T Lynch,et al.  Mega enterprise chooses smart cards. , 2000, Health management technology.

[5]  Cox Jl Security impacts physicians ... as well as developers. How software companies are coping with EMR security needs. , 2000 .

[6]  A Vecchio More alphabet soup? No, thank you, I'm full. , 2000, Health management technology.

[7]  T. Hemmings PKI: up close and personal. , 2000, Health management technology.

[8]  M. Cross Europe's wrestling with electronic patient record , 2000 .

[9]  K. Guenther Wanted: a new healthcare E-dentity. , 1999, Health management technology.

[10]  J. Harney Virtual document management , 1999 .