Difference between revisions of "Security Policy"
From Clinfowiki
(2 intermediate revisions by one user not shown) | |||
Line 1: | Line 1: | ||
[[Security Policy]] | [[Security Policy]] | ||
+ | |||
+ | According to Barrows (1996) <ref name='Barrows'> Barrows, R. C., & Clayton, P. D. (1996). Privacy, confidentiality, and electronic medical records. Journal of the American Medical Informatics Association, 3(2), 139-148. http://www.ncbi.nlm.nih.gov/pmc/articles/PMC116296/ </ref>, a limitation to information security for health care is the absence of a standardized security policy. | ||
+ | |||
+ | A security policy is comprised of the following: | ||
+ | |||
+ | * What functions are required of a health information system for a user to accomplish a task | ||
+ | * Security in place to protect the necessary information | ||
+ | * A protocol and model in place in the event of a security breech | ||
+ | |||
+ | Data security policies and standards were developed by the Mayo Clinic/Foundation. <ref name='Mayo'> Information Security Subcommittee, Mayo Clinic/Foundation. Data Security Policies and Standards; September 1994 (provided by Dr. Christopher D. Chute, Section of Medical Information Resources, Mayo Clinic/Foundation, Rochester, MN) </ref> | ||
+ | |||
+ | The Columbia-Presbyterian Medical Center <ref name ='CPMC'> Clayton, P. D., Sideli, R. V., & Sengupta, S. (1991). Open architecture and integrated information at Columbia-Presbyterian Medical Center. MD computing: computers in medical practice, 9(5), 297-303. </ref> developed an approach that involved numerous experts that came up with 14 topic areas for which security polices in health information technology should follow. | ||
+ | |||
+ | * User authentication | ||
+ | * Physical security of data center sites | ||
+ | * Access control to system resources | ||
+ | * Data ownership | ||
+ | * Data protection policies | ||
+ | * Building security into systems | ||
+ | * Security of hard copy materials | ||
+ | * Systems integrity | ||
+ | * User profiles | ||
+ | * Legal and liability issues | ||
+ | * Problem identification and resolution | ||
+ | * Network security | ||
+ | * Informed consent | ||
+ | * Education of users | ||
− | |||
<references/> | <references/> | ||
[[Category:Definition]] | [[Category:Definition]] |
Latest revision as of 00:19, 9 April 2015
Security Policy
According to Barrows (1996) [1], a limitation to information security for health care is the absence of a standardized security policy.
A security policy is comprised of the following:
- What functions are required of a health information system for a user to accomplish a task
- Security in place to protect the necessary information
- A protocol and model in place in the event of a security breech
Data security policies and standards were developed by the Mayo Clinic/Foundation. [2]
The Columbia-Presbyterian Medical Center [3] developed an approach that involved numerous experts that came up with 14 topic areas for which security polices in health information technology should follow.
- User authentication
- Physical security of data center sites
- Access control to system resources
- Data ownership
- Data protection policies
- Building security into systems
- Security of hard copy materials
- Systems integrity
- User profiles
- Legal and liability issues
- Problem identification and resolution
- Network security
- Informed consent
- Education of users
- ↑ Barrows, R. C., & Clayton, P. D. (1996). Privacy, confidentiality, and electronic medical records. Journal of the American Medical Informatics Association, 3(2), 139-148. http://www.ncbi.nlm.nih.gov/pmc/articles/PMC116296/
- ↑ Information Security Subcommittee, Mayo Clinic/Foundation. Data Security Policies and Standards; September 1994 (provided by Dr. Christopher D. Chute, Section of Medical Information Resources, Mayo Clinic/Foundation, Rochester, MN)
- ↑ Clayton, P. D., Sideli, R. V., & Sengupta, S. (1991). Open architecture and integrated information at Columbia-Presbyterian Medical Center. MD computing: computers in medical practice, 9(5), 297-303.