Difference between revisions of "Security Policy"

From Clinfowiki
Jump to: navigation, search
Line 2: Line 2:
 
[[Security Policy]]
 
[[Security Policy]]
  
 +
According to Barrows (1996) <ref name='Barrows'> Barrows, R. C., & Clayton, P. D. (1996). Privacy, confidentiality, and electronic medical records. Journal of the American Medical Informatics Association, 3(2), 139-148. http://www.ncbi.nlm.nih.gov/pmc/articles/PMC116296/ </ref>, a limitation to information security for health care is the absence of a standardized security policy.
  
<ref name='Barrows'> Barrows, R. C., & Clayton, P. D. (1996). Privacy, confidentiality, and electronic medical records. Journal of the American Medical Informatics Association, 3(2), 139-148. http://www.ncbi.nlm.nih.gov/pmc/articles/PMC116296/ </ref>
+
A security policy is comprised of the following:
 +
 
 +
1. what functions are required of a health information system for a user to accomplish a task
 +
2. security in place to protect the necessary information
 +
3. a protocol and model in place in the event of a security breech
 +
 
 +
Data security policies and standards were developed by the Mayo Clinic/Foundation. <ref name='Mayo'> Information Security Subcommittee, Mayo Clinic/Foundation. Data Security Policies and Standards; September 1994 (provided by Dr. Christopher D. Chute, Section of Medical Information Resources, Mayo Clinic/Foundation, Rochester, MN) </ref>
 +
 
 +
The Columbia-Presbyterian Medical Center <ref name ='CPMC'> Clayton, P. D., Sideli, R. V., & Sengupta, S. (1991). Open architecture and integrated information at Columbia-Presbyterian Medical Center. MD computing: computers in medical practice, 9(5), 297-303. </ref> developed an approach that involved numerous experts that came up with 14 topic areas for which security polices in health information technology should follow.
  
 
<references/>
 
<references/>
 
[[Category:Definition]]
 
[[Category:Definition]]

Revision as of 00:16, 9 April 2015

Security Policy

According to Barrows (1996) [1], a limitation to information security for health care is the absence of a standardized security policy.

A security policy is comprised of the following:

1. what functions are required of a health information system for a user to accomplish a task 2. security in place to protect the necessary information 3. a protocol and model in place in the event of a security breech

Data security policies and standards were developed by the Mayo Clinic/Foundation. [2]

The Columbia-Presbyterian Medical Center [3] developed an approach that involved numerous experts that came up with 14 topic areas for which security polices in health information technology should follow.

  1. Barrows, R. C., & Clayton, P. D. (1996). Privacy, confidentiality, and electronic medical records. Journal of the American Medical Informatics Association, 3(2), 139-148. http://www.ncbi.nlm.nih.gov/pmc/articles/PMC116296/
  2. Information Security Subcommittee, Mayo Clinic/Foundation. Data Security Policies and Standards; September 1994 (provided by Dr. Christopher D. Chute, Section of Medical Information Resources, Mayo Clinic/Foundation, Rochester, MN)
  3. Clayton, P. D., Sideli, R. V., & Sengupta, S. (1991). Open architecture and integrated information at Columbia-Presbyterian Medical Center. MD computing: computers in medical practice, 9(5), 297-303.