Difference between revisions of "Security Policy"
From Clinfowiki
Line 2: | Line 2: | ||
[[Security Policy]] | [[Security Policy]] | ||
+ | According to Barrows (1996) <ref name='Barrows'> Barrows, R. C., & Clayton, P. D. (1996). Privacy, confidentiality, and electronic medical records. Journal of the American Medical Informatics Association, 3(2), 139-148. http://www.ncbi.nlm.nih.gov/pmc/articles/PMC116296/ </ref>, a limitation to information security for health care is the absence of a standardized security policy. | ||
− | <ref name=' | + | A security policy is comprised of the following: |
+ | |||
+ | 1. what functions are required of a health information system for a user to accomplish a task | ||
+ | 2. security in place to protect the necessary information | ||
+ | 3. a protocol and model in place in the event of a security breech | ||
+ | |||
+ | Data security policies and standards were developed by the Mayo Clinic/Foundation. <ref name='Mayo'> Information Security Subcommittee, Mayo Clinic/Foundation. Data Security Policies and Standards; September 1994 (provided by Dr. Christopher D. Chute, Section of Medical Information Resources, Mayo Clinic/Foundation, Rochester, MN) </ref> | ||
+ | |||
+ | The Columbia-Presbyterian Medical Center <ref name ='CPMC'> Clayton, P. D., Sideli, R. V., & Sengupta, S. (1991). Open architecture and integrated information at Columbia-Presbyterian Medical Center. MD computing: computers in medical practice, 9(5), 297-303. </ref> developed an approach that involved numerous experts that came up with 14 topic areas for which security polices in health information technology should follow. | ||
<references/> | <references/> | ||
[[Category:Definition]] | [[Category:Definition]] |
Revision as of 00:16, 9 April 2015
Security Policy
According to Barrows (1996) [1], a limitation to information security for health care is the absence of a standardized security policy.
A security policy is comprised of the following:
1. what functions are required of a health information system for a user to accomplish a task 2. security in place to protect the necessary information 3. a protocol and model in place in the event of a security breech
Data security policies and standards were developed by the Mayo Clinic/Foundation. [2]
The Columbia-Presbyterian Medical Center [3] developed an approach that involved numerous experts that came up with 14 topic areas for which security polices in health information technology should follow.
- ↑ Barrows, R. C., & Clayton, P. D. (1996). Privacy, confidentiality, and electronic medical records. Journal of the American Medical Informatics Association, 3(2), 139-148. http://www.ncbi.nlm.nih.gov/pmc/articles/PMC116296/
- ↑ Information Security Subcommittee, Mayo Clinic/Foundation. Data Security Policies and Standards; September 1994 (provided by Dr. Christopher D. Chute, Section of Medical Information Resources, Mayo Clinic/Foundation, Rochester, MN)
- ↑ Clayton, P. D., Sideli, R. V., & Sengupta, S. (1991). Open architecture and integrated information at Columbia-Presbyterian Medical Center. MD computing: computers in medical practice, 9(5), 297-303.