Information Technology Reference
In-Depth Information
The increased mobility of patients and doctors, in conjunction with the existence of
medical groups consisting of medical doctors, hospitals, medical centers and insur-
ance companies, pose significant difficulties on the management of patients' medical
data. Inevitably this will affect the quality of the health care services provided except
if an efficient co-operation scheme among health organizations is established.
Moreover, it is a normal procedure today that several HCE maintain a common da-
tabase for collecting and processing information (e.g. cancer registers, diabetic regis-
ters, etc.) for research or educational purposes. Although the “need” and “trend” for
co-operation is clear and well understood, things are not straightforward due to factors
such as the different cultures of different countries, the incompatibility of healthcare
systems, or certain deviations in legislation.
Co-operation among HIS requires: (a) interoperability and (b) equivalent security
and privacy levels. The work on the development of standards has a significant con-
tribution towards HIS interoperability, through the provision of common message
formats and medical record architectures.
However, security issues may hinder HIS co-operation. Conflicting security poli-
cies may result in diminished interoperability and lack of trust. For example, a re-
quirement of some HCE may be that all transmission of medical data through com-
puter networks should be encrypted, whilst this is not the case for other HCE, or it is
put on the basis of a different cryptosystem. On top of that, HCE would only accept to
exchange sensitive medical data between them or with other organizations, if and only
if the corresponding security policies ensure an equivalent level of protection.
1.2
Current Practice
The approach currently adopted by most organizations is to build customized security
policies, which reflect their needs by extending the principles and guidelines sug-
gested by generic security policies. Generic security policies [1] comprise of princi-
ples and abstract guidelines for protecting information systems. These policies, how-
ever, do not take into account the special technological and organizational context of
each information system. Therefore, the generic policies should be further analyzed so
as to provide for a system-specific security policy. Therefore, the purpose of a generic
security policy is only to provide a baseline level of privacy and security.
Since the specific rules and measures included in each security policy are different,
several conflicts may arise. Moreover, the level of protection provided by each of the
system-specific security policies may differ significantly. It is, therefore, possible that
the level of mutual trust is diminished and the exchange of information among HIS is
obstructed. For the above reasons, it is necessary to develop mechanisms for compar-
ing and analyzing security policies and detecting and resolving conflicts [2].
2
The Meaning and Nature of Security Policies
The term security policy refers to a variety of conceptual constructs, such as formal
models, generic principles, or strategic security goals. In our perspective, the core
component of a security policy is a set of compulsory guidelines and rules. Guidelines
describe the measures to be taken for the protection of an IS. They usually take the
form of authoritative statements, i.e. policy statements.
