Biomedical Engineering Reference
In-Depth Information
with noncompliance to the statutory requirements for protection of privacy. It
is critical to distinguish privacy from security: Privacy is concerned with per-
sonal control of the collection, use, and disclosure of personal information,
while security is concerned with control of access to assets (information and
resources) that are used in a business context. Security is an important part of
privacy as security is an essential building block for the implementation of
privacy policies. If privacy of health-related information (e.g., the protected
health information defi ned by the HIPAA of the United States) is compro-
mised, for instance, we are talking about bankruptcy of an organization that
is very healthy in all other aspects of business and about criminal prosecution
of the C-level executives of that organization.
The biggest challenge with privacy compliance is limiting the use of personal
information to the intended purposes stated originally at the time of collection.
In addition, protection of individual identity becomes a bigger challenge in
this information age when our daily life depends on digital information.
The traditional IT security model focuses on physically securing computers
and protecting users from outsiders attempting to access computers and data
in an organization. The premises behind the traditional IT security model are
that selected people within an organization can be fully trusted, security
threats are outside the organization, and masquerading computer systems is
practically impossible. However, traditional assumptions are no longer valid
due to technological changes, such as powerful portable computers and high-
speed global computer networks. As a result, the traditional security model
cannot ensure confi dentiality and personal privacy or conform to the statutory
requirements.
With the ubiquitous adoption of the Internet and the globalization of the
marketplace, corporations around the world face a new challenge for protect-
ing their assets. Corporations convert and maintain data in electronic format
to be shared among the business units and business partners around the world
to conduct business in the global marketplace with leverage of the Internet.
Consequently, the majority of intellectual properties exist in digital format.
Protection of corporate intellectual property is becoming a real challenge,
especially because the people who are trusted and charged with safeguarding
the corporate assets, such as IT managers, CIOs, and CTOs, are engaging in
acts of digital espionage.
There are three aspects of security:
• Physical security (e.g., locks for buildings, badge access to secure rooms)
• Logical security (e.g., passwords for computers or networks, smart cards)
• Operational policies and procedures (e.g., oath of offi ce, management
approval)
Adequately protecting assets and assuring personal privacy require atten-
tion. Technology protection is just one aspect of security. Logical security plays
a major role in ensuring that proper access and security policies are enforced.
Physical security is as important as (if not more important than) logical
Search WWH ::
Custom Search