资源描述:
《a sustainable approach to security and privacy in health information systems》由会员上传分享,免费在线阅读,更多相关内容在工程资料-天天文库。
1、th18AustralasianConferenceonInformationSystemsSecurity&PrivacyinHealthIS5-7Dec2007,ToowoombaLiuASustainableApproachtoSecurityandPrivacyinHealthInformationSystemsVickyLiu,LaurenMay,WilliamCaelliandPeterCrollFacultyofInformationTechnologyandInformationSecurityInst
2、ituteQueenslandUniversityofTechnology,Brisbane,AustraliaEmail:{v.liu,l.may,w.caelli,croll}@qut.edu.auAbstractThispaperidentifiesanddiscussesrecentinformationprivacyviolationsorweaknesseswhichhavebeenfoundinnationalinfrastructuresystemsinAustralia,theUnitedKingdo
3、m(UK)andtheUnitedStatesofAmerica(USA),twoofwhichinvolvedepartmentsofhealthandsocialservices.Thefeasibilityofhealthinformationsystems(HIS)baseduponintrinsicallymoresecuretechnologicalarchitecturesthanthoseingeneraluseintoday'smarketplaceisinvestigated.Weproposeav
4、iableandsustainableITsolutionwhichaddressestheprivacyandsecurityconcernsatalllevelsinHISwithafocusontrustworthyaccesscontrolmechanisms.KeywordsAccesscontrol,trustedsystems,informationassurance,healthinformationsystemsIntroductionToday’sserviceindustrieswouldrega
5、rdinformation,computerandtelecommunication(ICT)technologiesaspartoftheircriticalinfrastructure.Althoughsomesectorssuchashealthcare,havebeenslowintheiradoptionofICT,itisevidenttheyareworkingtowardsafuturewhereICTtechnologieswillbebothwidespreadandessential.Theuse
6、ofcomputer-basedinformationsystemsandassociatedtelecommunicationsinfrastructuretoprocess,transmitandstorehealthinformationplaysanincreasinglysignificantroleintheimprovementofqualityandproductivityinhealthcare.Notwithstandingtheobviouspotentialadvantagesofdeployi
7、ngICTinhealthcareservices,therearesomeconcernsassociatedwithintegrationofandaccesstoelectronichealthrecords.Informationstoredwithinelectronichealthsystemsishighlysensitivebyitsverynature,thereforehealthrecordshaveclearrequirementsforconfidentialityinordertosafeg
8、uardpersonalprivacyandtomaintainrecordintegrity.Asecurityviolationinahealthinformationsystem(HIS),suchasanunauthoriseddisclosureorunauthorisedalterationofindividualhe