Affiliation:
1. St. Andrew General Hospital, Greece
Abstract
Since Hospital Information Systems (HIS) are designed to support doctors and healthcare professionals in their daily activities, information security plays a vital role in managing access control. Efficiency and effectiveness of information security policy is crucial, especially when dealing with situations that affect the status and life-history of the patient. In addition, the rules and procedures to follow, in order to provide confidentiality of sensitive information, have to focus on management of events on any table of the HIS. On the other hand, control and statement constraints, as well as events and security auditing techniques, play also an important role, due to the heterogeneity of healthcare professionals’ roles, actions and physical locations, as well as to the specific characteristics and needs of the healthcare organizations. This chapter will first explore issues in managing access control and security of healthcare information by reviewing the possible threats and vulnerabilities as well as the basic attributes of the hospital’s security plan. The authors will then present a hierarchical access model that, from a security policy perspective, refers to data ownership and access control issues. The authors conclude the chapter with discussions of upcoming security issues.