Generic security policies for healthcare information systems

Abstract

Healthcare Establishments (HCEs) have developed a major dependency on Information and Communications Technologies (ICT) in the last decade. The increasing reliance upon ICT has stressed the need to foster security in Healthcare Information Systems (HIS). Security policies may have a significant contribution to make to this effort, but they could cause portability and inter-operability problems. Moreover, policies that fail to take into account all the aspects of HIS security, the legal and regulatory requirements, and the effect of several stakeholders, may lead to ineffective and inefficient security measures. We argue that policies of a special category, named Generic Security Policies (GSPs), should be developed to provide policy-level harmonization and guidance to policy-makers within HCEs. We have reviewed five policies that appear as candidates and have used the results of this review to compile a set of guidelines for potential developers of GSPs.