Abstract
Purchase PDF (995 K)
E-mail Article
Add to my Quick Links
Cited By in Scopus (4)
Purchase PDF (497 K)
doi:10.1016/S0167-4048(97)00009-6 
Copyright © 1997 Published by Elsevier Science Ltd.
Refereed paper
A baseline security policy for distributed healthcare information systems
Dimitris Gritzalis
Available online 9 June 1998.
References and further reading may be available for this article. To view references and further reading you must purchase this article.
Abstract
In this paper, the need for identifying and analyzing the generic security characteristics of a healthcare information system is, first, demonstrated. The analysis of these characteristics is based upon a decision-support roadmap. The results from this profiling work are then analyzed in the light of the fact that more than 1000 accidental deaths happened due to computer system failures. As a result of this analysis, a set of recommendations is drawn up, leading to the development of a baseline security policy for healthcare institutions. Such a policy should be flexible enough to reflect the local needs, expectations and user requirements, as well as strict enough to comply with international recommendations. An example of such a baseline policy is then provided. The policy refers to a given security culture and has been based upon an abstract approach to the security needs of a healthcare institution.
Author Keywords: information security; information security policy; Healthcare Information Systems
