A standards-based security model for health information systems

Abstract

In the healthcare environment, various types of patient information are stored in electronic format. This prevents the re-entering of information that was captured previously. In the past this information was stored on paper and kept in large filing cabinets. However, with the technology advancements that have occurred over the years, the idea of storing patient information in electronic systems arose. This led to a number of electronic health information systems being created, which in turn led to an increase in possible security risks. Any organization that stores information of a sensitive nature must apply information security principles in order to ensure that the stored information is kept secure. At a basic level, this entails ensuring the confidentiality, integrity and availability of the information, which is not an easy feat in today’s distributed and networked environments. This paved the way for organized standardization activities in the areas of information security and information security management. Throughout history, there have been practices that were created to help “standardize” industries of all areas, to the extent that there are professional organizations whose main objective it is to create such standards to help connect industries all over the world. This applies equally to the healthcare environment, where standardization took off in the late eighties. Healthcare organizations must follow standardized security measures to ensure that patient information stored in health information systems is kept secure. However, the proliferation in standards makes it difficult to understand, adopt and deploy these standards in a coherent manner. This research, therefore, proposes a standards-based security model for health information systems to ensure that such standards are applied in a manner that contributes to securing the healthcare environment as a whole, rather than in a piecemeal fashion