Medical insecurity: when one size does not fit all

Document Type

Conference Proceeding


Computing, Health and Science


Computer and Information Science, Centre for Security Research




This article was originally published as: Williams, P. (2007). Medical insecurity: when one size does not fit all. Proceedings of the 5th Australian Information Security Management Conference (pp. 226-233). Perth, Western Australia. : SECAU _ Security Research Centre, ECU. Original article available here


Security is most commonly seen as a business concept. This is one, reason for the poor uptake and implementation of standard security processes in non-business environments such as general medical practice. It is clear that protection of sensitive patient information is imperative yet the overarching conceptual business processes required to ensure this protection are not well suited to this context. The issue of sensitivity of information. together with the expectation that security can be effectively implemented by non-security trained professionals creates an insecure environment. The general security processes used by business, including those for risk assessment, are difficult to operationally put into practice in the medical environment and this one-sizefits- all approach is shown to be ineffective. Therefore more explicit models are required which provide contextually relevant guidance and can be implemented within the capability of those using them.