Title

The role of standards in medical information security: an opportunity for improvement

Document Type

Conference Proceeding

Faculty

Computing, Health and Science

School

Computer and Information Science, Centre for Security Research

RAS ID

4182

Comments

This article was originally published as: Williams, P. (2006). The role of standards in medical information security: an opportunity for improvement. Proceedings of the 2006 International Conference on Security and Management (pp.415-420) Las Vegas, Nevada, USA. Conference website available here.

Abstract

Standards are an essential feature in an unregulated field such as computing. Thus, when computing and the healthcare environment are combined, the requirement for standards is imperative. For instance, the combination of sensitive information and mobile technology presents increased complexity in information security. Whilst we have many worldwide standards for information security including OS1 17799, little has been done in interpretation of these to ensure quality. Standards are written for specialists in the field and in the case of information security, for security specialists, yet we expect them to be "read and implemented", by non-technical healthcare staff. This results in the limitation of standards to be easily applied. This paper suggests that a more holistic approach is taken to the development of standards, in which, standards and associated context specific guidelines are developed.