Title

Medical Information Security: Is it all too hard?

Document Type

Conference Proceeding

Publisher

CSREA Press

Faculty

Computing, Health and Science

School

Computer & Security Science/Security Research Centre (secAU)

RAS ID

10185

Comments

This article was originally published as: Williams, P. H. (2010). Medical Information Security: Is it all too hard? . Proceedings of International Conference on Security and Management 2010. (pp. 644-650). Las Vegas, Nevada, USA. CSREA Press. Conference proceedings available here.

Abstract

The medical information environment has changed dramatically in the past decade with the advent of electronic information exchange and e-health initiatives. With this change have come additional risks to the security of information, particularly to sensitive patient data. Unfortunately, evidence suggests that protection of electronically held patient information is poorly handled in primary care medical practice. Meeting the objectives of best practice security is daunting and in many cases unachievable. A lack of resources, compliance requirements, quality practice and culture are all contributing factors to that need to be addressed and managed. Further, most small organizations do not have IT or security trained personnel and rely on administrative staff to fulfill the security role, which creates considerable exposure of the organization. In seeking solutions, security controls must be contextually relevant and sufficiently practical to allow non-technical staff to implement.