A holistic perspective on models for medical information security

Document Type

Conference Proceeding




Faculty of Computing, Health and Science


School of Computer and Information Science / Centre for Security Research




Williams, P. (2007). A holistic perspective on models for medical information security. SAM 2007 Proceedings of the International Conference on Security and Management (pp. 510-519). Las Vegas: CSREA Press. Original conference website available here


There are many models of security both conceptual and technically 'specific. These models can be categorized by either their protection objective or by the process they follow. In recent years there bas been a wider acceptance that information systems need a more holistic approach. However, these holistic models lack the ability to be straightforwardly transferable into specific context in enough detail to be easily adopted into, the technical environment. Subsequently, models for medical security have been developed but these models suffer from being too technically based for adoption into a nontechnical environment. Whilst security models for information exchange require this level of technicality, it makes them unsuitable for use in an overall information systems context. Thus, risk assessment has been used extensively in research solutions for medical information security. These' models are discussed to highlight that no one model is at a sufficiently low level of sophistication to be integrated into general medical practice workflow. Consequently, a new holistic perspective of information security is required to be relevant in the general medical practice environment.