Document Type

Journal Article


Association of Digital Forensics, Security and Law


Faculty of Computing, Health and Science


School of Computer and Information Science




Williams, P. (2007). Information Governance: A Model for Security in Medical Practice. Journal of Digital Forensics, Security and Law. Vol 2(1): 57-73. Available here


Information governance is becoming an important aspect of organisational accountability. In consideration that information is an integral asset of most organisations, the protection of this asset will increasingly rely on organisational capabilities in security. In the medical arena this information is primarily sensitive patient-based information'. Previous research has shown that application of security measures is a low priority for primary care medical practice and that awareness of the risks are seriously underestimated. Consequently, information security governance will be a key issue for medical practice in the future. Information security governance is a relatively new term ,and there is little existing research into how to meet 'governance requirements. The limited research that exists describes information security governance frameworks at a strategic level. However, since medical practice is already lagging in the implementation of appropriate security, such definition may not be practical although it is obviously desirable. This paper describes an ongoing action research project undertaken in the area of medical information security, and presents a tactical approach model aimed at addressing information security governance and the protection of medical data.

Creative Commons License

Creative Commons Attribution 4.0 License
This work is licensed under a Creative Commons Attribution 4.0 License.