The role of standards in medical information security: an opportunity for improvement

Document Type

Conference Proceeding


Faculty of Computing, Health and Science


School of Computer and Information Science / Centre for Security Research




This article was originally published as: Williams, P. (2006). The role of standards in medical information security: an opportunity for improvement. Proceedings of the 2006 International Conference on Security and Management (pp.415-420) Las Vegas, Nevada, USA. Conference website available here.


Standards are an essential feature in an unregulated field such as computing. Thus, when computing and the healthcare environment are combined, the requirement for standards is imperative. For instance, the combination of sensitive information and mobile technology presents increased complexity in information security. Whilst we have many worldwide standards for information security including OS1 17799, little has been done in interpretation of these to ensure quality. Standards are written for specialists in the field and in the case of information security, for security specialists, yet we expect them to be "read and implemented", by non-technical healthcare staff. This results in the limitation of standards to be easily applied. This paper suggests that a more holistic approach is taken to the development of standards, in which, standards and associated context specific guidelines are developed.