Medical Information Security: Is it all too hard?
Computing, Health and Science
Computer & Security Science/Security Research Centre (secAU)
The medical information environment has changed dramatically in the past decade with the advent of electronic information exchange and e-health initiatives. With this change have come additional risks to the security of information, particularly to sensitive patient data. Unfortunately, evidence suggests that protection of electronically held patient information is poorly handled in primary care medical practice. Meeting the objectives of best practice security is daunting and in many cases unachievable. A lack of resources, compliance requirements, quality practice and culture are all contributing factors to that need to be addressed and managed. Further, most small organizations do not have IT or security trained personnel and rely on administrative staff to fulfill the security role, which creates considerable exposure of the organization. In seeking solutions, security controls must be contextually relevant and sufficiently practical to allow non-technical staff to implement.