test Browse by Author Names Browse by Titles of Works Browse by Subjects of Works Browse by Issue Dates of Works
       

Advanced Search
Home   
 
Browse   
Communities
& Collections
  
Issue Date   
Author   
Title   
Subject   
 
Sign on to:   
Receive email
updates
  
My Account
authorized users
  
Edit Profile   
 
Help   
About T-Space   

T-Space at The University of Toronto Libraries >
Journal of Medical Internet Research >
Volume 3 (2001) >

Please use this identifier to cite or link to this item: http://hdl.handle.net/1807/4609


Title: A Framework for an Institutional High Level Security Policy for the Processing of Medical Data and their Transmission through the Internet
Authors: Ilioudis, Christos
Pangalos, George
Keywords: Original Paper
High Level Security Policies, Internet Security, Security of Health Care Information
Issue Date: 6-Apr-2001
Publisher: Gunther Eysenbach; Centre for Global eHealth Innovation, Toronto, Canada
Citation: Christos Ilioudis, George Pangalos. A Framework for an Institutional High Level Security Policy for the Processing of Medical Data and their Transmission through the Internet. J Med Internet Res 2001;3(2):e14 <URL: http://www.jmir.org/2001/2/e14/>
Abstract: [This item is a preserved copy and is not necessarily the most recent version. To view the current item, visit http://www.jmir.org/2001/2/e14/ ] Background: The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy. Objective: To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information. Methods: We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet. Results: We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information. Conclusions: The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a specific implementation environment. When implemented in specific environments, these principles and guidelines must also be complemented by measures, which are more specific. Even when a High Level Security Policy already exists in an institution, it is advisable that the management of the Health Care Establishment periodically revisits it to see whether it should be modified or augmented.
Description: Reviewer: Della Mea, V
URI: http://hdl.handle.net/1807/4609
ISSN: 1438-8871
Other Identifiers: doi:10.2196/jmir.3.2.e14
Rights: Copyright (cc) Retained by author(s) under a Creative Commons License: http://creativecommons.org/licenses/by/2.0/
Appears in Collections:Volume 3 (2001)

Files in This Item:

File Description SizeFormat
jmir.html40.42 kBHTMLView/Open

Items in T-Space are protected by copyright, with all rights reserved, unless otherwise indicated.

uoft