Therefore we can see that confidentiality is a major concerns with electronic health information system.
Healthcare sector sometimes spend a lot of effort to protect the computer system against on glamorous but low probability external threat such as hacking attacks and often neglect that the most likely source of patient’s confidentially breach - that is from within the organisation.
Security threats should always be prevented from within as well as from outside the organisation.
For a holistic approach, we should look at information security from 3 aspects – technology, process and people.
Technology will embrace what we have mentioned earlier under system security – the use of technological advances in hardware and software to protect against security threat.
Process – would involve developing well thought out procedure and protocol when using the information systems.
Such as
Having a workflow that minimise the leakage of patient information
Having an access control list naming who can access what.
Having user names and passwords
log user daily activities to ensure accountability and tracebility of all accesses.
Have regular independent audits also ensure users are aware of the hospitals policies and seriousness in security and confidentiality and so on.
Simple protocols such as not opening x-ray images in the presence of non-staff and immediately closing the x-ray images once viewing are done are example of good work process that can goes a long way in information security.
Last but not least, people, the most important factor in determining the success and failure of a information security system.
The best system and procedure in the world is only as good as the people who used it.
Therefore, staff training is very important component in information security. Staff should be well-versed with the confidentiality safeguard procedure and understand the importance of maintaining patient confidentially.
However knowing is not enough, the people must practice what they know. Therefore, organisations should develop a good organisation culture where all staff respect patient privacy, take a serious view on information security and adhere to the confidentiality safeguard procedures.
Back to main security