Skip header and navigation

Refine By

1 records – page 1 of 1.

A framework for an institutional high level security policy for the processing of medical data and their transmission through the Internet.
J Med Internet Res. 2001 Apr-Jun;3(2):E14
Publication Type
C. Ilioudis
G. Pangalos
Author Affiliation
Informatics Laboratory, Faculty of Technology, Aristotle University of Thessaloniki, Thessaloniki, 54006, Greece;
J Med Internet Res. 2001 Apr-Jun;3(2):E14
Publication Type
Access to Information - legislation & jurisprudence
Computer Security - legislation & jurisprudence - standards
Confidentiality - standards
Databases as Topic - classification - legislation & jurisprudence
Education, Professional - legislation & jurisprudence
Guidelines as Topic
Informed Consent - legislation & jurisprudence
Internet - standards
Medical Informatics Computing - legislation & jurisprudence - standards
Medical Records Systems, Computerized - standards
Organizational Policy
Patient Rights - legislation & jurisprudence
Quality of Health Care - legislation & jurisprudence
United States
The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy.
To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information.
We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet.
We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information.
The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a specific implementation environment. When implemented in specific environments, these principles and guidelines must also be complemented by measures, which are more specific. Even when a High Level Security Policy already exists in an institution, it is advisable that the management of the Health Care Establishment periodically revisits it to see whether it should be modified or augmented.
Cites: Med Inform Internet Med. 2000 Oct-Dec;25(4):265-7311198188
PubMed ID
11720956 View in PubMed
Less detail