Faculty of Information Technology at the Queensland University Australia, have written this article to point out the need to change the method of access control in the current health care environment. They have introduced this method keeping in the mind the latest information technology system structures, legal and regulatory requirements and the demands of security operation in the Health Information Systems. The authors have proposed "Open and Trusted Health Information System" as the feasible solution along with the capability to dominate the provision of appropriate levels of secure access control in order to protect the sensitive health data.
Healthcare Information Systems
Faculty of Information Technology at the Queensland University Australia, have written this article to point out the need to change the method of access control in the current health care environment. They have introduced this method keeping in the mind the latest information technology system structures, legal and regulatory requirements and the demands of security operation in the Health Information Systems. The authors have proposed "Open and Trusted Health Information System" as the feasible solution along with the capability to dominate the provision of appropriate levels of secure access control in order to protect the sensitive health data.
Authors have also pointed out what is the problem with NEHTA work programs. NEHTA focuses on securely and reliably exchanging the clinical information with the help of electronic means and secure messaging technology. Authors have raised an important issue that these critical health information computer systems are openly connected to the internet and make "cyber attacks" possible for the attackers.
The authors are very much correct on the point that health care is a very intensive and informative business. The purpose of combining electronic health information and communication technology is to create a system which helps in the decision making process and at the same time facilitates knowledge sharing, safety and quality. However, creating such a system through technological development of an interface is not enough, because if confidential information is not secured than its consequences will be a lot more than its benefits. Authors have given a very detailed explanation about this issue in detail that if the hardware facilities of the computer is not secure than the operating system itself cannot be secure because it is not possible to get security at the higher level if there is no function security at lower level. Therefore it is very essential to protect such information from the privacy threats and the security hazards.
Keeping in mind, this problem, authors suggest that a complete architecture is needed for securing this data and not just a secure messaging system is enough for maintaining the security. Therefore they have come up with "Open and Trusted Health Information Systems (OTHIS)" which is a proper architecture and assures the privacy protection and security for the health system in "end to end" manner. They have introduced this architecture in addition to the current work which is performed in the Health Information System security areas. They have come up with an approach with a trusted operating system which has the capacity to provide a great solution for the protection of data in the health care environment. OTHIS has following features:
It is an holistic approach to the Health Information Systems and in accordance with the legal requirements
It is an open architecture
It is made by trusted firmware and hardware bases
It is modularized architecture
Authors have also defined the use of Health Informatics Access Control (HIAC) and its different models, which also include HIAC which is a MAC-based model and others. OTHIS focuses on adopting the reasonable security strategies against the realities by using the open solution technologies like SELinux instead of using proprietary technologies. The authors also claim that adopting the proper security technologies which also include Flexible MAC oriented operating system bases can satisfy the security requirements. In my opinion of the main problem with using such open technologies is the level of complexity in policy configuration and it is actually beyond the expertise level of the people managing these technologies in the health related organzaitions. Therefore organizations will have to hire special people to handle this data and manage the system.
Second thing, the authors did not perform a quantitative research by collecting a sample and using their model on a health care unit to find out how their model works. Quantitative research helps in finding out if the assumed idea is really helpful; doing quantitative research would have helped authors in finding out how useful is their approach and if it really resists the access of information data from privacy threats. Analysis conducted and conclusion made in the article is made on the basis of qualitative research and assumptions by the authors. A detailed research was not conducted by the authors, therefore conclusions made on this research cannot be considered to be always true.
You’re 85% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.