The ISHTAR guidelines for healthcare security
Data security is now recognised as an important issue in healthcare information systems and, as such, a number of relevant guidelines have been produced. However, the range of available sources means that a standardised approach to security between establishments is unlikely. In addition, the majority of known approaches are paper-based and do not lend themselves to easy reference or ad hoc queries in relation to specific issues. As a result, whilst appropriate guidelines are available, it is frequently the case that they are not fully utilised.Furnell SM, Davey J, Gaunt PN, Louwerse CP, Mavroudakis K, Treacher AH
This paper focuses upon efforts that have been made to resolve these problems through the development of an electronic database of healthcare security guidelines. This aims to provide a comprehensive resource, utilising information from a number of sources, built upon a foundation of previous guidelines developed in European research. The discussion addresses the background, implementation and advantages of the new approach. It is also recognised that the provision of a database alone will not totally overcome the issue of security awareness and training. As such, brief details of other supporting initiatives, including training programmes, an incident reporting scheme and a WWW service, are also provided.
The paper is based upon work that has been conducted as part of the ISHTAR (Implementing Secure Healthcare Telematics Applications in euRope) project, under the European Commission?s Telematics Applications for Health research programme.