[ Changed 2nd December 1998 ]
Information systems security represents a significant issue within the modern healthcare environment. Information technology now pervades virtually all aspects of operation and care provision, with a consequent need arising to preserve the confidentiality, integrity and availability of systems and data. The security policy is an essential element in ensuring that a consistent approach can be enforced and maintained across the establishment. I will discuss the areas that should be encompassed by any policy, as well as the typical constraints of the healthcare environment that may limit the practical approach. A further important consideration is how to ensure that all staff will know and observe the policy. I will address this through a discussion of security training and awareness initiatives.
The presentation will make significant reference to work that has been conducted at the European level, in particular the ISHTAR (Implementing Secure Healthcare Telematics Applications in Europe) project in which I have been involved under the EU `Telematics Applications for Health' programme.