Sandell Protik
Z-Tech Corp., Rockville, MD, USA.
J Healthc Inf Manag. 2007 Spring;21(2):34-40.
If appropriate security mechanisms aren't in place, individuals and groups can get unauthorized access to personal health data residing in clinical decision support systems (CDSS). These concerns are well founded; there has been a dramatic increase in reports of security incidents. The paper provides a framework for securing personal health data in CDSS. The framework breaks down CDSS into data gathering, data management and data delivery functions. It then provides the vulnerabilities that can occur in clinical decision support activities and the measures that need to be taken to protect the data. The framework is applied to protect the confidentiality, integrity and availability of personal health data in a decision support system. Using the framework, project managers and architects can assess the potential risk of unauthorized data access in their decision support system. Moreover they can design systems and procedures to effectively secure personal health data.
如果没有适当的安全机制,个人和团体可能会未经授权访问临床决策支持系统(CDSS)中存储的个人健康数据。这些担忧是有充分根据的;安全事件的报告数量急剧增加。本文提供了一个保护CDSS中个人健康数据安全的框架。该框架将CDSS分解为数据收集、数据管理和数据交付功能。然后它指出了临床决策支持活动中可能出现的漏洞以及保护数据所需采取的措施。该框架用于保护决策支持系统中个人健康数据的保密性、完整性和可用性。通过使用该框架,项目经理和架构师可以评估其决策支持系统中未经授权的数据访问潜在风险。此外,他们可以设计系统和程序来有效保护个人健康数据。
