Data security in medical information systems: technical aspects of a proposed legislation.

This paper analyses the results of a recent survey performed among medical establishment personnel in Greece, evaluates information security legislation existing in other countries and incorporates guidelines of international societies to propose principles governing a future legal framework. Furthermore, it presents a design methodology for designing secure information systems and provides an example of the use of this methodology in designing a database oriented secure medical information system with access rights incorporated.