Security requirements for electronic patients records: the Norwegian view.

Information security, including secrecy, privacy and data integrity, quality and availability, are fundamental issues when electronic patient records are introduced and used. In this paper we outline the results of a project that KITH carried out on an assignment from the Norwegian Ministry of Health. We describe the general and detailed requirements set up in the project for electronic patient records, and to the hospitals that take such into use. We believe that these requirements are the minimum necessary to give a positive answer to the question of whether electronic patient records can meet all the security-related requirements and intentions given by current regulations. In our work we have focused on secrecy, privacy and data integrity, but also on elaborating requirements that allow a user friendly and suitable implementation of electronic patient record systems.