Improving security policy coverage in healthcare

Abstract

With the adoption of Electronic Medical Records (EMRs), an increasing number of health-related Web applications are now available to consumers, providers and partners. While this transformation offers huge benefits, there are security and privacy concerns integral to the process of electronic healthcare delivery. In this work, the authors first survey the body of evidence to emphasize the design of appropriate security solutions for electronic healthcare applications. The successful solutions will always comply with the prime directive of healthcare - "nothing should interfere with delivery of care" (Grandison and Davis, 2007). The authors then formally present the problem of reconciling security and privacy policies with the actual healthcare workflow, which we refer to as the policy coverage problem. They outline a technical solution to the problem based on the concept of policy refinement, and develop a privacy protection architecture called PRIMA. They also offer guidelines for electronic healthcare applications to ensure adequate policy coverage. The ultimate goal is that electronic healthcare applications should be made secure without compromising usability. © 2011, IGI Global.