System Security Functions: Introduction
- Ernst & Young Security Survey: Almost 50% of respondents rated information security issues as "less than important." (1)
- Part of the development of a client/server system is an analysis of the threats to information security, and possible steps that can be taken to mitigate these threats.
- Information security is defined as ". . . a set of technical and administrative procedures designed to protect data systems against unwarranted disclosure, modification, or destruction and to safeguard the system itself."(2)
Goals of information security are:
- Maintain the integrity of the data under the project's stewardship
- Make the data available easily to legitimate users
- Ensure the privacy and appropriate use of patient data (2)
Tradeoff: information security and ease of access
Goals of a state-wide Electronic Surveillance System are:
- Have the right individuals (or reporting sources) reporting the right information
- Have current technology for data collection and analysis
- Be enabled to identify emerging infections
- Integrate and coordinate the functions of state laboratories and state epidemiological programs with other health care services and resources
(1) Ernst & Young/Information Week, "2nd Annual Information Security Survey," Sept., 1994.
(2) Lawrence O. Gostin, et al., "Privacy and Security of Personal Information in a New Health Care System," Journal of the American Medical Association, 270(20), Nov. 24, 1993, p 2487.
Direct comments and questions to Dr. Noam Arzt, arzt@isc.upenn.edu [2/26/96]
URL: http://www.cip.upenn.edu/cip/cdc/lab/intro.html