Professional Documents
Culture Documents
Practical Approaches To Creating A Security Culture
Practical Approaches To Creating A Security Culture
www.elsevier.com/locate/ijmedinf
Abstract
Security of information in the health care environment depends not so much on technical controls as on compliance
with policy by all those who use the information. Awareness of policy and observance of a code of conduct, whilst
important, do not itself ensure that staff respect confidentiality, let alone follow other measures to secure records. A
culture of security must be developed throughout the health care community. This demands clear policy with practical
procedures that are relevant in the workplace, a long-term programme in which changes can be introduced in a
managed way that is sensitive to the tensions between security and other working practises, commitment from senior
management to achieve change, and strong leadership from within the health care professions. The UK National
Health Service has begun such a process with the endorsement of the ‘Caldicott Committee Report on the review of
patient-identifiable information’ and its recommendation that all health organisations appoint a senior health care
professional to be responsible for confidentiality of patient information. Raising the political profile of patient
confidentiality has served to change the rate of change up a gear. The response of one health care community to this
initiative will be discussed and lessons drawn regarding cultural change and information security. © 2000 Elsevier
Science Ireland Ltd. All rights reserved.
1386-5056/00/$ - see front matter © 2000 Elsevier Science Ireland Ltd. All rights reserved.
PII: S 1 3 8 6 - 5 0 5 6 ( 0 0 ) 0 0 1 1 5 - 5
152 N. Gaunt / International Journal of Medical Informatics 60 (2000) 151–157
additional security controls is often cited as a cial gain in incorporating more stringent con-
reason for failure to adopt them. trols, or the purchasers have been unwilling
In addition to financial constraints, there to pay for, or to implement, more secure
are increasing demands for access to personal systems. Poorly designed security controls of-
health care data for the purposes of monitor- ten impose constraints or impediments to
ing, regulation, audit and research. Managed access that are unacceptable to clinical staff.
care organisations, insurance companies and Even passwords are considered by many to
health authorities contracting services are be awkward and unnecessary, particularly
seeking access to patient records to substanti- when enforced expiry is imposed. Re-estab-
ate claims or detect fraud. Investigations un- lishing network connections can take so long
der the aegis of clinical governance or that busy clinical staff avoid logging off be-
medical audit gather patient data to examine tween transactions on network workstations.
the performance against criteria of health Security measures must be practical, accept-
care workers. Surveillance, epidemiology and able to staff and cause minimal disruption to
research programmes systematically gather the processes of care. Few commercial sys-
the patient clinical data to monitor health tems at present achieve these ideals. How-
care practices and understand distribution, ever, once appropriate access control and
spread and control of diseases. The police auditing is installed, staff scepticism soon
seek information from medical sources that turns to acceptance as they come to realise
may lead to the identification of criminals or their importance and benefit [2].
to the prevention of crime. It is the ready
availability of large quantities of clinical in- 2.5. Inconsistent policies
formation on computer systems that has
made such investigations possible and of ap- The extent, to which individual health care
peal to regulators and the public. The laud- facilities apply security controls to their own
able aims of greater efficiency, accountability, computer systems, can vary markedly. Incon-
liability and knowledge achieved through sistent policies and procedures can lead to
such systematic data processing are, however, frustration, confusion and potentially even
putting at risk the fundamental principle of harm to patients. This is exemplified by dif-
patient confidentiality [1]. The balance be- ferences in organisation’s policy towards
tween openness and confidentiality is the sub- transmission of patient information by fac-
ject of much debate, which, while it remains simile. Whereas best practice is to send pa-
unresolved, prevents application of a consis- tient-identifiable information by facsimile
tent approach to the protection of clinical machine only in emergencies and according
information. to agreed protocols, the convenience of such
means of communication has led many or-
2.4. Inadequate systems ganisations to allow their routine and uncon-
trolled use. An organisation attempting to
Given the availability of many good tech- apply more restricted use of facsimile trans-
nical solutions to achieving secure systems, it missions is then faced with complaints from
is disappointing that few of the commercial other organisations with more lenient policies
health care computer systems currently on whose staff are frustrated that they cannot
the market have more than the most basic send or receive patient information by that
security features. Either there is no commer- means.
154 N. Gaunt / International Journal of Medical Informatics 60 (2000) 151–157