System Security Policies are needed for any healthcare related application. These policies will help to standardized security practices throughout an institution.
One of the main items needed for security is to look at things from the point of restricting access. Only allow users access to the data they need to see. Otherwise confidentiality issues may occur. Its an interesting mix balancing the patient's right to privacy and appropriate access levels of the system users.
Also into the application it is best to have an auditing mechanism architected into the main solution. The auditing functionality includes who logged in, what did they do, when did that do it and from where did they access the system. Include in the auditing a way to determine if the application is logged into from home through remote access. Beware of remote access plans that nat everyone's ip to the same thing. If there is a systematic way to examine the audit trails of an application for a breach of confidentiality, its a very good thing.
Another item to consider is how long until the application times out. For instance, no application should be available above 30 minutes between keystrokes or mouse maneuvers. Have a standardized timeout set for the institution, and have that added to all applications.
Its easier to have a single signon, but this needs to rotate passwords frequently every 100 days. Passwords should be complex, not the work password for instance. The authentication may include who you are, what you know, what you have, and maybe even where you are.
It is a good idea to have a basic set of security practices detailed and agreed to with all stakeholders.
Subscribe and Share!
Did you enjoy this article? Your feedback is very important! I'd like to invite you to keep up to date with the latest posts from Anticlue. We offer several venues. If you have some questions, help can be found here.- Become a Facebook Fan
- Subscribe to Anticlue
- Follow me on Twitter
- Add to Technorati Favorites
- Digg this post
0 Comments to “Security and Healthcare Applications”
Please share your thoughts and suggestions
-
Receive Our eNewsletter
The latest Project Management and Healthcare IT practices
-
About Me
Welcome to the Healthcare IT Project Management Blog of Elyse Nielsen. This is the place where I share the ideas I have learned, the things I’d like to remember, and my thoughts for a brighter future. Find out more.
Subscribe to Our Tips
This weblog is licensed under a Creative Commons License.