Towards a practical healthcare information security model for healthcare institutions

In recent years, a number of countries have introduced plans for national electronic patient record (EPR) systems. This paper argues that, in the near future, both patients and healthcare stakeholders will be able to access medical records from WWW-based EPR systems. We contend that the primary impediment to the successful implementation and widespread uptake of the EPR concept is the fact that current healthcare information security (HIS) applications are not sufficiently robust. This paper identifies two main Information Security technologies: 1) Public key infrastructure (PKI) and 2) Biometrics that hold a lot of promise in a healthcare context. The key contribution of this paper is to propose a novel multi-layered HIS framework based on a combination of PKI, Smartcard and Biometrics technologies. We argue that this new HIS framework could assist healthcare institutions to provide a truly secure infrastructure for the electronic transmission of clinical data in the future. This paper also makes a case for the creation of a new nodal HIS body because existing information security bodies like the Forum of Incident Response and Security Teams are for general-purpose organizations and not specifically suited for the healthcare sector.