Newer
Older
Discussion_Papers / Papers / 2002 / 2002-06 / Minimum-security requirements for Health Information Systems / Index.htm
  1. <!doctype html public "-//w3c//dtd html 4.0 transitional//en">
  2. <html>
  3. <head>
  4. <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
  5. <meta name="ProgId" content="Word.Document">
  6. <meta name="Generator" content="Microsoft Word 9">
  7. <meta name="Originator" content="Microsoft Word 9">
  8. <meta name="GENERATOR" content="Mozilla/4.76 [en] (Windows NT 5.0; U) [Netscape]">
  9. <title>Are Health Professionals meeting the minimum-security requirements for
  10. Health Information Systems (HIS) in the New Zealand Hea</title>
  11. <link rel=File-List href="./HIS%20Security%20Article_files/filelist.xml">
  12. <link rel=Edit-Time-Data href="./HIS%20Security%20Article_files/editdata.mso">
  13. <!--[if !mso]>
  14. <style>
  15. v\:* {behavior:url(#default#VML);}
  16. o\:* {behavior:url(#default#VML);}
  17. w\:* {behavior:url(#default#VML);}
  18. .shape {behavior:url(#default#VML);}
  19. </style>
  20. <![endif]-->
  21. <!--[if gte mso 9]><xml>
  22. <o:DocumentProperties>
  23. <o:Author>Roeters</o:Author>
  24. <o:LastAuthor>Roeters</o:LastAuthor>
  25. <o:Revision>2</o:Revision>
  26. <o:TotalTime>375</o:TotalTime>
  27. <o:LastPrinted>2002-06-23T05:12:00Z</o:LastPrinted>
  28. <o:Created>2002-06-24T10:16:00Z</o:Created>
  29. <o:LastSaved>2002-06-24T10:16:00Z</o:LastSaved>
  30. <o:Pages>13</o:Pages>
  31. <o:Words>4813</o:Words>
  32. <o:Characters>27437</o:Characters>
  33. <o:Lines>228</o:Lines>
  34. <o:Paragraphs>54</o:Paragraphs>
  35. <o:CharactersWithSpaces>33694</o:CharactersWithSpaces>
  36. <o:Version>9.2720</o:Version>
  37. </o:DocumentProperties>
  38. </xml><![endif]-->
  39. <!--[if gte mso 9]><xml>
  40. <w:WordDocument>
  41. <w:DrawingGridHorizontalSpacing>4.5 pt</w:DrawingGridHorizontalSpacing>
  42. <w:DisplayHorizontalDrawingGridEvery>2</w:DisplayHorizontalDrawingGridEvery>
  43. <w:DisplayVerticalDrawingGridEvery>2</w:DisplayVerticalDrawingGridEvery>
  44. </w:WordDocument>
  45. </xml><![endif]-->
  46. <style>
  47. <!--
  48. /* Font Definitions */
  49. @font-face
  50. {font-family:Times;
  51. panose-1:0 0 0 0 0 0 0 0 0 0;
  52. mso-font-alt:"Times New Roman";
  53. mso-font-charset:0;
  54. mso-generic-font-family:roman;
  55. mso-font-format:other;
  56. mso-font-pitch:variable;
  57. mso-font-signature:3 0 0 0 1 0;}
  58. @font-face
  59. {font-family:Wingdings;
  60. panose-1:5 0 0 0 0 0 0 0 0 0;
  61. mso-font-charset:2;
  62. mso-generic-font-family:auto;
  63. mso-font-pitch:variable;
  64. mso-font-signature:0 268435456 0 0 -2147483648 0;}
  65. /* Style Definitions */
  66. p.MsoNormal, li.MsoNormal, div.MsoNormal
  67. {mso-style-parent:"";
  68. margin:0cm;
  69. margin-bottom:.0001pt;
  70. mso-pagination:widow-orphan;
  71. font-size:12.0pt;
  72. font-family:"Times New Roman";
  73. mso-fareast-font-family:"Times New Roman";
  74. mso-ansi-language:EN-NZ;}
  75. h1
  76. {mso-style-next:Normal;
  77. margin:0cm;
  78. margin-bottom:.0001pt;
  79. mso-pagination:widow-orphan;
  80. page-break-after:avoid;
  81. mso-outline-level:1;
  82. mso-layout-grid-align:none;
  83. text-autospace:none;
  84. font-size:12.0pt;
  85. font-family:"Times New Roman";
  86. mso-font-kerning:0pt;
  87. mso-ansi-language:EN-NZ;
  88. font-weight:bold;}
  89. h2
  90. {mso-style-next:Normal;
  91. margin-top:12.0pt;
  92. margin-right:0cm;
  93. margin-bottom:3.0pt;
  94. margin-left:0cm;
  95. mso-pagination:widow-orphan;
  96. page-break-after:avoid;
  97. mso-outline-level:2;
  98. font-size:14.0pt;
  99. font-family:Arial;
  100. mso-ansi-language:EN-NZ;
  101. font-weight:bold;
  102. font-style:italic;}
  103. h3
  104. {mso-style-next:Normal;
  105. margin-top:12.0pt;
  106. margin-right:0cm;
  107. margin-bottom:3.0pt;
  108. margin-left:0cm;
  109. mso-pagination:widow-orphan;
  110. page-break-after:avoid;
  111. mso-outline-level:3;
  112. font-size:13.0pt;
  113. font-family:Arial;
  114. mso-ansi-language:EN-NZ;
  115. font-weight:bold;}
  116. h4
  117. {mso-style-next:Normal;
  118. margin:0cm;
  119. margin-bottom:.0001pt;
  120. text-align:center;
  121. mso-pagination:widow-orphan;
  122. page-break-after:avoid;
  123. mso-outline-level:4;
  124. font-size:18.0pt;
  125. mso-bidi-font-size:12.0pt;
  126. font-family:"Times New Roman";
  127. color:#FF6600;
  128. mso-ansi-language:EN-NZ;
  129. font-weight:bold;}
  130. h5
  131. {mso-style-next:Normal;
  132. margin:0cm;
  133. margin-bottom:.0001pt;
  134. text-align:center;
  135. mso-pagination:widow-orphan;
  136. page-break-after:avoid;
  137. mso-outline-level:5;
  138. font-size:12.0pt;
  139. font-family:"Times New Roman";
  140. color:#FF6600;
  141. mso-ansi-language:EN-NZ;
  142. font-weight:bold;}
  143. h6
  144. {mso-style-next:Normal;
  145. margin:0cm;
  146. margin-bottom:.0001pt;
  147. text-align:center;
  148. mso-pagination:widow-orphan;
  149. page-break-after:avoid;
  150. mso-outline-level:6;
  151. font-size:18.0pt;
  152. mso-bidi-font-size:12.0pt;
  153. font-family:"Times New Roman";
  154. color:red;
  155. mso-ansi-language:EN-NZ;
  156. font-weight:normal;}
  157. p.MsoHeader, li.MsoHeader, div.MsoHeader
  158. {margin:0cm;
  159. margin-bottom:.0001pt;
  160. mso-pagination:widow-orphan;
  161. tab-stops:center 216.0pt right 432.0pt;
  162. font-size:12.0pt;
  163. font-family:"Times New Roman";
  164. mso-fareast-font-family:"Times New Roman";
  165. mso-ansi-language:EN-NZ;}
  166. p.MsoFooter, li.MsoFooter, div.MsoFooter
  167. {margin:0cm;
  168. margin-bottom:.0001pt;
  169. mso-pagination:widow-orphan;
  170. tab-stops:center 216.0pt right 432.0pt;
  171. font-size:12.0pt;
  172. font-family:"Times New Roman";
  173. mso-fareast-font-family:"Times New Roman";
  174. mso-ansi-language:EN-NZ;}
  175. p.MsoBodyText, li.MsoBodyText, div.MsoBodyText
  176. {margin:0cm;
  177. margin-bottom:.0001pt;
  178. text-align:center;
  179. mso-pagination:widow-orphan;
  180. font-size:26.0pt;
  181. mso-bidi-font-size:12.0pt;
  182. font-family:"Times New Roman";
  183. mso-fareast-font-family:"Times New Roman";
  184. mso-ansi-language:EN-NZ;
  185. font-weight:bold;}
  186. p.MsoBodyText2, li.MsoBodyText2, div.MsoBodyText2
  187. {margin:0cm;
  188. margin-bottom:.0001pt;
  189. text-align:center;
  190. mso-pagination:widow-orphan;
  191. font-size:18.0pt;
  192. mso-bidi-font-size:12.0pt;
  193. font-family:"Times New Roman";
  194. mso-fareast-font-family:"Times New Roman";
  195. mso-ansi-language:EN-NZ;
  196. font-weight:bold;}
  197. p.MsoBodyText3, li.MsoBodyText3, div.MsoBodyText3
  198. {margin-right:36.0pt;
  199. mso-margin-top-alt:auto;
  200. mso-margin-bottom-alt:auto;
  201. margin-left:0cm;
  202. mso-pagination:widow-orphan;
  203. font-size:12.0pt;
  204. font-family:"Times New Roman";
  205. mso-fareast-font-family:"Times New Roman";
  206. mso-ansi-language:EN-NZ;}
  207. a:link, span.MsoHyperlink
  208. {color:#3366FF;
  209. mso-text-animation:none;
  210. text-decoration:none;
  211. text-underline:none;
  212. text-decoration:none;
  213. text-line-through:none;}
  214. a:visited, span.MsoHyperlinkFollowed
  215. {color:purple;
  216. text-decoration:underline;
  217. text-underline:single;}
  218. p
  219. {margin-right:0cm;
  220. mso-margin-top-alt:auto;
  221. mso-margin-bottom-alt:auto;
  222. margin-left:0cm;
  223. mso-pagination:widow-orphan;
  224. font-size:12.0pt;
  225. font-family:"Times New Roman";
  226. mso-fareast-font-family:"Times New Roman";}
  227. @page Section1
  228. {size:612.0pt 792.0pt;
  229. margin:72.0pt 67.5pt 72.0pt 89.85pt;
  230. mso-header-margin:36.0pt;
  231. mso-footer-margin:36.0pt;
  232. mso-footer:url("./HIS%20Security%20Article_files/header.htm") f1;
  233. mso-paper-source:0;}
  234. div.Section1
  235. {page:Section1;}
  236. /* List Definitions */
  237. @list l0
  238. {mso-list-id:289629960;
  239. mso-list-type:hybrid;
  240. mso-list-template-ids:-1338986014 67698699 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
  241. @list l0:level1
  242. {mso-level-number-format:bullet;
  243. mso-level-text:\F0D8;
  244. mso-level-tab-stop:36.0pt;
  245. mso-level-number-position:left;
  246. text-indent:-18.0pt;
  247. font-family:Wingdings;}
  248. @list l1
  249. {mso-list-id:377508630;
  250. mso-list-type:hybrid;
  251. mso-list-template-ids:327719292 67698693 -1574797304 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
  252. @list l1:level1
  253. {mso-level-number-format:bullet;
  254. mso-level-text:\F0A7;
  255. mso-level-tab-stop:36.0pt;
  256. mso-level-number-position:left;
  257. text-indent:-18.0pt;
  258. font-family:Wingdings;}
  259. @list l1:level2
  260. {mso-level-number-format:bullet;
  261. mso-level-text:-;
  262. mso-level-tab-stop:72.0pt;
  263. mso-level-number-position:left;
  264. text-indent:-18.0pt;
  265. mso-hansi-font-family:"Courier New";}
  266. @list l2
  267. {mso-list-id:405153843;
  268. mso-list-type:hybrid;
  269. mso-list-template-ids:-1012652276 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
  270. @list l2:level1
  271. {mso-level-tab-stop:36.0pt;
  272. mso-level-number-position:left;
  273. text-indent:-18.0pt;}
  274. @list l3
  275. {mso-list-id:437481626;
  276. mso-list-type:hybrid;
  277. mso-list-template-ids:908209518 727194324 -1903503524 -1810073082 -1383988242 530625538 1027617828 -1501416064 -572198782 745313210;}
  278. @list l3:level1
  279. {mso-level-number-format:bullet;
  280. mso-level-text:\F0B7;
  281. mso-level-tab-stop:36.0pt;
  282. mso-level-number-position:left;
  283. text-indent:-18.0pt;
  284. mso-ansi-font-size:10.0pt;
  285. font-family:Symbol;}
  286. @list l4
  287. {mso-list-id:457601054;
  288. mso-list-type:hybrid;
  289. mso-list-template-ids:-252797428 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
  290. @list l4:level1
  291. {mso-level-tab-stop:36.0pt;
  292. mso-level-number-position:left;
  293. text-indent:-18.0pt;}
  294. @list l5
  295. {mso-list-id:509223363;
  296. mso-list-type:hybrid;
  297. mso-list-template-ids:-862960568 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
  298. @list l5:level1
  299. {mso-level-tab-stop:36.0pt;
  300. mso-level-number-position:left;
  301. text-indent:-18.0pt;}
  302. @list l6
  303. {mso-list-id:624196186;
  304. mso-list-type:hybrid;
  305. mso-list-template-ids:540710594 1852235690 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
  306. @list l6:level1
  307. {mso-level-text:"\(%1\)";
  308. mso-level-tab-stop:36.0pt;
  309. mso-level-number-position:left;
  310. text-indent:-18.0pt;}
  311. @list l7
  312. {mso-list-id:626394540;
  313. mso-list-type:hybrid;
  314. mso-list-template-ids:-1807686718 1064075432 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
  315. @list l7:level1
  316. {mso-level-tab-stop:36.0pt;
  317. mso-level-number-position:left;
  318. text-indent:-18.0pt;}
  319. @list l8
  320. {mso-list-id:729573967;
  321. mso-list-type:hybrid;
  322. mso-list-template-ids:725881758 -2094762376 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
  323. @list l8:level1
  324. {mso-level-start-at:3;
  325. mso-level-tab-stop:36.0pt;
  326. mso-level-number-position:left;
  327. text-indent:-18.0pt;}
  328. @list l9
  329. {mso-list-id:745806464;
  330. mso-list-type:hybrid;
  331. mso-list-template-ids:-806993424 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
  332. @list l9:level1
  333. {mso-level-tab-stop:36.0pt;
  334. mso-level-number-position:left;
  335. text-indent:-18.0pt;}
  336. @list l10
  337. {mso-list-id:769817223;
  338. mso-list-type:hybrid;
  339. mso-list-template-ids:-604569862 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
  340. @list l10:level1
  341. {mso-level-tab-stop:36.0pt;
  342. mso-level-number-position:left;
  343. text-indent:-18.0pt;}
  344. @list l11
  345. {mso-list-id:786315730;
  346. mso-list-type:hybrid;
  347. mso-list-template-ids:-166553744 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
  348. @list l11:level1
  349. {mso-level-tab-stop:36.0pt;
  350. mso-level-number-position:left;
  351. text-indent:-18.0pt;}
  352. @list l12
  353. {mso-list-id:795878757;
  354. mso-list-type:hybrid;
  355. mso-list-template-ids:-1584597906 67698693 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
  356. @list l12:level1
  357. {mso-level-number-format:bullet;
  358. mso-level-text:\F0A7;
  359. mso-level-tab-stop:36.0pt;
  360. mso-level-number-position:left;
  361. text-indent:-18.0pt;
  362. font-family:Wingdings;}
  363. @list l13
  364. {mso-list-id:855536290;
  365. mso-list-type:hybrid;
  366. mso-list-template-ids:292432524 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
  367. @list l13:level1
  368. {mso-level-tab-stop:36.0pt;
  369. mso-level-number-position:left;
  370. text-indent:-18.0pt;}
  371. @list l14
  372. {mso-list-id:983659878;
  373. mso-list-type:hybrid;
  374. mso-list-template-ids:645174470 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
  375. @list l14:level1
  376. {mso-level-tab-stop:36.0pt;
  377. mso-level-number-position:left;
  378. text-indent:-18.0pt;}
  379. @list l15
  380. {mso-list-id:1084449174;
  381. mso-list-type:hybrid;
  382. mso-list-template-ids:327719292 67698693 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
  383. @list l15:level1
  384. {mso-level-number-format:bullet;
  385. mso-level-text:\F0A7;
  386. mso-level-tab-stop:36.0pt;
  387. mso-level-number-position:left;
  388. text-indent:-18.0pt;
  389. font-family:Wingdings;}
  390. @list l15:level2
  391. {mso-level-number-format:bullet;
  392. mso-level-text:o;
  393. mso-level-tab-stop:72.0pt;
  394. mso-level-number-position:left;
  395. text-indent:-18.0pt;
  396. font-family:"Courier New";
  397. mso-bidi-font-family:"Times New Roman";}
  398. @list l16
  399. {mso-list-id:1149245338;
  400. mso-list-type:hybrid;
  401. mso-list-template-ids:1418077430 1577494842 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
  402. @list l16:level1
  403. {mso-level-start-at:7;
  404. mso-level-tab-stop:36.0pt;
  405. mso-level-number-position:left;
  406. text-indent:-18.0pt;}
  407. @list l17
  408. {mso-list-id:1205101956;
  409. mso-list-type:hybrid;
  410. mso-list-template-ids:327719292 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
  411. @list l17:level1
  412. {mso-level-number-format:bullet;
  413. mso-level-text:\F0B7;
  414. mso-level-tab-stop:36.0pt;
  415. mso-level-number-position:left;
  416. text-indent:-18.0pt;
  417. font-family:Symbol;}
  418. @list l17:level2
  419. {mso-level-number-format:bullet;
  420. mso-level-text:o;
  421. mso-level-tab-stop:72.0pt;
  422. mso-level-number-position:left;
  423. text-indent:-18.0pt;
  424. font-family:"Courier New";
  425. mso-bidi-font-family:"Times New Roman";}
  426. @list l18
  427. {mso-list-id:1233125716;
  428. mso-list-type:hybrid;
  429. mso-list-template-ids:1521675316 67698699 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
  430. @list l18:level1
  431. {mso-level-number-format:bullet;
  432. mso-level-text:\F0D8;
  433. mso-level-tab-stop:36.0pt;
  434. mso-level-number-position:left;
  435. text-indent:-18.0pt;
  436. font-family:Wingdings;}
  437. @list l19
  438. {mso-list-id:1282688750;
  439. mso-list-type:hybrid;
  440. mso-list-template-ids:-1252731814 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
  441. @list l19:level1
  442. {mso-level-tab-stop:36.0pt;
  443. mso-level-number-position:left;
  444. text-indent:-18.0pt;}
  445. @list l20
  446. {mso-list-id:1466117749;
  447. mso-list-type:hybrid;
  448. mso-list-template-ids:-130380868 67698693 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
  449. @list l20:level1
  450. {mso-level-number-format:bullet;
  451. mso-level-text:\F0A7;
  452. mso-level-tab-stop:36.0pt;
  453. mso-level-number-position:left;
  454. text-indent:-18.0pt;
  455. font-family:Wingdings;}
  456. @list l21
  457. {mso-list-id:1509981021;
  458. mso-list-type:hybrid;
  459. mso-list-template-ids:-1034256722 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
  460. @list l21:level1
  461. {mso-level-tab-stop:36.0pt;
  462. mso-level-number-position:left;
  463. text-indent:-18.0pt;}
  464. @list l22
  465. {mso-list-id:1552420186;
  466. mso-list-type:hybrid;
  467. mso-list-template-ids:-1225741922 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
  468. @list l22:level1
  469. {mso-level-tab-stop:36.0pt;
  470. mso-level-number-position:left;
  471. text-indent:-18.0pt;}
  472. @list l23
  473. {mso-list-id:1665625288;
  474. mso-list-type:hybrid;
  475. mso-list-template-ids:2025460 -2094762376 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
  476. @list l23:level1
  477. {mso-level-start-at:3;
  478. mso-level-tab-stop:36.0pt;
  479. mso-level-number-position:left;
  480. text-indent:-18.0pt;}
  481. @list l24
  482. {mso-list-id:1779372754;
  483. mso-list-type:hybrid;
  484. mso-list-template-ids:908209518 67698703 -1903503524 -1810073082 -1383988242 530625538 1027617828 -1501416064 -572198782 745313210;}
  485. @list l24:level1
  486. {mso-level-tab-stop:36.0pt;
  487. mso-level-number-position:left;
  488. text-indent:-18.0pt;}
  489. @list l25
  490. {mso-list-id:2032487604;
  491. mso-list-type:hybrid;
  492. mso-list-template-ids:-1183565534 800498216 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
  493. @list l25:level1
  494. {mso-level-tab-stop:36.0pt;
  495. mso-level-number-position:left;
  496. text-indent:-18.0pt;}
  497. @list l26
  498. {mso-list-id:2043552466;
  499. mso-list-type:hybrid;
  500. mso-list-template-ids:410292904 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
  501. @list l26:level1
  502. {mso-level-tab-stop:36.0pt;
  503. mso-level-number-position:left;
  504. text-indent:-18.0pt;}
  505. @list l27
  506. {mso-list-id:2061512608;
  507. mso-list-type:hybrid;
  508. mso-list-template-ids:-1385551382 67698699 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
  509. @list l27:level1
  510. {mso-level-number-format:bullet;
  511. mso-level-text:\F0D8;
  512. mso-level-tab-stop:36.0pt;
  513. mso-level-number-position:left;
  514. text-indent:-18.0pt;
  515. font-family:Wingdings;}
  516. @list l23:level1 lfo26
  517. {mso-level-start-at:1;}
  518. ol
  519. {margin-bottom:0cm;}
  520. ul
  521. {margin-bottom:0cm;}
  522. -->
  523. </style>
  524. <!--[if gte mso 9]><xml>
  525. <o:shapedefaults v:ext="edit" spidmax="2050"/>
  526. </xml><![endif]-->
  527. <!--[if gte mso 9]><xml>
  528. <o:shapelayout v:ext="edit">
  529. <o:idmap v:ext="edit" data="1"/>
  530. </o:shapelayout></xml><![endif]-->
  531. </head>
  532. <body link="#3366FF" vlink="#800080" lang="EN-US" style="tab-interval:36.0pt">
  533.  
  534. <div class=Section1>
  535. <center>
  536. <h1>
  537. <font color="#000000">Original paper</font></h1></center>
  538.  
  539. <p>&nbsp;
  540. <br>&nbsp;
  541. <br>
  542. <br>
  543. <br>
  544. <br>
  545.  
  546. <p class="MsoNormal"><b><font color="#000000">Are Health Professionals
  547. meeting the minimum-security requirements for Health Information Systems
  548. (HIS) in the New Zealand Health Service? (A pilot study in Residential
  549. Care)</font></b>
  550. <br>&nbsp;
  551. <br>&nbsp;
  552. <br>
  553. <br>
  554. <center>
  555. <p><span lang=EN-NZ><font color="#000000">Han Roeters</span><span lang=EN-NZ style='font-family:Times'><sup>12</span><span
  556. lang=EN-NZ></sup>
  557. and Alec Holt</span><span lang=EN-NZ style='font-family:Times'><sup>3</sup></font></span>
  558. <p><span lang=EN-NZ></span></center>
  559.  
  560.  
  561. <p class="MsoNormal"><span lang=EN-NZ style='font-family:Times'><font color="#000000"><sup>1&nbsp;</span><span
  562. lang=EN-NZ></sup>Manager,
  563. Reevedon Elderly Care Complex, PO Box 142, Levin 5500, New Zealand.</font></span>
  564.  
  565. <p class="MsoNormal"><span lang=EN-NZ style='font-family:Times'><font color="#000000"><sup>2&nbsp;</span><span
  566. lang=EN-NZ></sup>Health
  567. Informatics Group, University of Otago, Wellington School of Medicine,
  568. Wellington, New Zealand.</font></span>
  569.  
  570. <p class="MsoNormal"><span lang=EN-NZ style='font-family:Times'><font color="#000000"><sup>3</span><span
  571. lang=EN-NZ></sup>
  572. Health Informatics Group, Department of Information Science, University
  573. of Otago, Dunedin, New Zealand</font></span>
  574. <center>
  575. <p><span lang=EN-NZ></span></center>
  576.  
  577.  
  578. <p class="MsoHeader" style="tab-stops:36.0pt"><span lang=EN-NZ><font color="#000000">Corresponding
  579. Author</font></span>
  580. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Han Roeters</font></span></div>
  581.  
  582. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Health Informatics
  583. Group</font></span></div>
  584.  
  585. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">University
  586. of Otago</font></span></div>
  587.  
  588. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Dunedin&nbsp;</font></span></div>
  589.  
  590. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">New Zealand</font></span></div>
  591.  
  592. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Email:&nbsp;<span style='color:windowtext'><a href="mailto:roeters.nz@xtra.co.nz">roeters.nz@xtra.co.nz</a></font></span></span></div>
  593.  
  594. <p><br><span lang=EN-NZ style='font-size:12.0pt;font-family:"Times New Roman";
  595. mso-fareast-font-family:"Times New Roman";color:maroon;mso-ansi-language:EN-NZ;
  596. mso-fareast-language:EN-US;mso-bidi-language:AR-SA'>
  597. <br>&nbsp;
  598. <h3>
  599. <span lang=EN-NZ><font color="#000000">Abstract&nbsp;</font></span></h3>
  600.  
  601. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  602.  
  603. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000"><b>Background:</span><span lang=EN-NZ></b>
  604. Due to the accelerating development of technology and the globalisation
  605. of HIS, it is becoming increasingly important for health professionals
  606. to implement and maintain security measures for their HIS.</font></span></div>
  607.  
  608. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000"><b>Objective:</span><span lang=EN-NZ></b>
  609. This research compares, British, American and New Zealand HIS security
  610. standards and researches minimum-security requirements available to compare
  611. this with the results of a survey in the NZ Residential Care Industry.</font></span></div>
  612.  
  613. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000"><b>Methods</span><span lang=EN-NZ></b>:
  614. The research is a cross-sectional study that evaluates and compares descriptive
  615. qualitative data derived from a population sample by means of a questionnaire,
  616. and literature research with descriptive qualitative data on minimum-security
  617. requirements from other studies, established standards or legislation and
  618. literature.&nbsp;</font></span></div>
  619.  
  620. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">A survey
  621. is designed and conducted in the facilities of a large residential (elderly)
  622. care provider in New Zealand. It is targeted to Managers, Care Managers,
  623. Registered Nurses and Administrators. The questionnaire investigates how
  624. HIS security in the residential care industry compares.</font></span></div>
  625.  
  626. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000"><b>Results:</span><span lang=EN-NZ></b>
  627. The results of the literature search failed to return minimum-security
  628. requirements for HIS for any of the countries targeted in the research.
  629. The survey had a 58% return rate, this equates to a sample population of
  630. 28. Compliance with minimum-security requirements was below 50%. Statistics
  631. and graphs were designed and calculated in MSExcel with PHStat add-inn.</font></span></div>
  632.  
  633.  
  634. <p class="MsoNormal"><span lang=EN-NZ><b><font color="#000000">Conclusions:&nbsp;</font></b></span>
  635.  
  636. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000">Minimum-security
  637. requirements establish an important basis for consistency in developing
  638. health companies HIS security policies and procedures. Continuation of
  639. inconsistency in security procedures jeopardises the quality of patient
  640. care, the HIS and increases risk of litigation for health professionals
  641. and organizations. The minimum-security requirements in the NZ residential
  642. care industry are severely compromised and the risk of security breaches
  643. and data loss is high. Minimum-security requirements for HIS in the targeted
  644. countries are not available.</font></span>
  645.  
  646. <p class="MsoHeader" style="tab-stops:36.0pt"><span lang=EN-NZ><font color="#000000">In
  647. this article the terms privacy, confidentiality, and security are used
  648. as defined by&nbsp;</font></span>
  649.  
  650. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000">L.Gostin [<span style='color:red'>1</span>]:</font></span>
  651.  
  652. <p class="MsoNormal"><span lang=EN-NZ><i><font color="#000000">“Privacy
  653. is defined as the right of an individual to limit access by others to some
  654. aspect of the person.&nbsp;</font></i><o:p></o:p></span>
  655.  
  656. <p class="MsoNormal"><span lang=EN-NZ><i><font color="#000000">Confidentiality
  657. is a form of information privacy characterized by a special relationship,
  658. such as the physician-patient relationship. Personal information obtained
  659. in the course of this relationship should not be revealed to others unless
  660. the patient is first made aware and consents to the disclosure.</font></i><o:p></o:p></span>
  661.  
  662. <p class="MsoNormal"><span lang=EN-NZ><i><font color="#000000">Security
  663. encompasses a set of technical and administrative procedures designed to
  664. protect data systems against unwanted disclosure, modification, or destruction
  665. and to safeguard the system itself.”</font></i><o:p></o:p></span>
  666.  
  667. <p class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span>
  668. <h3>
  669. <span lang=EN-NZ><font color="#000000">Keywords</font></span></h3>
  670.  
  671. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Security,
  672. Health Information Systems, Privacy, Confidentiality, New Zealand, Residential
  673. Care.</font></span></div>
  674.  
  675. <h3>
  676. <span lang=EN-NZ><font color="#000000">Introduction</font></span></h3>
  677.  
  678. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Since the
  679. 1990’s the use of computerised HIS in New Zealand and other first world
  680. countries has developed at an accelerating pace. In conjunction with this
  681. the <i>“concerns about privacy transcend the health care setting. Americans
  682. believe that their privacy rights are not adequately protected”</i> [<span style='color:#FF6600'>2</span>].
  683. These concerns were reflected in other countries including New Zealand.
  684. The New Zealand government developed the Health Information Privacy Code
  685. 1994&nbsp; (http://www.knowledge-basket.co.nz/privacy/comply/HIPCWWW.pdf)
  686. to ensure privacy of health information.</font></span></div>
  687.  
  688. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">It is becoming
  689. increasingly difficult for the lawmakers to stay in line with new developments
  690. in our ever-accelerating technology. Privacy and security requirements
  691. are no exception.</font></span></div>
  692.  
  693. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000"><i>“With
  694. the advance of technology have come a variety of challenges to our privacy.
  695. It’s not that the Internet causes loss of privacy-but it has made us more
  696. aware of the issues surrounding privacy. The complexities involved in maintaining
  697. our privacy and security in a world where information is increasingly public
  698. can be daunting.”</span><span
  699. lang=EN-NZ></i> [<span style='color:#FF6600'>3</span>].
  700. Compounding this problem is the globalisation of information and the lack
  701. of global legislation to protect the privacy of our health information,
  702. <i>“it
  703. is easy to understand why some kinds of information should be accorded
  704. special status and legal protection based on their sensitivity and the
  705. great damage that can occur from unconsented disclosure.”</i>[<span style='color:#FF6600'>4</span>].
  706. The protection of our health information is imperative to maintaining the
  707. individual’s privacy.</font></span></div>
  708.  
  709. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000"><i>“The essence
  710. of security is to protect the availability, integrity and confidentiality
  711. of data and systems”</span><span
  712. lang=EN-NZ></i>[<span style='color:#FF6600'>5</span>].
  713. The lack of security has the potential to put: the patient, the clinician,
  714. the system and the organization at risk, the reason is that medical organizations
  715. <i>“tend
  716. to focus our greatest emphasis on patient care. But once you understand
  717. how profoundly a lack of IT security can effect your organization, right
  718. down to the clinical level, you come to appreciate the importance of it.”</i>[<span
  719. style='color:#FF6600'>6</span>]&nbsp;</font></span></div>
  720.  
  721. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Unfortunately
  722. <i>“most
  723. hospitals and health systems don’t understand how much at risk they are”</i>
  724. [<span
  725. style='color:#FF6600'>7</span>].&nbsp;</font></span></div>
  726.  
  727. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Global security
  728. principles for health information systems do not exist because nobody owns
  729. or regulates the Internet. Most countries developed their own security
  730. legislation and principles. It is concerning that HIS have been in generalised
  731. use since the early 1980’s and most legislation and security guidelines
  732. originate from the late 1990’s.&nbsp;</font></span></div>
  733.  
  734.  
  735. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000">HIS risk assessment
  736. and implementation of security measures to ensure a secure, private and
  737. dynamic HIS is possibly one of the major tasks that the NZ Health Service
  738. and other countries need to have to deal with.</font></span>
  739. <br><span lang=EN-NZ style='font-size:13.0pt;font-family:Arial;mso-fareast-font-family:
  740. "Times New Roman";mso-ansi-language:EN-NZ;mso-fareast-language:EN-US;
  741. mso-bidi-language:AR-SA'>
  742. <br></span>
  743. <h3>
  744. <span lang=EN-NZ><font color="#000000">Methods</font></span></h3>
  745.  
  746. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  747.  
  748. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Comparing
  749. British, American and New Zealand HIS security principles.</font></span></div>
  750.  
  751. <div class="MsoNormal"><span lang=EN-NZ><span style="mso-spacerun: yes"></span></span></div>
  752.  
  753. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Dr Ross J.
  754. Anderson describes 9 security principles for the individual patient record,
  755. in his research, Security in Clinical Information Systems, which was commissioned
  756. by the British Medical Association (BMA) they are related to the following
  757. security elements [<span
  758. style='color:#FF6600'>8</span>]:</font></span></div>
  759.  
  760. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  761.  
  762. <ol style='margin-top:0cm' start=1 type=1>
  763. <li class="MsoNormal" style="mso-list:l2 level1 lfo12;tab-stops:list 36.0pt">
  764. <span
  765. lang=EN-NZ><font color="#000000">Access control</font></span></li>
  766.  
  767. <li class="MsoNormal" style="mso-list:l2 level1 lfo12;tab-stops:list 36.0pt">
  768. <span
  769. lang=EN-NZ><font color="#000000">Record opening</font></span></li>
  770.  
  771. <li class="MsoNormal" style="mso-list:l2 level1 lfo12;tab-stops:list 36.0pt">
  772. <span
  773. lang=EN-NZ><font color="#000000">Control</font></span></li>
  774.  
  775. <li class="MsoNormal" style="mso-list:l2 level1 lfo12;tab-stops:list 36.0pt">
  776. <span
  777. lang=EN-NZ><font color="#000000">Consent and notification</font></span></li>
  778.  
  779. <li class="MsoNormal" style="mso-list:l2 level1 lfo12;tab-stops:list 36.0pt">
  780. <span
  781. lang=EN-NZ><font color="#000000">Persistence</font></span></li>
  782.  
  783. <li class="MsoNormal" style="mso-list:l2 level1 lfo12;tab-stops:list 36.0pt">
  784. <span
  785. lang=EN-NZ><font color="#000000">Attribution</font></span></li>
  786.  
  787. <li class="MsoNormal" style="mso-list:l2 level1 lfo12;tab-stops:list 36.0pt">
  788. <span
  789. lang=EN-NZ><font color="#000000">Information flow&nbsp;</font></span></li>
  790.  
  791. <li class="MsoNormal" style="mso-list:l2 level1 lfo12;tab-stops:list 36.0pt">
  792. <span
  793. lang=EN-NZ><font color="#000000">Aggregation control</font></span></li>
  794.  
  795. <li class="MsoNormal" style="mso-list:l2 level1 lfo12;tab-stops:list 36.0pt">
  796. <span
  797. lang=EN-NZ><font color="#000000">The trusted computing base</font></span></li>
  798. </ol>
  799.  
  800. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  801.  
  802. <div class="MsoBodyText2" style="text-align:left"><span lang=EN-NZ
  803. style='font-size:12.0pt;font-weight:normal'><font color="#000000">The
  804. American security principles are found in a recommendation on the Health
  805. Insurance Portability and Accountability Act 1996 (HIPAA).</font><o:p></o:p></span></div>
  806.  
  807. <div class="MsoNormal"><span lang=EN-NZ><span style="mso-spacerun:
  808. yes"></span><font color="#000000"><i>
  809. The Department of Health and Human Services has previously sent Congress
  810. recommendations for legislation to protect health information, which set
  811. forth the following 5 key principles&nbsp;</span><span lang=EN-NZ></i>[<span
  812. style='color:#FF6600'>9</span>]:</font><o:p></o:p></span></div>
  813.  
  814. <ol style='margin-top:0cm' start=1 type=1>
  815. <li class="MsoNormal" style="mso-list:l10 level1 lfo13;tab-stops:list 36.0pt">
  816. <span
  817. lang=EN-NZ><i><font color="#000000">Boundaries</font></i><o:p></o:p></span></li>
  818.  
  819. <li class="MsoNormal" style="mso-list:l10 level1 lfo13;tab-stops:list 36.0pt">
  820. <span
  821. lang=EN-NZ><i><font color="#000000">Security</font></i><o:p></o:p></span></li>
  822.  
  823. <li class="MsoNormal" style="mso-list:l10 level1 lfo13;tab-stops:list 36.0pt">
  824. <span
  825. lang=EN-NZ><i><font color="#000000">Consumer control</font></i><o:p></o:p></span></li>
  826.  
  827. <li class="MsoNormal" style="mso-list:l10 level1 lfo13;tab-stops:list 36.0pt">
  828. <span
  829. lang=EN-NZ><i><font color="#000000">Accountability</font></i><o:p></o:p></span></li>
  830.  
  831. <li class="MsoNormal" style="mso-list:l10 level1 lfo13;tab-stops:list 36.0pt">
  832. <span
  833. lang=EN-NZ><i><font color="#000000">Public responsibility”&nbsp;</font></i><o:p></o:p></span></li>
  834. </ol>
  835.  
  836. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  837.  
  838. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">The American
  839. Congress adopted these principles during the discussions of the HIPAA bill.
  840. HHS (Department of health and Human services) and announced a final rule
  841. for the electronic standards for healthcare transactions in December 2000.</font></span></div>
  842.  
  843. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  844.  
  845. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">The British
  846. and American security principles are incorporated in New Zealand in the
  847. health Information Privacy Code 1994 and the New Zealand security principles
  848. for health information standards for the NZ Health Intranet, which ensure
  849. that three security components are maintained [<span style='color:#FF6600'>10</span>]:</font></span></div>
  850.  
  851. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  852.  
  853. <ol style='margin-top:0cm' start=1 type=1>
  854. <li class="MsoNormal" style="mso-list:l13 level1 lfo14;tab-stops:list 36.0pt">
  855. <span
  856. lang=EN-NZ><i><font color="#000000">“System integrity - the
  857. functionality of the computer system should be maintained with all modules
  858. and subsystems functioning properly and in the way that the user expects
  859. and believes them to be operating&nbsp;</font></i><o:p></o:p></span></li>
  860.  
  861. <li class="MsoNormal" style="mso-list:l13 level1 lfo14;tab-stops:list 36.0pt">
  862. <span
  863. lang=EN-NZ><!--[if gte vml 1]><v:shapetype id="_x0000_t75" coordsize="21600,21600"
  864. o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f"
  865. stroked="f">
  866. <v:stroke joinstyle="miter"/>
  867. <v:formulas>
  868. <v:f eqn="if lineDrawn pixelLineWidth 0"/>
  869. <v:f eqn="sum @0 1 0"/>
  870. <v:f eqn="sum 0 0 @1"/>
  871. <v:f eqn="prod @2 1 2"/>
  872. <v:f eqn="prod @3 21600 pixelWidth"/>
  873. <v:f eqn="prod @3 21600 pixelHeight"/>
  874. <v:f eqn="sum @0 0 1"/>
  875. <v:f eqn="prod @6 1 2"/>
  876. <v:f eqn="prod @7 21600 pixelWidth"/>
  877. <v:f eqn="sum @8 21600 0"/>
  878. <v:f eqn="prod @7 21600 pixelHeight"/>
  879. <v:f eqn="sum @10 21600 0"/>
  880. </v:formulas>
  881. <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
  882. <o:lock v:ext="edit" aspectratio="t"/>
  883. </v:shapetype><v:shape id="_x0000_i1025" type="#_x0000_t75" alt=""
  884. style='width:.75pt;height:13.5pt'>
  885. <v:imagedata src="./HIS%20Security%20Article_files/image001.gif" o:href="http://www.nzhis.govt.nz/gfx/li.gif"/>
  886. </v:shape><![endif]--><![if !vml]><img SRC="image001.gif" BORDER=0 v:shapes="_x0000_i1025" height=18 width=1><![endif]><i><font color="#000000">Data
  887. availability - the data stored are preserved from damage or disorganisation,
  888. and are available to the user as and when required&nbsp;</font></i><o:p></o:p></span></li>
  889.  
  890. <li class="MsoNormal" style="mso-list:l13 level1 lfo14;tab-stops:list 36.0pt">
  891. <span
  892. lang=EN-NZ><!--[if gte vml 1]><v:shape id="_x0000_i1026" type="#_x0000_t75"
  893. alt="" style='width:.75pt;height:13.5pt'>
  894. <v:imagedata src="./HIS%20Security%20Article_files/image001.gif" o:href="http://www.nzhis.govt.nz/gfx/li.gif"/>
  895. </v:shape><![endif]--><![if !vml]><img SRC="image001.gif" BORDER=0 v:shapes="_x0000_i1026" height=18 width=1><![endif]><i><font color="#000000">Information
  896. privacy - the personal and confidential material stored is protected from
  897. access by unauthorised personnel, and is available only to those with a
  898. need to know and with the necessary privilege and authority to access it.”&nbsp;</font></i><o:p></o:p></span></li>
  899. </ol>
  900.  
  901. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  902.  
  903. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">The New Zealand
  904. security principles for health information standards for the NZ Health
  905. Intranet consist of 6 principles [<span style='color:#FF6600'>11</span>]:</font></span></div>
  906.  
  907. <ol style='margin-top:0cm' start=1 type=1>
  908. <li class="MsoNormal" style="mso-list:l19 level1 lfo15;tab-stops:list 36.0pt">
  909. <span
  910. lang=EN-NZ><font color="#000000">Confidentiality</font></span></li>
  911.  
  912. <li class="MsoNormal" style="mso-list:l19 level1 lfo15;tab-stops:list 36.0pt">
  913. <span
  914. lang=EN-NZ><font color="#000000">Integrity</font></span></li>
  915.  
  916. <li class="MsoNormal" style="mso-list:l19 level1 lfo15;tab-stops:list 36.0pt">
  917. <span
  918. lang=EN-NZ><font color="#000000">Authenticity</font></span></li>
  919.  
  920. <li class="MsoNormal" style="mso-list:l19 level1 lfo15;tab-stops:list 36.0pt">
  921. <span
  922. lang=EN-NZ><font color="#000000">Non-repudiation</font></span></li>
  923.  
  924. <li class="MsoNormal" style="mso-list:l19 level1 lfo15;tab-stops:list 36.0pt">
  925. <span
  926. lang=EN-NZ><font color="#000000">Auditing</font></span></li>
  927.  
  928. <li class="MsoNormal" style="mso-list:l19 level1 lfo15;tab-stops:list 36.0pt">
  929. <span
  930. lang=EN-NZ><font color="#000000">Accountability</font></span></li>
  931. </ol>
  932.  
  933. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  934.  
  935. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">In addition
  936. the NZ Health Information Privacy act provides the following Health Information
  937. Privacy Rules [<span
  938. style='color:#FF6600'>12</span>]:</font></span></div>
  939.  
  940. <div class="MsoNormal"><span style='font-size:11.0pt;mso-ansi-language:EN-US'><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  941.  
  942. <div class="MsoHeader" style="margin-left:36.0pt;text-indent:-18.0pt;mso-list:l5 level1 lfo16;
  943. tab-stops:list 36.0pt"><![if !supportLists]><span lang=EN-NZ><font color="#000000">1.<span
  944. style='font:7.0pt "Times New Roman"'></span></span><![endif]><span
  945. lang=EN-NZ>Purpose
  946. of collection of health information</font></span></div>
  947.  
  948. <ol style='margin-top:0cm' start=2 type=1>
  949. <li class="MsoNormal" style="mso-list:l5 level1 lfo16;tab-stops:list 36.0pt">
  950. <span
  951. lang=EN-NZ><font color="#000000">Source of health information</font></span></li>
  952.  
  953. <li class="MsoNormal" style="mso-list:l5 level1 lfo16;tab-stops:list 36.0pt">
  954. <span
  955. lang=EN-NZ><font color="#000000">Collection of health information
  956. from individual</font></span></li>
  957.  
  958. <li class="MsoNormal" style="mso-list:l5 level1 lfo16;tab-stops:list 36.0pt">
  959. <span
  960. lang=EN-NZ><font color="#000000">Manner of collection of health
  961. information</font></span></li>
  962.  
  963. <li class="MsoNormal" style="mso-list:l5 level1 lfo16;tab-stops:list 36.0pt">
  964. <span
  965. lang=EN-NZ><font color="#000000">Storage and security of health
  966. information</font></span></li>
  967.  
  968. <li class="MsoNormal" style="mso-list:l5 level1 lfo16;tab-stops:list 36.0pt">
  969. <span
  970. lang=EN-NZ><font color="#000000">Access to personal health
  971. information</font></span></li>
  972.  
  973. <li class="MsoNormal" style="mso-list:l5 level1 lfo16;tab-stops:list 36.0pt">
  974. <span
  975. lang=EN-NZ><font color="#000000">Correction of health information</font></span></li>
  976.  
  977. <li class="MsoNormal" style="mso-list:l5 level1 lfo16;tab-stops:list 36.0pt">
  978. <span
  979. lang=EN-NZ><font color="#000000">Accuracy etc of health information
  980. to be checked before use</font></span></li>
  981.  
  982. <li class="MsoNormal" style="mso-list:l5 level1 lfo16;tab-stops:list 36.0pt">
  983. <span
  984. lang=EN-NZ><font color="#000000">Retention of health information</font></span></li>
  985.  
  986. <li class="MsoNormal" style="mso-list:l5 level1 lfo16;tab-stops:list 36.0pt">
  987. <span
  988. lang=EN-NZ><font color="#000000">Limits on use of health information</font></span></li>
  989.  
  990. <li class="MsoNormal" style="mso-list:l5 level1 lfo16;tab-stops:list 36.0pt">
  991. <span
  992. lang=EN-NZ><font color="#000000">Limits on disclosure of health
  993. information</font></span></li>
  994.  
  995. <li class="MsoNormal" style="mso-list:l5 level1 lfo16;tab-stops:list 36.0pt">
  996. <span
  997. lang=EN-NZ><font color="#000000">Unique identifiers</font></span></li>
  998. </ol>
  999.  
  1000. <div class="MsoNormal"><span style='font-size:11.0pt;mso-ansi-language:EN-US'><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1001.  
  1002. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Although
  1003. all these standards are important building blocks for secure HIS and EDI
  1004. (Electronic Data Interchange) they do not establish consistent minimum-security
  1005. requirements.</font></span></div>
  1006.  
  1007. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">With the
  1008. establishment of NZ e-government some progress is made towards the implementation
  1009. of minimum standard. In the document on minimum standards for Internet
  1010. Security in the New Zealand Government the following policies and guidelines
  1011. for security management standards are set [<span style='color:red'>13</span>]:</font></span></div>
  1012.  
  1013. <ul style='margin-top:0cm' type=disc>
  1014. <li class="MsoNormal" style="mso-list:l17 level1 lfo25;tab-stops:list 36.0pt">
  1015. <span
  1016. lang=EN-NZ><i><font color="#000000">“An IS management system
  1017. following AS/NZS17799 Information Security Management (available from www.standards.co.nz
  1018. )should be employed for all systems processing Government classified (including
  1019. In-confidence) information or hosting government services.</font></i><o:p></o:p></span></li>
  1020.  
  1021. <li class="MsoNormal" style="mso-list:l17 level1 lfo25;tab-stops:list 36.0pt">
  1022. <span
  1023. lang=EN-NZ><i><font color="#000000">It security risks should
  1024. be managed following the processes in either:</font></i><o:p></o:p></span></li>
  1025. </ul>
  1026.  
  1027. <div class="MsoNormal" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l1 level2 lfo24;
  1028. tab-stops:list 72.0pt"><![if !supportLists]><span lang=EN-NZ style='mso-hansi-font-family:
  1029. "Courier New";mso-bidi-font-style:italic'><font color="#000000">-<span style='font:7.0pt "Times New Roman"'></span></span><![endif]><span lang=EN-NZ><i>NZ
  1030. Security of IT (MNSIT) Publication 104: Risk Analysis (www.gcsb.govt.nzit/index.htm)
  1031. or</i></font><o:p></o:p></span></div>
  1032.  
  1033. <div class="MsoNormal" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l1 level2 lfo24;
  1034. tab-stops:list 72.0pt"><![if !supportLists]><span lang=EN-NZ style='mso-hansi-font-family:
  1035. "Courier New";mso-bidi-font-style:italic'><font color="#000000">-<span style='font:7.0pt "Times New Roman"'></span></span><![endif]><span lang=EN-NZ><i>Standards
  1036. New Zealand AS/NZS4360: Risk Management and HB231: IT Risk Management</i></font><o:p></o:p></span></div>
  1037.  
  1038. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1039.  
  1040. <div class="MsoHeader" style="tab-stops:36.0pt"><span lang=EN-NZ><font color="#000000">The
  1041. document is still in draft form, completion and implementation might take
  1042. several years and Internet security is only one element of HIS Security
  1043. systems</font></span></div>
  1044.  
  1045. <div class="MsoHeader" style="tab-stops:36.0pt"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1046.  
  1047. <div class="MsoNormal"><span lang=EN-NZ><b><font color="#000000">There
  1048. are 5 major barriers to HIS security systems.&nbsp;</font></b><o:p></o:p></span></div>
  1049.  
  1050.  
  1051. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000"><b><i>First:</span><span
  1052. lang=EN-NZ></span><span lang=EN-NZ></i></b>The
  1053. human factor where required to operate HIS system. Any system is only as
  1054. secure as the weakest link and no system is fully secure. Staff ‘s major
  1055. concern is patient care; this in itself provides a heavy workload. Many
  1056. people think that the greatest security concern for our health information
  1057. is unauthorised on line access by “hackers”, this is possibly due to the
  1058. front page news it makes and the embarrassment it causes when a hacker
  1059. gains access.&nbsp;</font></span>
  1060.  
  1061. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000">However most
  1062. organizations largest concern is internal, <i>“an angry employee or a simple
  1063. mistake is much more likely to occur than an outside hack and is tremendously
  1064. harder to stop”</i> [<span
  1065. style='color:#FF6600'>14</span>], lack of compliance
  1066. with security policies due to other work pressures and /or lack of understanding
  1067. and education would be the next largest concern.</font></span>
  1068.  
  1069. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000"><b><i>Second:</span><span
  1070. lang=EN-NZ></i></b>
  1071. There is a lack of global HIS security standards and there is no minimum-security
  1072. requirement that could be reflected in consistent policies and procedures
  1073. throughout the health care industry.</font></span>
  1074.  
  1075. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000"><b><i>Third:&nbsp;</span><span
  1076. lang=EN-NZ></i></b>The
  1077. accelerating speed of development of new technology. Technology is developing
  1078. fast than the tool to secure the HIS. This is an ongoing concern that will
  1079. continue to exist. There are a number of countermeasures available to protect
  1080. the HIS. The NZHIS security publications describes that some of these measures
  1081. include [<span style='color:#FF6600'>15</span>]:</font></span>
  1082. <ol style='margin-top:0cm' start=1 type=1>
  1083. <li class="MsoNormal" style="mso-list:l26 level1 lfo17;tab-stops:list 36.0pt">
  1084. <span
  1085. lang=EN-NZ><font color="#000000">Access control (comprising
  1086. up to 3 parts: Something you know, something you have, something unique
  1087. to you)</font></span></li>
  1088.  
  1089. <li class="MsoNormal" style="mso-list:l26 level1 lfo17;tab-stops:list 36.0pt">
  1090. <span
  1091. lang=EN-NZ><font color="#000000">Transaction logs and audit
  1092. trails (for system and file access)</font></span></li>
  1093.  
  1094. <li class="MsoNormal" style="mso-list:l26 level1 lfo17;tab-stops:list 36.0pt">
  1095. <span
  1096. lang=EN-NZ><font color="#000000">Encryption (of the electronic
  1097. health information prior to transfer)</font></span></li>
  1098.  
  1099. <li class="MsoNormal" style="mso-list:l26 level1 lfo17;tab-stops:list 36.0pt">
  1100. <span
  1101. lang=EN-NZ><font color="#000000">Archiving (relating to the
  1102. ease of access, off-line storage and destroying of data)</font></span></li>
  1103.  
  1104. <li class="MsoNormal" style="mso-list:l26 level1 lfo17;tab-stops:list 36.0pt">
  1105. <span
  1106. lang=EN-NZ><font color="#000000">Virus protection and software
  1107. fitness (appropriate software for it’s use)</font></span></li>
  1108.  
  1109. <li class="MsoNormal" style="mso-list:l26 level1 lfo17;tab-stops:list 36.0pt">
  1110. <span
  1111. lang=EN-NZ><font color="#000000">Informed users (who understand
  1112. the follow the security policies)</font></span></li>
  1113. </ol>
  1114.  
  1115. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000"><b><i>Fourth:</span><span
  1116. lang=EN-NZ></i></b>
  1117. The cost factor, good security systems are usually expensive to implement
  1118. and there is no tangible evidence that they are effective. Most countries
  1119. have problems stretching the health dollar to meet requirements. HIS security
  1120. does not appear on the priority list.</font></span></div>
  1121.  
  1122. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000"><b><i>Fifth:</span><span
  1123. lang=EN-NZ></i></b>
  1124. Education, security education is not a common part of the HIS operators
  1125. training.</font></span></div>
  1126.  
  1127. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Security
  1128. is often viewed as an issue the IT department needs to solve and not as
  1129. a common problem.</font></span></div>
  1130.  
  1131. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1132.  
  1133. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">To allow
  1134. different health service software applications to communicate with each
  1135. other, Health Level 7 (HL7) protocol was developed as a standard for health
  1136. networks this has been adopted by New Zealand. The HL7 protocol managers
  1137. have appointed a group that will focus on secure transactions and Internet
  1138. security<i>. “The group will focus on the use of HL7 in communications
  1139. environments where there is a need for authentication, encryption, non-repudiation,
  1140. and digital signature. This group will focus on mechanisms for secure HL7
  1141. transactions and not on standardizing security policies.”</i> [<span style='color:#FF6600'>16</span>].</font></span></div>
  1142.  
  1143. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">It is concerning
  1144. that HL7, which is considered the most advanced and widely adopted data
  1145. transfer protocol is still developing their security mechanisms.</font></span></div>
  1146.  
  1147.  
  1148. <p class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span>
  1149.  
  1150. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000">To establish
  1151. the degree of risk encountered by individuals and/or the health industry
  1152. is difficult<i>. “The Internet is unlike anything humankind has ever experienced.
  1153. It has no borders, no nationality, few rules, and is restricted only by
  1154. the creativity of its users. As such, it defies many traditional roles
  1155. of government and rules of order. This openness is its greatest strength
  1156. and also its most defining weakness.</i>”[<span
  1157. style='color:red'>17</span>].
  1158. There is a multitude of factors which impact on the degree of risk and
  1159. the Internet is only one aspect of these. Some other aspects are Access,
  1160. System integrity, Date integrity and availability and Confidentiality/Privacy.
  1161. It would be an impossible task to eliminate all the risks, paper based
  1162. HIS have incurred a degree of risk as well. It is beneficial to minimise
  1163. these risks factors because the cost both social and financial can be high.&nbsp;</font></span>
  1164.  
  1165. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000">For example
  1166. if a person’s health information would be available to insurances or employers,
  1167. certain privileges might be denied (justified or not), or a disgruntled
  1168. employee could destroy valuable databases and compromise treatments and/or
  1169. New Zealand health providers could be held liable under the Health Information
  1170. Privacy Act and incur hefty fines.</font></span>
  1171.  
  1172. <p class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span>
  1173. <h1 style="mso-layout-grid-align:auto;text-autospace:ideograph-numeric ideograph-other">
  1174. <span
  1175. lang=EN-NZ><font color="#000000">HIS security survey in the Residential
  1176. Care Industry</font></span></h1>
  1177.  
  1178. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">See Appendix
  1179. one for Survey questions</font></span></div>
  1180.  
  1181. <div class="MsoNormal"><span style='mso-ansi-language:EN-US'><font color="#000000">There
  1182. is a difference in nature between the residential care industry (long term
  1183. care) and other health information systems (more acute). In the acute setting
  1184. there is a much higher need for online patient information transfer and
  1185. due to this the protocols are more advanced using Health Level 7 compatible
  1186. programs policies and procedures. Although it would be beneficial, the
  1187. residential care industry in general is not connected to the NZ Health
  1188. Intranet and electronic transfer of patient information is rather the exception
  1189. than the norm.&nbsp;</font><o:p></o:p></span></div>
  1190.  
  1191. <div class="MsoNormal"><span style='mso-ansi-language:EN-US'><font color="#000000">To
  1192. ascertain to what level minimum-security requirements in the residential
  1193. care industry are met,&nbsp;</span><span
  1194. lang=EN-NZ>questions were compiled
  1195. from security principles illustrated in the book Protect Yourself on Line
  1196. [<span style='color:red'>18</span>] and NZ Government Security Publications
  1197. [<span style='color:red'>19</span>]&nbsp;</font></span><span
  1198. style='mso-ansi-language:EN-US'><o:p></o:p></span></div>
  1199.  
  1200. <div class="MsoNormal"><span style='mso-ansi-language:EN-US'><font color="#000000">The
  1201. questionnaire was structured around the following security areas:</font><o:p></o:p></span></div>
  1202.  
  1203. <ol style='margin-top:0cm' start=1 type=1>
  1204. <li class="MsoNormal" style="mso-list:l21 level1 lfo18;tab-stops:list 36.0pt">
  1205. <span
  1206. lang=EN-NZ><font color="#000000">Virus screeners.</font></span></li>
  1207.  
  1208. <li class="MsoNormal" style="mso-list:l21 level1 lfo18;tab-stops:list 36.0pt">
  1209. <span
  1210. lang=EN-NZ><font color="#000000">Computer access</font></span></li>
  1211.  
  1212. <li class="MsoNormal" style="mso-list:l21 level1 lfo18;tab-stops:list 36.0pt">
  1213. <span
  1214. lang=EN-NZ><font color="#000000">Backup</font></span></li>
  1215.  
  1216. <li class="MsoNormal" style="mso-list:l21 level1 lfo18;tab-stops:list 36.0pt">
  1217. <span
  1218. lang=EN-NZ><font color="#000000">Encryption</font></span></li>
  1219.  
  1220. <li class="MsoNormal" style="mso-list:l21 level1 lfo18;tab-stops:list 36.0pt">
  1221. <span
  1222. lang=EN-NZ><font color="#000000">Audit trails</font></span></li>
  1223.  
  1224. <li class="MsoNormal" style="mso-list:l21 level1 lfo18;tab-stops:list 36.0pt">
  1225. <span
  1226. lang=EN-NZ><font color="#000000">Education</font></span></li>
  1227. </ol>
  1228.  
  1229. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1230.  
  1231. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Structure
  1232. of the 31 questions:</font></span></div>
  1233.  
  1234. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">First question
  1235. was to establish if staff was eligible to take part in the survey, to reduce
  1236. redundant data. Staff who were not eligible because they did not use computerised
  1237. HIS, were asked to complete demographic data only.18 of the questions had
  1238. yes/no, or yes/no/don’t know answers and there were 8 other security questions.
  1239. The survey finished with 4 demographic questions, which would establish
  1240. the occupation, gender, age group and length of employment.</font></span></div>
  1241.  
  1242. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">If the majority
  1243. 95% (to allow a 5% margin of error) of the questions 2.1 to 7.3 were answered
  1244. correctly the residential care provider would be considered to meet the
  1245. minimum-security requirements for HIS.&nbsp;</font></span></div>
  1246.  
  1247. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">The mean
  1248. of the yes/no/(don’t know) provides and indication of compliance with minimum-security
  1249. requirements. If the survey mean is high, compliance is high because the
  1250. population answers comply with the preferred answers (see Table 1).</font></span></div>
  1251. <b><font color="#000000">Table1 Preferred answers (Table1.jpeg)</font></b>
  1252. <br>&nbsp;
  1253. <h3>
  1254. <span lang=EN-NZ><font color="#000000">Results</font></span></h3>
  1255.  
  1256. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">The survey
  1257. was designed in Infopoll Designer [<span style='color:red'>20</span>] and
  1258. transferred to a MSWord format to make this suitable for a mail out and
  1259. targeted to Registered Nurses (RN), Administrators and Managers. After
  1260. approval was obtained from the general manager, 48 Questionnaires were
  1261. distributed by mail and there was a 58% return rate.&nbsp;</font></span></div>
  1262.  
  1263. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">82 % of the
  1264. returned surveys were staff that used health information systems. 18% of
  1265. this category of staff did not. It is difficult to establish if this is
  1266. a true reflection of the total population of staff. There might be bias
  1267. in the fact that staff that do not use HIS are less likely to return the
  1268. research survey. This 18 % was made up of 1 RN and 4 managers.</font></span></div>
  1269.  
  1270. <div class="MsoHeader" style="tab-stops:36.0pt"><span lang=EN-NZ><font color="#000000">The
  1271. acceptable mean would be around 95&nbsp;</font></span></div>
  1272.  
  1273. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">The survey
  1274. mean was 41.95, with a standard deviation of 28.76. This means that the
  1275. majority of preferred answers are within 28.76 around the mean. The standard
  1276. error is 6.13 with a 95 % confidence level.</font></span></div>
  1277.  
  1278. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">I am unable
  1279. to compare statistics in regard to compliance with minimum-security standards
  1280. in the NZ health industry because they do not exist. There is only advisory
  1281. material available which does not give a minimum standard.&nbsp;</font></span></div>
  1282.  
  1283. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">100% of the
  1284. HIS computers was found to be equipped with a virus screener. There appears
  1285. to be uncertainty about who is responsible to update the virus screener,
  1286. 35 % of the surveyed population said they were not responsible and 26 %
  1287. didn’t know.&nbsp;</font></span></div>
  1288.  
  1289.  
  1290. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000">17% of the
  1291. population updated and scanned their HIS computer fortnightly which is
  1292. considered insufficient, due to the increasing speed of new viruses being
  1293. developed, a minimum of a weekly update and scan is advisable. In addition
  1294. to this 26% is not aware if the virus screener is set on automatic screening
  1295. of all incoming information.</font></span>
  1296.  
  1297. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000">Control of
  1298. access to the HIS computer is an essential part of minimum-security standards.</font></span>
  1299.  
  1300. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000">The survey
  1301. results show that 78 % of the surveyed population share HIS computers with
  1302. other staff, 70% share passwords and 48% know passwords of other staff.
  1303. 52% of the computers carry only one password to access the computers and
  1304. 35% carry no password. The majority of passwords are relatively uncomplicated
  1305. (57% consists of letters only and 17% is made up of letters and numbers).
  1306. This makes unauthorised access easy, in addition there are no audit trails
  1307. and 57% of the staff use networked computers. This places the system at
  1308. high risk of undetected unauthorised computer and network access.&nbsp;</font></span>
  1309.  
  1310. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000">The risk of
  1311. unauthorised access is increased; only 30% of the survey results indicate
  1312. that the computers carry a screen saver password.&nbsp;</font></span>
  1313.  
  1314. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000">For the computers
  1315. who do carry passwords access is at risk. Access via an administrator’s
  1316. password is minimal (only 22%) in addition, only 26% of the passwords are
  1317. stored in a safe or comparable safe storage.</font></span>
  1318.  
  1319. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000">Protection
  1320. of what is considered sensitive information is severely challenged, only
  1321. 48% is password protected and only 4% of the files are encrypted or password
  1322. protected when Emailed, digital signatures are not used which make authentication
  1323. of the sender impossible and interception easy.</font></span>
  1324.  
  1325. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000">78% of the
  1326. surveyed staff backup their HIS computer, unfortunately 17 % does this
  1327. less than fortnightly. This equates to only 61% of the surveyed staff correctly
  1328. backup their HIS information, therefore the risk of information loss is
  1329. potentially high. A preset cyclical backup would be the preferred backup
  1330. method.</font></span>
  1331.  
  1332. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000">52% of the
  1333. survey population has received education in regard to computer security,
  1334. but the level and the type of education is not known.</font></span>
  1335.  
  1336. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000">There were
  1337. no obvious correlations between the demographic and the other survey data</font></span>
  1338.  
  1339. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000">In using the
  1340. preferred answers the overall mean of the survey is 41.9%. This translates
  1341. in 41.9% of the survey population returning the preferred answer. To maintain
  1342. an acceptable minimum-security standard this figure should be 95% (this
  1343. allows for a 5% margin of confidence), in all the surveyed areas (see Tables
  1344. 2 -10.).</font></span>
  1345. <p><b><font color="#000000">Tables 2-10. Survey Statistics and Graphs (Table1.jpeg
  1346. to Table10.jpeg)</font></b>
  1347. <h3>
  1348. <span lang=EN-NZ><font color="#000000">Discussion</font></span></h3>
  1349.  
  1350. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Security
  1351. of HIS is a complex concept and an area of concern to the consumer, the
  1352. health care providers / companies and the New Zealand Government.</font></span></div>
  1353.  
  1354. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">The security
  1355. components of the NZ HIS are&nbsp;</span><span
  1356. style='mso-ansi-language:EN-US'>disjointed,
  1357. most parts are available but I have been unable to find evidence that these
  1358. components have been combined in a minimum- security standard. This would
  1359. ensure some consistency in HIS security throughout the NZ Health Industry.
  1360. Currently the NZHIS security consists of:</font><o:p></o:p></span></div>
  1361.  
  1362. <ol style='margin-top:0cm' start=1 type=1>
  1363. <li class="MsoNormal" style="mso-list:l11 level1 lfo19;tab-stops:list 36.0pt">
  1364. <span
  1365. style='mso-ansi-language:EN-US'><font color="#000000">Health
  1366. Information Privacy act 1994, in particular rule 5-9. Endorsable by the
  1367. New Zealand Privacy and Health and Disability Commissioner</font><o:p></o:p></span></li>
  1368.  
  1369. <li class="MsoNormal" style="mso-list:l11 level1 lfo19;tab-stops:list 36.0pt">
  1370. <span
  1371. style='mso-ansi-language:EN-US'><font color="#000000">NZ Health
  1372. Intranet Security Standards</font><o:p></o:p></span></li>
  1373.  
  1374. <li class="MsoNormal" style="mso-list:l11 level1 lfo19;tab-stops:list 36.0pt">
  1375. <span
  1376. style='mso-ansi-language:EN-US'><font color="#000000">HL7 Standards</font><o:p></o:p></span></li>
  1377.  
  1378. <li class="MsoNormal" style="mso-list:l11 level1 lfo19;tab-stops:list 36.0pt">
  1379. <span
  1380. style='mso-ansi-language:EN-US'><font color="#000000">Individual
  1381. Health providers HIS Security policies and procedures</font><o:p></o:p></span></li>
  1382. </ol>
  1383.  
  1384. <div class="MsoHeader" style="tab-stops:36.0pt"><span style='mso-ansi-language:
  1385. EN-US'><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1386.  
  1387. <div class="MsoNormal"><span style='mso-ansi-language:EN-US'><font color="#000000">NZHIS
  1388. Security standards have incorporated both the British and the American
  1389. standards.</font><o:p></o:p></span></div>
  1390.  
  1391. <div class="MsoNormal"><span style='mso-ansi-language:EN-US'><font color="#000000">The
  1392. residential care industry is no exception in the apparent lack of minimum-security
  1393. standards for HIS.</font><o:p></o:p></span></div>
  1394.  
  1395. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000"><i>“Fundamental
  1396. to any attempt to secure an information system is that the users are aware
  1397. of and follow appropriate routines and procedures. It will remain beyond
  1398. the realms of practical reality to develop preventive strategies that make
  1399. it impossible for user to breach security, and it is the authorised users
  1400. of the system who are generally the weakest link in the security system”</span><span lang=EN-NZ></i>[<span
  1401. style='color:#FF6600'>21</span>]
  1402. Some <i>“clinical users consider computerisation offers significant advantages
  1403. in terms of security and confidentiality. Provided security systems are
  1404. activated and used properly, computerised notes are more secure than paper
  1405. notes; likewise e-mail is more secure than for example hard copy facsimiles.
  1406. Most practices were careful about this issue, but in others the attitude
  1407. to security was more ‘loose’, with clerical staff not only accessing the
  1408. notes, but being responsible for writing the patient summaries”</i>[<span style='color:#FF6600'>22</span>].</font></span></div>
  1409.  
  1410. <div class="MsoNormal"><span lang=EN-NZ><font color="#000000">It is surprising
  1411. to find that minimum-security requirements have not been established in
  1412. New Zealand and available security standards are open to interpretation
  1413. of its users. This potentially creates concerns for the security of the
  1414. entire New Zealand HIS. <i>“A health-data technical security policy should
  1415. be adopted by each Health Care Establishment site”</i>[<span style='color:red'>23</span>]</font></span></div>
  1416.  
  1417. <div class="MsoNormal"><span style='mso-ansi-language:EN-US'><font color="#000000">Most
  1418. literature refers to generalized security principles that users should
  1419. adhere to, but minimum-security standards either national or international
  1420. are not available.&nbsp;</font><o:p></o:p></span></div>
  1421.  
  1422.  
  1423. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000">For best practice
  1424. purposes Standards New Zealand has released the security management standard
  1425. AS/NZS ISO/ICE 17799:2001 Information Technology – Code of practice for
  1426. information security management, there is no evidence that this document
  1427. has been adopted and implemented by the New Zealand Health service.&nbsp;</font></span><span style='mso-ansi-language:EN-US'><o:p></o:p></span>
  1428.  
  1429. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000"><i>“The bad
  1430. news is that even basic security measures are new to the health care industry,
  1431. generally considered to be 10 to 15 years behind other industries with
  1432. regard to security”</span><span
  1433. lang=EN-NZ></i>[<span style='color:#FF6600'>24</span>].</font></span>
  1434.  
  1435. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000">Minimum-security
  1436. requirements establish an important basis for consistency in developing
  1437. health companies HIS security policies and procedures. There are still
  1438. grave concerns. The NZ West Coast District Health Board identified in their
  1439. Board report in September 2001 that in the area of E-security there was
  1440. <i>Lack of policy/standards, no official policy, however good attention
  1441. to security within Information group compensates to a large degree”</i>.
  1442. [<span style='color:red'>25</span>]</font></span>
  1443.  
  1444. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000">Continuation
  1445. of inconsistency in security policies and procedures jeopardises the quality
  1446. of patient care, and increases risk of litigation for health professionals
  1447. and organizations. The minimum-security requirements in the NZ residential
  1448. care industry are severely compromised and the risk of security breaches
  1449. and data loss is high.</font></span>
  1450.  
  1451. <p class="MsoNormal"><span style='mso-ansi-language:EN-US'><font color="#000000">The
  1452. outcome of the HIS security survey&nbsp;</span><span lang=EN-NZ>concludes
  1453. that minimum-security requirements in this residential care organization
  1454. are severely compromised and the risk of security breaches and data loss
  1455. is high. This potentially threatens the HIS and the safety of the residents.
  1456. The degree of risk encountered by the health company is high, this does
  1457. not reflect in risk for the NZ Health Intranet because the Residential
  1458. Care Provider is not connected.</font></span>
  1459.  
  1460. <p class="MsoNormal"><span lang=EN-NZ><font color="#000000">The sample
  1461. size if large enough to conclude that this is a fair representation of
  1462. the entire industry. We need to take in account that the sample originates
  1463. from one company only and is not cross-sectional for the residential care
  1464. industry. This has the potential to create bias due to the culture of the
  1465. organization surveyed.</font></span>
  1466. <br><span lang=EN-NZ style='font-size:13.0pt;font-family:Arial;mso-fareast-font-family:
  1467. "Times New Roman";mso-ansi-language:EN-NZ;mso-fareast-language:EN-US;
  1468. mso-bidi-language:AR-SA'>
  1469. <br></span>
  1470. <h3>
  1471. <a NAME="_References"></a><span lang=EN-NZ><font color="#000000">Acknowledgements</font></span></h3>
  1472.  
  1473. <h3>
  1474. <span lang=EN-NZ style='font-size:12.0pt;font-family:"Times New Roman";
  1475. font-weight:normal'><font color="#000000">The
  1476. authors would like to acknowledge the support and encouragement from the
  1477. Otago University Post-Graduate Diploma in Health Informatics tutors. The
  1478. support, co-operation and time dedicated by the General manager Elderly
  1479. Care and staff of the Residential Care Provider that was surveyed. There
  1480. was no funding sourced for this article.</font><o:p></o:p></span></h3>
  1481.  
  1482. <h3>
  1483. <span lang=EN-NZ style='font-size:12.0pt;font-family:"Times New Roman";
  1484. font-weight:normal'><![if !supportEmptyParas]><font color="#000000">&nbsp;</font><![endif]><o:p></o:p></span></h3>
  1485.  
  1486. <h3>
  1487. <font color="#000000">Conflict of Interest</font></h3>
  1488.  
  1489. <div class="MsoNormal"><font color="#000000">Possible conflict of interest
  1490. is that one author is the Manager, Reevedon Elderly Care Complex.</font></div>
  1491.  
  1492. <div class="MsoNormal"><b><font color="#000000"><font size=+1></font></font></b>&nbsp;
  1493. <br><b><font color="#000000"><font size=+1>Appendix 1</font></font></b></div>
  1494. <font color="#000000">Health Information Systems Security Survey 2002 (Appendix1.htm)</font>
  1495. <br>&nbsp;
  1496.  
  1497. <p class="MsoNormal"><b><font color="#000000"><font size=+1>References</font></font></b>
  1498.  
  1499. <p class="MsoHeader" style="tab-stops:36.0pt"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span>
  1500.  
  1501. <p class="MsoNormal" style="margin-left:18.0pt"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span>
  1502. <ol style='margin-top:0cm' start=1 type=1>
  1503. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1504. <span
  1505. lang=EN-NZ><font color="#000000">Gostin LO, Turek-Brezina J,
  1506. Powers M. Privacy and Security of Personal Information in a New Health
  1507. Care System. JAMA 1993 Nov; 270(20):2487-93 [<a href="http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?cmd=Retrieve&db=PubMed&list_uids=8192748&dopt=Abstract">Medline</a>]</font></span></li>
  1508. </ol>
  1509.  
  1510. <div class="MsoNormal" style="margin-left:18.0pt"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1511.  
  1512. <ol style='margin-top:0cm' start=2 type=1>
  1513. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1514. <span
  1515. lang=EN-NZ><font color="#000000">Gostin LO, Turek-Brezina J,
  1516. Powers M. Privacy and Security of Personal Information in a New Health
  1517. Care System. JAMA 1993 Nov; 270(20):2487-93 [<a href="http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?cmd=Retrieve&db=PubMed&list_uids=8192748&dopt=Abstract">Medline</a>]</font></span></li>
  1518. </ol>
  1519.  
  1520. <div class="MsoHeader" style="tab-stops:36.0pt"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1521.  
  1522. <ol style='margin-top:0cm' start=3 type=1>
  1523. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1524. <span
  1525. lang=EN-NZ><font color="#000000">Danda M. Protect Yourself
  1526. On Line. Washington: Microsoft Press; 2001. p. xvii</font></span></li>
  1527. </ol>
  1528.  
  1529. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1530.  
  1531. <ol style='margin-top:0cm' start=4 type=1>
  1532. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1533. <span
  1534. lang=EN-NZ><font color="#000000">Szekely D, Milam S, Khademi
  1535. J. (1996). Legal Issues of the Electronic Dental Record: Security and Confidentiality.
  1536. J Dent Educ, 1996 Jan: 60(1):19-23.[<a href="http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?cmd=Retrieve&db=PubMed&list_uids=8594098&dopt=Abstract">Medline</a>]</font></span></li>
  1537. </ol>
  1538.  
  1539. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1540.  
  1541. <ol style='margin-top:0cm' start=5 type=1>
  1542. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1543. <span
  1544. lang=EN-NZ><font color="#000000">NZ.Government. (1995, 02-07-97).
  1545. Information Systems Security and Data Protection. URL:&nbsp;<!--[if gte vml 1]><v:shape id="_x0000_i1027"
  1546. type="#_x0000_t75" alt="Linkout" style='width:13.5pt;height:11.25pt'>
  1547. <v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
  1548. </v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1027" height=15 width=18><![endif]><span
  1549. style="mso-spacerun: yes">&nbsp;</span><u><a href="http://www.nzhis.govt.nz/publications/Security.html">http://www.nzhis.govt.nz/publications/Security.html</a></u>
  1550. [accessed 2002 Mar 27]</font></span><span style='font-family:Arial;mso-ansi-language:
  1551. EN-US'><o:p></o:p></span></li>
  1552. </ol>
  1553.  
  1554. <div class="MsoNormal"><span style='font-family:Arial;mso-ansi-language:EN-US'><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1555.  
  1556. <ol style='margin-top:0cm' start=6 type=1>
  1557. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1558. <span
  1559. lang=EN-NZ><font color="#000000">Rodsjo S. Hack Attack. Healthc
  1560. Inform [Serial online] 2001 Jan [cited 2002 Mar 27];18(1):37-40, 42, 44
  1561. URL:&nbsp;<!--[if gte vml 1]><v:shape
  1562. id="_x0000_i1028" type="#_x0000_t75" alt="Linkout" style='width:13.5pt;
  1563. height:11.25pt'>
  1564. <v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
  1565. </v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1028" height=15 width=18><![endif]><span
  1566. style="mso-spacerun: yes">&nbsp;</span><span class=MsoHyperlink><u><a href="http://www.healthcare-information.com/issues/2001/01_01/rodsjo.htm">http://www.healthcare-information.com/issues/2001/01_01/rodsjo.htm</span></a></u>
  1567. [<a href="http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?cmd=Retrieve&db=PubMed&list_uids=11211424&dopt=Abstract">Medline</a>]</font></span></li>
  1568. </ol>
  1569.  
  1570. <div class="MsoNormal" style="margin-left:18.0pt"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1571.  
  1572. <ol style='margin-top:0cm' start=7 type=1>
  1573. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1574. <span
  1575. lang=EN-NZ><font color="#000000">Tabar P. A Security Strategy:
  1576. possibly the biggest task on the healthcare's to-do list. Healthc Inform.
  1577. [Serial online]<span
  1578. style="mso-spacerun: yes">&nbsp;</span>2001
  1579. [cited 2002 Mar 27]; Feb;18(2):46, 48. URL:&nbsp;<!--[if gte vml 1]><v:shape id="_x0000_i1029" type="#_x0000_t75"
  1580. alt="Linkout" style='width:13.5pt;height:11.25pt'>
  1581. <v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
  1582. </v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1029" height=15 width=18><![endif]><span
  1583. style="mso-spacerun: yes">&nbsp;</span><u><a href="http://www.healthcare-information.com/issues/2001/02_01/cover.htm#security">http://www.healthcare-information.com/issues/2001/02_01/cover.htm#security</a></u>
  1584. [<a href="http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?cmd=Retrieve&db=PubMed&list_uids=11225064&dopt=Abstract">Medline</a>]</font></span></li>
  1585. </ol>
  1586.  
  1587. <div class="MsoNormal" style="margin-left:18.0pt"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1588.  
  1589. <ol style='margin-top:0cm' start=8 type=1>
  1590. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1591. <span
  1592. lang=EN-NZ><font color="#000000">Anderson RJ. Security in Clinical
  1593. Information Systems. Cambridge: University of Cambridge: 1996</font></span></li>
  1594. </ol>
  1595.  
  1596. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1597.  
  1598. <ol style='margin-top:0cm' start=9 type=1>
  1599. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1600. <span
  1601. lang=EN-NZ><font color="#000000">Hodge J, Jr, Gostin LO, Jacobson
  1602. PD. Legal issues Concerning Electronic Health Information. JAMA, 1999 Oct
  1603. 20; 282(15):1466-71.[<a href="http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?cmd=Retrieve&db=PubMed&list_uids=10535438&dopt=Abstract">Medline</a>]</font></span></li>
  1604. </ol>
  1605.  
  1606. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1607.  
  1608. <ol style='margin-top:0cm' start=10 type=1>
  1609. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1610. <span
  1611. lang=EN-NZ><font color="#000000">NZ.Government. Information
  1612. Systems Security and Data Protection. URL:&nbsp;<!--[if gte vml 1]><v:shape id="_x0000_i1030" type="#_x0000_t75"
  1613. alt="Linkout" style='width:13.5pt;height:11.25pt'>
  1614. <v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
  1615. </v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1030" height=15 width=18><![endif]><span
  1616. style="mso-spacerun: yes">&nbsp;</span><u><a href="http://www.nzhis.govt.nz/publications/Security.html">http://www.nzhis.govt.nz/publications/Security.html</a></u>[accessed
  1617. 2002 Mar 27]</font></span><span style='font-family:Arial;
  1618. mso-ansi-language:EN-US'><o:p></o:p></span></li>
  1619. </ol>
  1620.  
  1621. <div class="MsoNormal"><span style='font-family:Arial;mso-ansi-language:EN-US'><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1622.  
  1623. <ol style='margin-top:0cm' start=11 type=1>
  1624. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1625. <span
  1626. lang=EN-NZ><font color="#000000">NZ.Government. Standards (Health
  1627. Intranet) URL:&nbsp;<!--[if gte vml 1]><v:shape
  1628. id="_x0000_i1031" type="#_x0000_t75" alt="Linkout" style='width:13.5pt;
  1629. height:11.25pt'>
  1630. <v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
  1631. </v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1031" height=15 width=18><![endif]><span
  1632. style="mso-spacerun: yes">&nbsp;</span><u><a href="http://www.nzhis.govt.nz/intranet/standards.html">http://www.nzhis.govt.nz/intranet/standards.html</a></u>
  1633. [accessed 2002 Mar 27]</font></span></li>
  1634. </ol>
  1635.  
  1636. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1637.  
  1638. <ol style='margin-top:0cm' start=12 type=1>
  1639. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1640. <span
  1641. lang=EN-NZ><font color="#000000">NZ.Government. Health Information
  1642. Privacy code 1994. Office of the NZ Privacy Commissioner. URL:&nbsp;<!--[if gte vml 1]><v:shape id="_x0000_i1032"
  1643. type="#_x0000_t75" alt="Linkout" style='width:13.5pt;height:11.25pt'>
  1644. <v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
  1645. </v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1032" height=15 width=18><![endif]><span
  1646. style="mso-spacerun: yes">&nbsp;</span><u><a href="http://www.privacy.org.nz/comply/HIPCWWW.pdf">http://www.privacy.org.nz/comply/HIPCWWW.pdf</a></u>
  1647. [accessed 2002 Mar 27]</font></span></li>
  1648. </ol>
  1649.  
  1650. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1651.  
  1652. <ol style='margin-top:0cm' start=13 type=1>
  1653. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1654. <span
  1655. lang=EN-NZ><font color="#000000">NZ.Government. Minimum Standards
  1656. for Internet Security in the New Zealand Government URL:&nbsp;<!--[if gte vml 1]><v:shape id="_x0000_i1033"
  1657. type="#_x0000_t75" alt="Linkout" style='width:13.5pt;height:11.25pt'>
  1658. <v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
  1659. </v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1033" height=15 width=18><![endif]><span
  1660. style="mso-spacerun: yes">&nbsp;</span><u><a href="http://www.e-government.govt.nz/docs/iss-draft/iss-draft.pdf">http://www.e-government.govt.nz/docs/iss-draft/iss-draft.pdf</a></u>[accessed
  1661. 21-6, 2002]</font></span></li>
  1662. </ol>
  1663.  
  1664. <div class="MsoNormal" style="margin-left:18.0pt"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1665.  
  1666. <ol style='margin-top:0cm' start=14 type=1>
  1667. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1668. <span
  1669. lang=EN-NZ><font color="#000000">Rodsjo S. Hack Attack. Healthc
  1670. Inform [Serial online] 2001 Jan [cited 2002 Mar 27];18(1):37-40, 42, 44
  1671. URL:&nbsp;<!--[if gte vml 1]><v:shape
  1672. id="_x0000_i1034" type="#_x0000_t75" alt="Linkout" style='width:13.5pt;
  1673. height:11.25pt'>
  1674. <v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
  1675. </v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1034" height=15 width=18><![endif]><span
  1676. style="mso-spacerun: yes">&nbsp;</span><span class=MsoHyperlink><u><a href="http://www.healthcare-information.com/issues/2001/01_01/rodsjo.htm">http://www.healthcare-information.com/issues/2001/01_01/rodsjo.htm</span></a></u>
  1677. [<a href="http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?cmd=Retrieve&db=PubMed&list_uids=11211424&dopt=Abstract">Medline</a>]</font></span></li>
  1678. </ol>
  1679.  
  1680. <div class="MsoNormal" style="margin-left:18.0pt"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1681.  
  1682. <div class="MsoNormal"><span style='font-family:Arial;mso-ansi-language:EN-US'><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1683.  
  1684. <ol style='margin-top:0cm' start=15 type=1>
  1685. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1686. <span
  1687. lang=EN-NZ><font color="#000000">NZ.Government. Information
  1688. Systems Security and Data Protection URL:&nbsp;<!--[if gte vml 1]><v:shape id="_x0000_i1035" type="#_x0000_t75"
  1689. alt="Linkout" style='width:13.5pt;height:11.25pt'>
  1690. <v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
  1691. </v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1035" height=15 width=18><![endif]><span
  1692. style="mso-spacerun: yes">&nbsp;</span><u><a href="http://www.nzhis.govt.nz/publications/Security.html">http://www.nzhis.govt.nz/publications/Security.html</a></u>
  1693. [accessed 2002 Mar 27]</font></span><span style='font-family:Arial;mso-ansi-language:
  1694. EN-US'><o:p></o:p></span></li>
  1695. </ol>
  1696.  
  1697. <div class="MsoHeader" style="tab-stops:36.0pt"><span style='font-family:Arial;
  1698. mso-ansi-language:EN-US'><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1699.  
  1700. <ol style='margin-top:0cm' start=16 type=1>
  1701. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1702. <span
  1703. lang=EN-NZ><font color="#000000">Unknown. Health Level Seven
  1704. Southern Africa. URL:&nbsp;<!--[if gte vml 1]><v:shape
  1705. id="_x0000_i1036" type="#_x0000_t75" alt="Linkout" style='width:13.5pt;
  1706. height:11.25pt'>
  1707. <v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
  1708. </v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1036" height=15 width=18><![endif]><span
  1709. style="mso-spacerun: yes">&nbsp;</span><u><a href="http://www.hl7.org.za/HealthLevelSevenGuide1.htm">http://www.hl7.org.za/HealthLevelSevenGuide1.htm</a></u>
  1710. [accessed 2002 Apr 16]</font></span></li>
  1711. </ol>
  1712.  
  1713. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1714.  
  1715. <ol style='margin-top:0cm' start=17 type=1>
  1716. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1717. <span
  1718. lang=EN-NZ><font color="#000000">Danda M. Protect Yourself
  1719. On Line. Washington: Microsoft Press; 2001. p 8</font></span><span style='font-family:Arial;mso-ansi-language:EN-US'><o:p></o:p></span></li>
  1720. </ol>
  1721.  
  1722. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1723.  
  1724. <ol style='margin-top:0cm' start=18 type=1>
  1725. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1726. <span
  1727. lang=EN-NZ><font color="#000000">Danda M. Protect Yourself
  1728. On Line. Washington: Microsoft Press; 2001</font></span></li>
  1729. </ol>
  1730.  
  1731. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1732.  
  1733. <ol style='margin-top:0cm' start=19 type=1>
  1734. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1735. <span
  1736. lang=EN-NZ><font color="#000000">NZ.Government. Information
  1737. Systems Security and Data Protection. URL:&nbsp;<!--[if gte vml 1]><v:shape id="_x0000_i1037" type="#_x0000_t75"
  1738. alt="Linkout" style='width:13.5pt;height:11.25pt'>
  1739. <v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
  1740. </v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1037" height=15 width=18><![endif]><span
  1741. style="mso-spacerun: yes">&nbsp;</span><u><a href="http://www.nzhis.govt.nz/publications/Security.html">http://www.nzhis.govt.nz/publications/Security.html</a></u>
  1742. [accessed 2002 Mar 27]</font></span></li>
  1743. </ol>
  1744.  
  1745. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1746.  
  1747. <ol style='margin-top:0cm' start=20 type=1>
  1748. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1749. <span
  1750. lang=EN-NZ><font color="#000000">Infopoll.com, Infopoll Designer
  1751. Version 7.URL:&nbsp;<!--[if gte vml 1]><v:shape
  1752. id="_x0000_i1038" type="#_x0000_t75" alt="Linkout" style='width:13.5pt;
  1753. height:11.25pt'>
  1754. <v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
  1755. </v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1038" height=15 width=18><![endif]><span
  1756. style="mso-spacerun: yes">&nbsp;</span><u><a href="http://infopoll.com/">http://infopoll.com/download/</a></u>
  1757. [accessed 2002 Mar 30]</font></span></li>
  1758. </ol>
  1759.  
  1760. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1761.  
  1762. <ol style='margin-top:0cm' start=21 type=1>
  1763. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1764. <span
  1765. lang=EN-NZ><font color="#000000">NZ.Government. Information
  1766. Systems Security and Data Protection. URL:&nbsp;<!--[if gte vml 1]><v:shape id="_x0000_i1039" type="#_x0000_t75"
  1767. alt="Linkout" style='width:13.5pt;height:11.25pt'>
  1768. <v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
  1769. </v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1039" height=15 width=18><![endif]><span
  1770. style="mso-spacerun: yes">&nbsp;</span><u><a href="http://www.nzhis.govt.nz/publications/Security.html">http://www.nzhis.govt.nz/publications/Security.html</a></u>
  1771. [accessed 2002 Mar 27]</font></span><span style='font-family:Arial;mso-ansi-language:
  1772. EN-US'><o:p></o:p></span></li>
  1773. </ol>
  1774.  
  1775. <div class="MsoNormal"><span style='font-family:Arial;mso-ansi-language:EN-US'><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1776.  
  1777. <ol style='margin-top:0cm' start=22 type=1>
  1778. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1779. <span
  1780. lang=EN-NZ><font color="#000000">Nielson A. C. Attitudes towards
  1781. information technology in Australian General Practice. URL:&nbsp;<!--[if gte vml 1]><v:shape id="_x0000_i1040"
  1782. type="#_x0000_t75" alt="Linkout" style='width:13.5pt;height:11.25pt'>
  1783. <v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
  1784. </v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1040" height=15 width=18><![endif]><span
  1785. style="mso-spacerun: yes">&nbsp;</span><u><a href="http://www.health.gov.au/pubs/gpit/gpit2.pdf">http://www.health.gov.au/pubs/gpit/gpit2.pdf</a></u>
  1786. [accessed 2002 Apr 26]</font></span><span style='font-family:Arial;mso-ansi-language:
  1787. EN-US'><o:p></o:p></span></li>
  1788. </ol>
  1789.  
  1790. <div class="MsoNormal"><span style='font-family:Arial;mso-ansi-language:EN-US'><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1791.  
  1792. <ol style='margin-top:0cm' start=23 type=1>
  1793. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1794. <span
  1795. lang=EN-NZ><font color="#000000">Ilioudis C, Pangalos G.<span style="mso-spacerun: yes">&nbsp;</span>A
  1796. framework for an Institutional High Level Security Policy for the Processing
  1797. of Medical Data and their Transmission Through the Internet. J Med Internet
  1798. Res.[serial online] 2001 Apr-Jun [cited 2002 June 21]; 3(2):E14.URL:&nbsp;<!--[if gte vml 1]><v:shape id="_x0000_i1041" type="#_x0000_t75"
  1799. alt="Linkout" style='width:13.5pt;height:11.25pt'>
  1800. <v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
  1801. </v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1041" height=15 width=18><![endif]><span
  1802. style="mso-spacerun: yes">&nbsp;</span><u><a href="http://www.jmir.org/2001/2/e14/">http://www.jmir.org/2001/2/e14/</a></u>
  1803. [<a href="http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?cmd=Retrieve&db=PubMed&list_uids=11720956&dopt=Abstract">Medline</a>]</font></span></li>
  1804. </ol>
  1805.  
  1806. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1807.  
  1808. <ol style='margin-top:0cm' start=24 type=1>
  1809. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1810. <span
  1811. lang=EN-NZ><font color="#000000">Kibbe DC. A problem-Orientated
  1812. Approach to the HIPAA Security Standards. Fam Prac Manag, [serial online]
  1813. 2001 July/August [cited 2002 Mar 27]; 8(7):37-43 [22 screens] URL:&nbsp;<span class=MsoHyperlink><!--[if gte vml 1]><v:shape
  1814. id="_x0000_i1042" type="#_x0000_t75" alt="Linkout" style='width:13.5pt;
  1815. height:11.25pt'>
  1816. <v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
  1817. </v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1042" height=15 width=18><![endif]><span
  1818. style="mso-spacerun: yes"><u>&nbsp;</span><a href="http://aafp.org/fpm/20010700/37apro.html">http://aafp.org/fpm/20010700/37apro.html<span
  1819. style="mso-spacerun: yes"></a>&nbsp;</span><a href="http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?cmd=Retrieve&db=PubMed&list_uids=11477951&dopt=Abstract">[Medline]</a>&nbsp;</u></font></span></span></li>
  1820. </ol>
  1821.  
  1822. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1823.  
  1824. <ol style='margin-top:0cm' start=25 type=1>
  1825. <li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
  1826. <span
  1827. lang=EN-NZ><font color="#000000">NZ.West.Coast.DHB. Board Report
  1828. 28 Sept. 2001 URL:&nbsp;<!--[if gte vml 1]><v:shape
  1829. id="_x0000_i1043" type="#_x0000_t75" alt="Linkout" style='width:13.5pt;
  1830. height:11.25pt'>
  1831. <v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
  1832. </v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1043" height=15 width=18><![endif]><span
  1833. style="mso-spacerun: yes">&nbsp;</span><span class=MsoHyperlink><u><a href="http://www.westcoastdhb.org.nz/board/Papers/SeptHACPapers.pdf">www.westcoastdhb.org.nz/board/Papers/SeptHACPapers.pdf</a></u>&nbsp;</span>[accessed
  1834. 2002 June 21]</font></span></li>
  1835. </ol>
  1836.  
  1837. <div class="MsoNormal" style="margin-left:18.0pt"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1838.  
  1839. <br>&nbsp;
  1840. <h3>
  1841. <span lang=EN-NZ><font color="#000000">Abbreviations</font></span></h3>
  1842.  
  1843. <div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
  1844.  
  1845. <div class="MsoNormal" style="tab-stops:112.5pt"><span lang=EN-NZ><font color="#000000">BMA<span
  1846. style='mso-tab-count:1'></span>British
  1847. Medical Association</font></span></div>
  1848.  
  1849. <div class="MsoNormal" style="tab-stops:112.5pt"><span lang=EN-NZ><font color="#000000">EDI<span
  1850. style='mso-tab-count:1'></span>Electronic
  1851. Data Interchange</font></span></div>
  1852.  
  1853. <div class="MsoNormal" style="tab-stops:112.5pt"><span lang=EN-NZ><font color="#000000">HEIN<span
  1854. style='mso-tab-count:1'></span>Health
  1855. Informatics</font></span></div>
  1856.  
  1857. <div class="MsoNormal" style="tab-stops:112.5pt"><span lang=EN-NZ><font color="#000000">HHS<span
  1858. style='mso-tab-count:1'></span>Health
  1859. and Human Sciences</font></span></div>
  1860.  
  1861. <div class="MsoNormal" style="tab-stops:112.5pt"><span lang=EN-NZ><font color="#000000">HIPAA<span
  1862. style='mso-tab-count:1'></span>Health
  1863. Insurance Portability Act</font></span></div>
  1864.  
  1865. <div class="MsoHeader" style="tab-stops:112.5pt"><span lang=EN-NZ><font color="#000000">HIS<span
  1866. style='mso-tab-count:1'></span>Health
  1867. Information System</font></span></div>
  1868.  
  1869. <div class="MsoNormal" style="tab-stops:112.5pt"><span lang=EN-NZ><font color="#000000">HL7<span
  1870. style='mso-tab-count:1'></span>Health
  1871. Level 7</font></span></div>
  1872.  
  1873. <div class="MsoNormal" style="tab-stops:112.5pt"><span lang=EN-NZ><font color="#000000">IT<span
  1874. style='mso-tab-count:1'></span>Information
  1875. Technology</font></span></div>
  1876.  
  1877. <div class="MsoNormal" style="tab-stops:112.5pt"><span lang=EN-NZ><font color="#000000">NZ<span
  1878. style='mso-tab-count:1'></span>New
  1879. Zealand</font></span></div>
  1880.  
  1881. <div class="MsoNormal" style="tab-stops:112.5pt"><span lang=EN-NZ><font color="#000000">RN<span
  1882. style='mso-tab-count:1'></span>Registered
  1883. Nurse</font></span></div>
  1884. </div>
  1885.  
  1886. </body>
  1887. </html>