GitBucket
4.21.2
Newer
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="ProgId" content="Word.Document">
<meta name="Generator" content="Microsoft Word 9">
<meta name="Originator" content="Microsoft Word 9">
<meta name="GENERATOR" content="Mozilla/4.76 [en] (Windows NT 5.0; U) [Netscape]">
<title>Are Health Professionals meeting the minimum-security requirements for
Health Information Systems (HIS) in the New Zealand Hea</title>
<link rel=File-List href="./HIS%20Security%20Article_files/filelist.xml">
<link rel=Edit-Time-Data href="./HIS%20Security%20Article_files/editdata.mso">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<!--[if gte mso 9]><xml>
<o:DocumentProperties>
<o:Author>Roeters</o:Author>
<o:LastAuthor>Roeters</o:LastAuthor>
<o:Revision>2</o:Revision>
<o:TotalTime>375</o:TotalTime>
<o:LastPrinted>2002-06-23T05:12:00Z</o:LastPrinted>
<o:Created>2002-06-24T10:16:00Z</o:Created>
<o:LastSaved>2002-06-24T10:16:00Z</o:LastSaved>
<o:Pages>13</o:Pages>
<o:Words>4813</o:Words>
<o:Characters>27437</o:Characters>
<o:Lines>228</o:Lines>
<o:Paragraphs>54</o:Paragraphs>
<o:CharactersWithSpaces>33694</o:CharactersWithSpaces>
<o:Version>9.2720</o:Version>
</o:DocumentProperties>
</xml><![endif]-->
<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:DrawingGridHorizontalSpacing>4.5 pt</w:DrawingGridHorizontalSpacing>
<w:DisplayHorizontalDrawingGridEvery>2</w:DisplayHorizontalDrawingGridEvery>
<w:DisplayVerticalDrawingGridEvery>2</w:DisplayVerticalDrawingGridEvery>
</w:WordDocument>
</xml><![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Times;
panose-1:0 0 0 0 0 0 0 0 0 0;
mso-font-alt:"Times New Roman";
mso-font-charset:0;
mso-generic-font-family:roman;
mso-font-format:other;
mso-font-pitch:variable;
mso-font-signature:3 0 0 0 1 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;
mso-font-charset:2;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:0 268435456 0 0 -2147483648 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0cm;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";
mso-ansi-language:EN-NZ;}
h1
{mso-style-next:Normal;
margin:0cm;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
page-break-after:avoid;
mso-outline-level:1;
mso-layout-grid-align:none;
text-autospace:none;
font-size:12.0pt;
font-family:"Times New Roman";
mso-font-kerning:0pt;
mso-ansi-language:EN-NZ;
font-weight:bold;}
h2
{mso-style-next:Normal;
margin-top:12.0pt;
margin-right:0cm;
margin-bottom:3.0pt;
margin-left:0cm;
mso-pagination:widow-orphan;
page-break-after:avoid;
mso-outline-level:2;
font-size:14.0pt;
font-family:Arial;
mso-ansi-language:EN-NZ;
font-weight:bold;
font-style:italic;}
h3
{mso-style-next:Normal;
margin-top:12.0pt;
margin-right:0cm;
margin-bottom:3.0pt;
margin-left:0cm;
mso-pagination:widow-orphan;
page-break-after:avoid;
mso-outline-level:3;
font-size:13.0pt;
font-family:Arial;
mso-ansi-language:EN-NZ;
font-weight:bold;}
h4
{mso-style-next:Normal;
margin:0cm;
margin-bottom:.0001pt;
text-align:center;
mso-pagination:widow-orphan;
page-break-after:avoid;
mso-outline-level:4;
font-size:18.0pt;
mso-bidi-font-size:12.0pt;
font-family:"Times New Roman";
color:#FF6600;
mso-ansi-language:EN-NZ;
font-weight:bold;}
h5
{mso-style-next:Normal;
margin:0cm;
margin-bottom:.0001pt;
text-align:center;
mso-pagination:widow-orphan;
page-break-after:avoid;
mso-outline-level:5;
font-size:12.0pt;
font-family:"Times New Roman";
color:#FF6600;
mso-ansi-language:EN-NZ;
font-weight:bold;}
h6
{mso-style-next:Normal;
margin:0cm;
margin-bottom:.0001pt;
text-align:center;
mso-pagination:widow-orphan;
page-break-after:avoid;
mso-outline-level:6;
font-size:18.0pt;
mso-bidi-font-size:12.0pt;
font-family:"Times New Roman";
color:red;
mso-ansi-language:EN-NZ;
font-weight:normal;}
p.MsoHeader, li.MsoHeader, div.MsoHeader
{margin:0cm;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
tab-stops:center 216.0pt right 432.0pt;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";
mso-ansi-language:EN-NZ;}
p.MsoFooter, li.MsoFooter, div.MsoFooter
{margin:0cm;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
tab-stops:center 216.0pt right 432.0pt;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";
mso-ansi-language:EN-NZ;}
p.MsoBodyText, li.MsoBodyText, div.MsoBodyText
{margin:0cm;
margin-bottom:.0001pt;
text-align:center;
mso-pagination:widow-orphan;
font-size:26.0pt;
mso-bidi-font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";
mso-ansi-language:EN-NZ;
font-weight:bold;}
p.MsoBodyText2, li.MsoBodyText2, div.MsoBodyText2
{margin:0cm;
margin-bottom:.0001pt;
text-align:center;
mso-pagination:widow-orphan;
font-size:18.0pt;
mso-bidi-font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";
mso-ansi-language:EN-NZ;
font-weight:bold;}
p.MsoBodyText3, li.MsoBodyText3, div.MsoBodyText3
{margin-right:36.0pt;
mso-margin-top-alt:auto;
mso-margin-bottom-alt:auto;
margin-left:0cm;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";
mso-ansi-language:EN-NZ;}
a:link, span.MsoHyperlink
{color:#3366FF;
mso-text-animation:none;
text-decoration:none;
text-underline:none;
text-decoration:none;
text-line-through:none;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
p
{margin-right:0cm;
mso-margin-top-alt:auto;
mso-margin-bottom-alt:auto;
margin-left:0cm;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 67.5pt 72.0pt 89.85pt;
mso-header-margin:36.0pt;
mso-footer-margin:36.0pt;
mso-footer:url("./HIS%20Security%20Article_files/header.htm") f1;
mso-paper-source:0;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:289629960;
mso-list-type:hybrid;
mso-list-template-ids:-1338986014 67698699 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0D8;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:377508630;
mso-list-type:hybrid;
mso-list-template-ids:327719292 67698693 -1574797304 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-hansi-font-family:"Courier New";}
@list l2
{mso-list-id:405153843;
mso-list-type:hybrid;
mso-list-template-ids:-1012652276 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l2:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l3
{mso-list-id:437481626;
mso-list-type:hybrid;
mso-list-template-ids:908209518 727194324 -1903503524 -1810073082 -1383988242 530625538 1027617828 -1501416064 -572198782 745313210;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4
{mso-list-id:457601054;
mso-list-type:hybrid;
mso-list-template-ids:-252797428 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l4:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l5
{mso-list-id:509223363;
mso-list-type:hybrid;
mso-list-template-ids:-862960568 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l5:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l6
{mso-list-id:624196186;
mso-list-type:hybrid;
mso-list-template-ids:540710594 1852235690 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l6:level1
{mso-level-text:"\(%1\)";
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l7
{mso-list-id:626394540;
mso-list-type:hybrid;
mso-list-template-ids:-1807686718 1064075432 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l7:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l8
{mso-list-id:729573967;
mso-list-type:hybrid;
mso-list-template-ids:725881758 -2094762376 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l8:level1
{mso-level-start-at:3;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l9
{mso-list-id:745806464;
mso-list-type:hybrid;
mso-list-template-ids:-806993424 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l9:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l10
{mso-list-id:769817223;
mso-list-type:hybrid;
mso-list-template-ids:-604569862 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l10:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l11
{mso-list-id:786315730;
mso-list-type:hybrid;
mso-list-template-ids:-166553744 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l11:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l12
{mso-list-id:795878757;
mso-list-type:hybrid;
mso-list-template-ids:-1584597906 67698693 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l12:level1
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l13
{mso-list-id:855536290;
mso-list-type:hybrid;
mso-list-template-ids:292432524 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l13:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l14
{mso-list-id:983659878;
mso-list-type:hybrid;
mso-list-template-ids:645174470 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l14:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l15
{mso-list-id:1084449174;
mso-list-type:hybrid;
mso-list-template-ids:327719292 67698693 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l15:level1
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l15:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l16
{mso-list-id:1149245338;
mso-list-type:hybrid;
mso-list-template-ids:1418077430 1577494842 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l16:level1
{mso-level-start-at:7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l17
{mso-list-id:1205101956;
mso-list-type:hybrid;
mso-list-template-ids:327719292 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l17:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l17:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l18
{mso-list-id:1233125716;
mso-list-type:hybrid;
mso-list-template-ids:1521675316 67698699 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l18:level1
{mso-level-number-format:bullet;
mso-level-text:\F0D8;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l19
{mso-list-id:1282688750;
mso-list-type:hybrid;
mso-list-template-ids:-1252731814 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l19:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l20
{mso-list-id:1466117749;
mso-list-type:hybrid;
mso-list-template-ids:-130380868 67698693 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l20:level1
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l21
{mso-list-id:1509981021;
mso-list-type:hybrid;
mso-list-template-ids:-1034256722 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l21:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l22
{mso-list-id:1552420186;
mso-list-type:hybrid;
mso-list-template-ids:-1225741922 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l22:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l23
{mso-list-id:1665625288;
mso-list-type:hybrid;
mso-list-template-ids:2025460 -2094762376 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l23:level1
{mso-level-start-at:3;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l24
{mso-list-id:1779372754;
mso-list-type:hybrid;
mso-list-template-ids:908209518 67698703 -1903503524 -1810073082 -1383988242 530625538 1027617828 -1501416064 -572198782 745313210;}
@list l24:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l25
{mso-list-id:2032487604;
mso-list-type:hybrid;
mso-list-template-ids:-1183565534 800498216 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l25:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l26
{mso-list-id:2043552466;
mso-list-type:hybrid;
mso-list-template-ids:410292904 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l26:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l27
{mso-list-id:2061512608;
mso-list-type:hybrid;
mso-list-template-ids:-1385551382 67698699 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l27:level1
{mso-level-number-format:bullet;
mso-level-text:\F0D8;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l23:level1 lfo26
{mso-level-start-at:1;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="2050"/>
</xml><![endif]-->
<!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1"/>
</o:shapelayout></xml><![endif]-->
</head>
<body link="#3366FF" vlink="#800080" lang="EN-US" style="tab-interval:36.0pt">
<div class=Section1>
<center>
<h1>
<font color="#000000">Original paper</font></h1></center>
<p>
<br>
<br>
<br>
<br>
<br>
<p class="MsoNormal"><b><font color="#000000">Are Health Professionals
meeting the minimum-security requirements for Health Information Systems
(HIS) in the New Zealand Health Service? (A pilot study in Residential
Care)</font></b>
<br>
<br>
<br>
<br>
<center>
<p><span lang=EN-NZ><font color="#000000">Han Roeters</span><span lang=EN-NZ style='font-family:Times'><sup>12</span><span
lang=EN-NZ></sup>
and Alec Holt</span><span lang=EN-NZ style='font-family:Times'><sup>3</sup></font></span>
<p><span lang=EN-NZ></span></center>
<p class="MsoNormal"><span lang=EN-NZ style='font-family:Times'><font color="#000000"><sup>1 </span><span
lang=EN-NZ></sup>Manager,
Reevedon Elderly Care Complex, PO Box 142, Levin 5500, New Zealand.</font></span>
<p class="MsoNormal"><span lang=EN-NZ style='font-family:Times'><font color="#000000"><sup>2 </span><span
lang=EN-NZ></sup>Health
Informatics Group, University of Otago, Wellington School of Medicine,
Wellington, New Zealand.</font></span>
<p class="MsoNormal"><span lang=EN-NZ style='font-family:Times'><font color="#000000"><sup>3</span><span
lang=EN-NZ></sup>
Health Informatics Group, Department of Information Science, University
of Otago, Dunedin, New Zealand</font></span>
<center>
<p><span lang=EN-NZ></span></center>
<p class="MsoHeader" style="tab-stops:36.0pt"><span lang=EN-NZ><font color="#000000">Corresponding
Author</font></span>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Han Roeters</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Health Informatics
Group</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">University
of Otago</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Dunedin </font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">New Zealand</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Email: <span style='color:windowtext'><a href="mailto:roeters.nz@xtra.co.nz">roeters.nz@xtra.co.nz</a></font></span></span></div>
<p><br><span lang=EN-NZ style='font-size:12.0pt;font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";color:maroon;mso-ansi-language:EN-NZ;
mso-fareast-language:EN-US;mso-bidi-language:AR-SA'>
<br>
<h3>
<span lang=EN-NZ><font color="#000000">Abstract </font></span></h3>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000"><b>Background:</span><span lang=EN-NZ></b>
Due to the accelerating development of technology and the globalisation
of HIS, it is becoming increasingly important for health professionals
to implement and maintain security measures for their HIS.</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000"><b>Objective:</span><span lang=EN-NZ></b>
This research compares, British, American and New Zealand HIS security
standards and researches minimum-security requirements available to compare
this with the results of a survey in the NZ Residential Care Industry.</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000"><b>Methods</span><span lang=EN-NZ></b>:
The research is a cross-sectional study that evaluates and compares descriptive
qualitative data derived from a population sample by means of a questionnaire,
and literature research with descriptive qualitative data on minimum-security
requirements from other studies, established standards or legislation and
literature. </font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">A survey
is designed and conducted in the facilities of a large residential (elderly)
care provider in New Zealand. It is targeted to Managers, Care Managers,
Registered Nurses and Administrators. The questionnaire investigates how
HIS security in the residential care industry compares.</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000"><b>Results:</span><span lang=EN-NZ></b>
The results of the literature search failed to return minimum-security
requirements for HIS for any of the countries targeted in the research.
The survey had a 58% return rate, this equates to a sample population of
28. Compliance with minimum-security requirements was below 50%. Statistics
and graphs were designed and calculated in MSExcel with PHStat add-inn.</font></span></div>
<p class="MsoNormal"><span lang=EN-NZ><b><font color="#000000">Conclusions: </font></b></span>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000">Minimum-security
requirements establish an important basis for consistency in developing
health companies HIS security policies and procedures. Continuation of
inconsistency in security procedures jeopardises the quality of patient
care, the HIS and increases risk of litigation for health professionals
and organizations. The minimum-security requirements in the NZ residential
care industry are severely compromised and the risk of security breaches
and data loss is high. Minimum-security requirements for HIS in the targeted
countries are not available.</font></span>
<p class="MsoHeader" style="tab-stops:36.0pt"><span lang=EN-NZ><font color="#000000">In
this article the terms privacy, confidentiality, and security are used
as defined by </font></span>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000">L.Gostin [<span style='color:red'>1</span>]:</font></span>
<p class="MsoNormal"><span lang=EN-NZ><i><font color="#000000">“Privacy
is defined as the right of an individual to limit access by others to some
aspect of the person. </font></i><o:p></o:p></span>
<p class="MsoNormal"><span lang=EN-NZ><i><font color="#000000">Confidentiality
is a form of information privacy characterized by a special relationship,
such as the physician-patient relationship. Personal information obtained
in the course of this relationship should not be revealed to others unless
the patient is first made aware and consents to the disclosure.</font></i><o:p></o:p></span>
<p class="MsoNormal"><span lang=EN-NZ><i><font color="#000000">Security
encompasses a set of technical and administrative procedures designed to
protect data systems against unwanted disclosure, modification, or destruction
and to safeguard the system itself.”</font></i><o:p></o:p></span>
<p class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span>
<h3>
<span lang=EN-NZ><font color="#000000">Keywords</font></span></h3>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Security,
Health Information Systems, Privacy, Confidentiality, New Zealand, Residential
Care.</font></span></div>
<h3>
<span lang=EN-NZ><font color="#000000">Introduction</font></span></h3>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Since the
1990’s the use of computerised HIS in New Zealand and other first world
countries has developed at an accelerating pace. In conjunction with this
the <i>“concerns about privacy transcend the health care setting. Americans
believe that their privacy rights are not adequately protected”</i> [<span style='color:#FF6600'>2</span>].
These concerns were reflected in other countries including New Zealand.
The New Zealand government developed the Health Information Privacy Code
1994 (http://www.knowledge-basket.co.nz/privacy/comply/HIPCWWW.pdf)
to ensure privacy of health information.</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">It is becoming
increasingly difficult for the lawmakers to stay in line with new developments
in our ever-accelerating technology. Privacy and security requirements
are no exception.</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000"><i>“With
the advance of technology have come a variety of challenges to our privacy.
It’s not that the Internet causes loss of privacy-but it has made us more
aware of the issues surrounding privacy. The complexities involved in maintaining
our privacy and security in a world where information is increasingly public
can be daunting.”</span><span
lang=EN-NZ></i> [<span style='color:#FF6600'>3</span>].
Compounding this problem is the globalisation of information and the lack
of global legislation to protect the privacy of our health information,
<i>“it
is easy to understand why some kinds of information should be accorded
special status and legal protection based on their sensitivity and the
great damage that can occur from unconsented disclosure.”</i>[<span style='color:#FF6600'>4</span>].
The protection of our health information is imperative to maintaining the
individual’s privacy.</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000"><i>“The essence
of security is to protect the availability, integrity and confidentiality
of data and systems”</span><span
lang=EN-NZ></i>[<span style='color:#FF6600'>5</span>].
The lack of security has the potential to put: the patient, the clinician,
the system and the organization at risk, the reason is that medical organizations
<i>“tend
to focus our greatest emphasis on patient care. But once you understand
how profoundly a lack of IT security can effect your organization, right
down to the clinical level, you come to appreciate the importance of it.”</i>[<span
style='color:#FF6600'>6</span>] </font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Unfortunately
<i>“most
hospitals and health systems don’t understand how much at risk they are”</i>
[<span
style='color:#FF6600'>7</span>]. </font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Global security
principles for health information systems do not exist because nobody owns
or regulates the Internet. Most countries developed their own security
legislation and principles. It is concerning that HIS have been in generalised
use since the early 1980’s and most legislation and security guidelines
originate from the late 1990’s. </font></span></div>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000">HIS risk assessment
and implementation of security measures to ensure a secure, private and
dynamic HIS is possibly one of the major tasks that the NZ Health Service
and other countries need to have to deal with.</font></span>
<br><span lang=EN-NZ style='font-size:13.0pt;font-family:Arial;mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-NZ;mso-fareast-language:EN-US;
mso-bidi-language:AR-SA'>
<br></span>
<h3>
<span lang=EN-NZ><font color="#000000">Methods</font></span></h3>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Comparing
British, American and New Zealand HIS security principles.</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><span style="mso-spacerun: yes"></span></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Dr Ross J.
Anderson describes 9 security principles for the individual patient record,
in his research, Security in Clinical Information Systems, which was commissioned
by the British Medical Association (BMA) they are related to the following
security elements [<span
style='color:#FF6600'>8</span>]:</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=1 type=1>
<li class="MsoNormal" style="mso-list:l2 level1 lfo12;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Access control</font></span></li>
<li class="MsoNormal" style="mso-list:l2 level1 lfo12;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Record opening</font></span></li>
<li class="MsoNormal" style="mso-list:l2 level1 lfo12;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Control</font></span></li>
<li class="MsoNormal" style="mso-list:l2 level1 lfo12;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Consent and notification</font></span></li>
<li class="MsoNormal" style="mso-list:l2 level1 lfo12;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Persistence</font></span></li>
<li class="MsoNormal" style="mso-list:l2 level1 lfo12;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Attribution</font></span></li>
<li class="MsoNormal" style="mso-list:l2 level1 lfo12;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Information flow </font></span></li>
<li class="MsoNormal" style="mso-list:l2 level1 lfo12;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Aggregation control</font></span></li>
<li class="MsoNormal" style="mso-list:l2 level1 lfo12;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">The trusted computing base</font></span></li>
</ol>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<div class="MsoBodyText2" style="text-align:left"><span lang=EN-NZ
style='font-size:12.0pt;font-weight:normal'><font color="#000000">The
American security principles are found in a recommendation on the Health
Insurance Portability and Accountability Act 1996 (HIPAA).</font><o:p></o:p></span></div>
<div class="MsoNormal"><span lang=EN-NZ><span style="mso-spacerun:
yes"></span><font color="#000000"><i>“
The Department of Health and Human Services has previously sent Congress
recommendations for legislation to protect health information, which set
forth the following 5 key principles </span><span lang=EN-NZ></i>[<span
style='color:#FF6600'>9</span>]:</font><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=1 type=1>
<li class="MsoNormal" style="mso-list:l10 level1 lfo13;tab-stops:list 36.0pt">
<span
lang=EN-NZ><i><font color="#000000">Boundaries</font></i><o:p></o:p></span></li>
<li class="MsoNormal" style="mso-list:l10 level1 lfo13;tab-stops:list 36.0pt">
<span
lang=EN-NZ><i><font color="#000000">Security</font></i><o:p></o:p></span></li>
<li class="MsoNormal" style="mso-list:l10 level1 lfo13;tab-stops:list 36.0pt">
<span
lang=EN-NZ><i><font color="#000000">Consumer control</font></i><o:p></o:p></span></li>
<li class="MsoNormal" style="mso-list:l10 level1 lfo13;tab-stops:list 36.0pt">
<span
lang=EN-NZ><i><font color="#000000">Accountability</font></i><o:p></o:p></span></li>
<li class="MsoNormal" style="mso-list:l10 level1 lfo13;tab-stops:list 36.0pt">
<span
lang=EN-NZ><i><font color="#000000">Public responsibility” </font></i><o:p></o:p></span></li>
</ol>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">The American
Congress adopted these principles during the discussions of the HIPAA bill.
HHS (Department of health and Human services) and announced a final rule
for the electronic standards for healthcare transactions in December 2000.</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">The British
and American security principles are incorporated in New Zealand in the
health Information Privacy Code 1994 and the New Zealand security principles
for health information standards for the NZ Health Intranet, which ensure
that three security components are maintained [<span style='color:#FF6600'>10</span>]:</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=1 type=1>
<li class="MsoNormal" style="mso-list:l13 level1 lfo14;tab-stops:list 36.0pt">
<span
lang=EN-NZ><i><font color="#000000">“System integrity - the
functionality of the computer system should be maintained with all modules
and subsystems functioning properly and in the way that the user expects
and believes them to be operating </font></i><o:p></o:p></span></li>
<li class="MsoNormal" style="mso-list:l13 level1 lfo14;tab-stops:list 36.0pt">
<span
lang=EN-NZ><!--[if gte vml 1]><v:shapetype id="_x0000_t75" coordsize="21600,21600"
o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f"
stroked="f">
<v:stroke joinstyle="miter"/>
<v:formulas>
<v:f eqn="if lineDrawn pixelLineWidth 0"/>
<v:f eqn="sum @0 1 0"/>
<v:f eqn="sum 0 0 @1"/>
<v:f eqn="prod @2 1 2"/>
<v:f eqn="prod @3 21600 pixelWidth"/>
<v:f eqn="prod @3 21600 pixelHeight"/>
<v:f eqn="sum @0 0 1"/>
<v:f eqn="prod @6 1 2"/>
<v:f eqn="prod @7 21600 pixelWidth"/>
<v:f eqn="sum @8 21600 0"/>
<v:f eqn="prod @7 21600 pixelHeight"/>
<v:f eqn="sum @10 21600 0"/>
</v:formulas>
<v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
<o:lock v:ext="edit" aspectratio="t"/>
</v:shapetype><v:shape id="_x0000_i1025" type="#_x0000_t75" alt=""
style='width:.75pt;height:13.5pt'>
<v:imagedata src="./HIS%20Security%20Article_files/image001.gif" o:href="http://www.nzhis.govt.nz/gfx/li.gif"/>
</v:shape><![endif]--><![if !vml]><img SRC="image001.gif" BORDER=0 v:shapes="_x0000_i1025" height=18 width=1><![endif]><i><font color="#000000">Data
availability - the data stored are preserved from damage or disorganisation,
and are available to the user as and when required </font></i><o:p></o:p></span></li>
<li class="MsoNormal" style="mso-list:l13 level1 lfo14;tab-stops:list 36.0pt">
<span
lang=EN-NZ><!--[if gte vml 1]><v:shape id="_x0000_i1026" type="#_x0000_t75"
alt="" style='width:.75pt;height:13.5pt'>
<v:imagedata src="./HIS%20Security%20Article_files/image001.gif" o:href="http://www.nzhis.govt.nz/gfx/li.gif"/>
</v:shape><![endif]--><![if !vml]><img SRC="image001.gif" BORDER=0 v:shapes="_x0000_i1026" height=18 width=1><![endif]><i><font color="#000000">Information
privacy - the personal and confidential material stored is protected from
access by unauthorised personnel, and is available only to those with a
need to know and with the necessary privilege and authority to access it.” </font></i><o:p></o:p></span></li>
</ol>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">The New Zealand
security principles for health information standards for the NZ Health
Intranet consist of 6 principles [<span style='color:#FF6600'>11</span>]:</font></span></div>
<ol style='margin-top:0cm' start=1 type=1>
<li class="MsoNormal" style="mso-list:l19 level1 lfo15;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Confidentiality</font></span></li>
<li class="MsoNormal" style="mso-list:l19 level1 lfo15;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Integrity</font></span></li>
<li class="MsoNormal" style="mso-list:l19 level1 lfo15;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Authenticity</font></span></li>
<li class="MsoNormal" style="mso-list:l19 level1 lfo15;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Non-repudiation</font></span></li>
<li class="MsoNormal" style="mso-list:l19 level1 lfo15;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Auditing</font></span></li>
<li class="MsoNormal" style="mso-list:l19 level1 lfo15;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Accountability</font></span></li>
</ol>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">In addition
the NZ Health Information Privacy act provides the following Health Information
Privacy Rules [<span
style='color:#FF6600'>12</span>]:</font></span></div>
<div class="MsoNormal"><span style='font-size:11.0pt;mso-ansi-language:EN-US'><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<div class="MsoHeader" style="margin-left:36.0pt;text-indent:-18.0pt;mso-list:l5 level1 lfo16;
tab-stops:list 36.0pt"><![if !supportLists]><span lang=EN-NZ><font color="#000000">1.<span
style='font:7.0pt "Times New Roman"'></span></span><![endif]><span
lang=EN-NZ>Purpose
of collection of health information</font></span></div>
<ol style='margin-top:0cm' start=2 type=1>
<li class="MsoNormal" style="mso-list:l5 level1 lfo16;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Source of health information</font></span></li>
<li class="MsoNormal" style="mso-list:l5 level1 lfo16;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Collection of health information
from individual</font></span></li>
<li class="MsoNormal" style="mso-list:l5 level1 lfo16;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Manner of collection of health
information</font></span></li>
<li class="MsoNormal" style="mso-list:l5 level1 lfo16;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Storage and security of health
information</font></span></li>
<li class="MsoNormal" style="mso-list:l5 level1 lfo16;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Access to personal health
information</font></span></li>
<li class="MsoNormal" style="mso-list:l5 level1 lfo16;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Correction of health information</font></span></li>
<li class="MsoNormal" style="mso-list:l5 level1 lfo16;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Accuracy etc of health information
to be checked before use</font></span></li>
<li class="MsoNormal" style="mso-list:l5 level1 lfo16;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Retention of health information</font></span></li>
<li class="MsoNormal" style="mso-list:l5 level1 lfo16;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Limits on use of health information</font></span></li>
<li class="MsoNormal" style="mso-list:l5 level1 lfo16;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Limits on disclosure of health
information</font></span></li>
<li class="MsoNormal" style="mso-list:l5 level1 lfo16;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Unique identifiers</font></span></li>
</ol>
<div class="MsoNormal"><span style='font-size:11.0pt;mso-ansi-language:EN-US'><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Although
all these standards are important building blocks for secure HIS and EDI
(Electronic Data Interchange) they do not establish consistent minimum-security
requirements.</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">With the
establishment of NZ e-government some progress is made towards the implementation
of minimum standard. In the document on minimum standards for Internet
Security in the New Zealand Government the following policies and guidelines
for security management standards are set [<span style='color:red'>13</span>]:</font></span></div>
<ul style='margin-top:0cm' type=disc>
<li class="MsoNormal" style="mso-list:l17 level1 lfo25;tab-stops:list 36.0pt">
<span
lang=EN-NZ><i><font color="#000000">“An IS management system
following AS/NZS17799 Information Security Management (available from www.standards.co.nz
)should be employed for all systems processing Government classified (including
In-confidence) information or hosting government services.</font></i><o:p></o:p></span></li>
<li class="MsoNormal" style="mso-list:l17 level1 lfo25;tab-stops:list 36.0pt">
<span
lang=EN-NZ><i><font color="#000000">It security risks should
be managed following the processes in either:</font></i><o:p></o:p></span></li>
</ul>
<div class="MsoNormal" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l1 level2 lfo24;
tab-stops:list 72.0pt"><![if !supportLists]><span lang=EN-NZ style='mso-hansi-font-family:
"Courier New";mso-bidi-font-style:italic'><font color="#000000">-<span style='font:7.0pt "Times New Roman"'></span></span><![endif]><span lang=EN-NZ><i>NZ
Security of IT (MNSIT) Publication 104: Risk Analysis (www.gcsb.govt.nzit/index.htm)
or</i></font><o:p></o:p></span></div>
<div class="MsoNormal" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l1 level2 lfo24;
tab-stops:list 72.0pt"><![if !supportLists]><span lang=EN-NZ style='mso-hansi-font-family:
"Courier New";mso-bidi-font-style:italic'><font color="#000000">-<span style='font:7.0pt "Times New Roman"'></span></span><![endif]><span lang=EN-NZ><i>Standards
New Zealand AS/NZS4360: Risk Management and HB231: IT Risk Management</i></font><o:p></o:p></span></div>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<div class="MsoHeader" style="tab-stops:36.0pt"><span lang=EN-NZ><font color="#000000">The
document is still in draft form, completion and implementation might take
several years and Internet security is only one element of HIS Security
systems</font></span></div>
<div class="MsoHeader" style="tab-stops:36.0pt"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<div class="MsoNormal"><span lang=EN-NZ><b><font color="#000000">There
are 5 major barriers to HIS security systems. </font></b><o:p></o:p></span></div>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000"><b><i>First:</span><span
lang=EN-NZ></span><span lang=EN-NZ></i></b>The
human factor where required to operate HIS system. Any system is only as
secure as the weakest link and no system is fully secure. Staff ‘s major
concern is patient care; this in itself provides a heavy workload. Many
people think that the greatest security concern for our health information
is unauthorised on line access by “hackers”, this is possibly due to the
front page news it makes and the embarrassment it causes when a hacker
gains access. </font></span>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000">However most
organizations largest concern is internal, <i>“an angry employee or a simple
mistake is much more likely to occur than an outside hack and is tremendously
harder to stop”</i> [<span
style='color:#FF6600'>14</span>], lack of compliance
with security policies due to other work pressures and /or lack of understanding
and education would be the next largest concern.</font></span>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000"><b><i>Second:</span><span
lang=EN-NZ></i></b>
There is a lack of global HIS security standards and there is no minimum-security
requirement that could be reflected in consistent policies and procedures
throughout the health care industry.</font></span>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000"><b><i>Third: </span><span
lang=EN-NZ></i></b>The
accelerating speed of development of new technology. Technology is developing
fast than the tool to secure the HIS. This is an ongoing concern that will
continue to exist. There are a number of countermeasures available to protect
the HIS. The NZHIS security publications describes that some of these measures
include [<span style='color:#FF6600'>15</span>]:</font></span>
<ol style='margin-top:0cm' start=1 type=1>
<li class="MsoNormal" style="mso-list:l26 level1 lfo17;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Access control (comprising
up to 3 parts: Something you know, something you have, something unique
to you)</font></span></li>
<li class="MsoNormal" style="mso-list:l26 level1 lfo17;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Transaction logs and audit
trails (for system and file access)</font></span></li>
<li class="MsoNormal" style="mso-list:l26 level1 lfo17;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Encryption (of the electronic
health information prior to transfer)</font></span></li>
<li class="MsoNormal" style="mso-list:l26 level1 lfo17;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Archiving (relating to the
ease of access, off-line storage and destroying of data)</font></span></li>
<li class="MsoNormal" style="mso-list:l26 level1 lfo17;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Virus protection and software
fitness (appropriate software for it’s use)</font></span></li>
<li class="MsoNormal" style="mso-list:l26 level1 lfo17;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Informed users (who understand
the follow the security policies)</font></span></li>
</ol>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000"><b><i>Fourth:</span><span
lang=EN-NZ></i></b>
The cost factor, good security systems are usually expensive to implement
and there is no tangible evidence that they are effective. Most countries
have problems stretching the health dollar to meet requirements. HIS security
does not appear on the priority list.</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000"><b><i>Fifth:</span><span
lang=EN-NZ></i></b>
Education, security education is not a common part of the HIS operators
training.</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Security
is often viewed as an issue the IT department needs to solve and not as
a common problem.</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">To allow
different health service software applications to communicate with each
other, Health Level 7 (HL7) protocol was developed as a standard for health
networks this has been adopted by New Zealand. The HL7 protocol managers
have appointed a group that will focus on secure transactions and Internet
security<i>. “The group will focus on the use of HL7 in communications
environments where there is a need for authentication, encryption, non-repudiation,
and digital signature. This group will focus on mechanisms for secure HL7
transactions and not on standardizing security policies.”</i> [<span style='color:#FF6600'>16</span>].</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">It is concerning
that HL7, which is considered the most advanced and widely adopted data
transfer protocol is still developing their security mechanisms.</font></span></div>
<p class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000">To establish
the degree of risk encountered by individuals and/or the health industry
is difficult<i>. “The Internet is unlike anything humankind has ever experienced.
It has no borders, no nationality, few rules, and is restricted only by
the creativity of its users. As such, it defies many traditional roles
of government and rules of order. This openness is its greatest strength
and also its most defining weakness.</i>”[<span
style='color:red'>17</span>].
There is a multitude of factors which impact on the degree of risk and
the Internet is only one aspect of these. Some other aspects are Access,
System integrity, Date integrity and availability and Confidentiality/Privacy.
It would be an impossible task to eliminate all the risks, paper based
HIS have incurred a degree of risk as well. It is beneficial to minimise
these risks factors because the cost both social and financial can be high. </font></span>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000">For example
if a person’s health information would be available to insurances or employers,
certain privileges might be denied (justified or not), or a disgruntled
employee could destroy valuable databases and compromise treatments and/or
New Zealand health providers could be held liable under the Health Information
Privacy Act and incur hefty fines.</font></span>
<p class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span>
<h1 style="mso-layout-grid-align:auto;text-autospace:ideograph-numeric ideograph-other">
<span
lang=EN-NZ><font color="#000000">HIS security survey in the Residential
Care Industry</font></span></h1>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">See Appendix
one for Survey questions</font></span></div>
<div class="MsoNormal"><span style='mso-ansi-language:EN-US'><font color="#000000">There
is a difference in nature between the residential care industry (long term
care) and other health information systems (more acute). In the acute setting
there is a much higher need for online patient information transfer and
due to this the protocols are more advanced using Health Level 7 compatible
programs policies and procedures. Although it would be beneficial, the
residential care industry in general is not connected to the NZ Health
Intranet and electronic transfer of patient information is rather the exception
than the norm. </font><o:p></o:p></span></div>
<div class="MsoNormal"><span style='mso-ansi-language:EN-US'><font color="#000000">To
ascertain to what level minimum-security requirements in the residential
care industry are met, </span><span
lang=EN-NZ>questions were compiled
from security principles illustrated in the book Protect Yourself on Line
[<span style='color:red'>18</span>] and NZ Government Security Publications
[<span style='color:red'>19</span>] </font></span><span
style='mso-ansi-language:EN-US'><o:p></o:p></span></div>
<div class="MsoNormal"><span style='mso-ansi-language:EN-US'><font color="#000000">The
questionnaire was structured around the following security areas:</font><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=1 type=1>
<li class="MsoNormal" style="mso-list:l21 level1 lfo18;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Virus screeners.</font></span></li>
<li class="MsoNormal" style="mso-list:l21 level1 lfo18;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Computer access</font></span></li>
<li class="MsoNormal" style="mso-list:l21 level1 lfo18;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Backup</font></span></li>
<li class="MsoNormal" style="mso-list:l21 level1 lfo18;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Encryption</font></span></li>
<li class="MsoNormal" style="mso-list:l21 level1 lfo18;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Audit trails</font></span></li>
<li class="MsoNormal" style="mso-list:l21 level1 lfo18;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Education</font></span></li>
</ol>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Structure
of the 31 questions:</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">First question
was to establish if staff was eligible to take part in the survey, to reduce
redundant data. Staff who were not eligible because they did not use computerised
HIS, were asked to complete demographic data only.18 of the questions had
yes/no, or yes/no/don’t know answers and there were 8 other security questions.
The survey finished with 4 demographic questions, which would establish
the occupation, gender, age group and length of employment.</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">If the majority
95% (to allow a 5% margin of error) of the questions 2.1 to 7.3 were answered
correctly the residential care provider would be considered to meet the
minimum-security requirements for HIS. </font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">The mean
of the yes/no/(don’t know) provides and indication of compliance with minimum-security
requirements. If the survey mean is high, compliance is high because the
population answers comply with the preferred answers (see Table 1).</font></span></div>
<b><font color="#000000">Table1 Preferred answers (Table1.jpeg)</font></b>
<br>
<h3>
<span lang=EN-NZ><font color="#000000">Results</font></span></h3>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">The survey
was designed in Infopoll Designer [<span style='color:red'>20</span>] and
transferred to a MSWord format to make this suitable for a mail out and
targeted to Registered Nurses (RN), Administrators and Managers. After
approval was obtained from the general manager, 48 Questionnaires were
distributed by mail and there was a 58% return rate. </font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">82 % of the
returned surveys were staff that used health information systems. 18% of
this category of staff did not. It is difficult to establish if this is
a true reflection of the total population of staff. There might be bias
in the fact that staff that do not use HIS are less likely to return the
research survey. This 18 % was made up of 1 RN and 4 managers.</font></span></div>
<div class="MsoHeader" style="tab-stops:36.0pt"><span lang=EN-NZ><font color="#000000">The
acceptable mean would be around 95 </font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">The survey
mean was 41.95, with a standard deviation of 28.76. This means that the
majority of preferred answers are within 28.76 around the mean. The standard
error is 6.13 with a 95 % confidence level.</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">I am unable
to compare statistics in regard to compliance with minimum-security standards
in the NZ health industry because they do not exist. There is only advisory
material available which does not give a minimum standard. </font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">100% of the
HIS computers was found to be equipped with a virus screener. There appears
to be uncertainty about who is responsible to update the virus screener,
35 % of the surveyed population said they were not responsible and 26 %
didn’t know. </font></span></div>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000">17% of the
population updated and scanned their HIS computer fortnightly which is
considered insufficient, due to the increasing speed of new viruses being
developed, a minimum of a weekly update and scan is advisable. In addition
to this 26% is not aware if the virus screener is set on automatic screening
of all incoming information.</font></span>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000">Control of
access to the HIS computer is an essential part of minimum-security standards.</font></span>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000">The survey
results show that 78 % of the surveyed population share HIS computers with
other staff, 70% share passwords and 48% know passwords of other staff.
52% of the computers carry only one password to access the computers and
35% carry no password. The majority of passwords are relatively uncomplicated
(57% consists of letters only and 17% is made up of letters and numbers).
This makes unauthorised access easy, in addition there are no audit trails
and 57% of the staff use networked computers. This places the system at
high risk of undetected unauthorised computer and network access. </font></span>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000">The risk of
unauthorised access is increased; only 30% of the survey results indicate
that the computers carry a screen saver password. </font></span>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000">For the computers
who do carry passwords access is at risk. Access via an administrator’s
password is minimal (only 22%) in addition, only 26% of the passwords are
stored in a safe or comparable safe storage.</font></span>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000">Protection
of what is considered sensitive information is severely challenged, only
48% is password protected and only 4% of the files are encrypted or password
protected when Emailed, digital signatures are not used which make authentication
of the sender impossible and interception easy.</font></span>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000">78% of the
surveyed staff backup their HIS computer, unfortunately 17 % does this
less than fortnightly. This equates to only 61% of the surveyed staff correctly
backup their HIS information, therefore the risk of information loss is
potentially high. A preset cyclical backup would be the preferred backup
method.</font></span>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000">52% of the
survey population has received education in regard to computer security,
but the level and the type of education is not known.</font></span>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000">There were
no obvious correlations between the demographic and the other survey data</font></span>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000">In using the
preferred answers the overall mean of the survey is 41.9%. This translates
in 41.9% of the survey population returning the preferred answer. To maintain
an acceptable minimum-security standard this figure should be 95% (this
allows for a 5% margin of confidence), in all the surveyed areas (see Tables
2 -10.).</font></span>
<p><b><font color="#000000">Tables 2-10. Survey Statistics and Graphs (Table1.jpeg
to Table10.jpeg)</font></b>
<h3>
<span lang=EN-NZ><font color="#000000">Discussion</font></span></h3>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">Security
of HIS is a complex concept and an area of concern to the consumer, the
health care providers / companies and the New Zealand Government.</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">The security
components of the NZ HIS are </span><span
style='mso-ansi-language:EN-US'>disjointed,
most parts are available but I have been unable to find evidence that these
components have been combined in a minimum- security standard. This would
ensure some consistency in HIS security throughout the NZ Health Industry.
Currently the NZHIS security consists of:</font><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=1 type=1>
<li class="MsoNormal" style="mso-list:l11 level1 lfo19;tab-stops:list 36.0pt">
<span
style='mso-ansi-language:EN-US'><font color="#000000">Health
Information Privacy act 1994, in particular rule 5-9. Endorsable by the
New Zealand Privacy and Health and Disability Commissioner</font><o:p></o:p></span></li>
<li class="MsoNormal" style="mso-list:l11 level1 lfo19;tab-stops:list 36.0pt">
<span
style='mso-ansi-language:EN-US'><font color="#000000">NZ Health
Intranet Security Standards</font><o:p></o:p></span></li>
<li class="MsoNormal" style="mso-list:l11 level1 lfo19;tab-stops:list 36.0pt">
<span
style='mso-ansi-language:EN-US'><font color="#000000">HL7 Standards</font><o:p></o:p></span></li>
<li class="MsoNormal" style="mso-list:l11 level1 lfo19;tab-stops:list 36.0pt">
<span
style='mso-ansi-language:EN-US'><font color="#000000">Individual
Health providers HIS Security policies and procedures</font><o:p></o:p></span></li>
</ol>
<div class="MsoHeader" style="tab-stops:36.0pt"><span style='mso-ansi-language:
EN-US'><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<div class="MsoNormal"><span style='mso-ansi-language:EN-US'><font color="#000000">NZHIS
Security standards have incorporated both the British and the American
standards.</font><o:p></o:p></span></div>
<div class="MsoNormal"><span style='mso-ansi-language:EN-US'><font color="#000000">The
residential care industry is no exception in the apparent lack of minimum-security
standards for HIS.</font><o:p></o:p></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000"><i>“Fundamental
to any attempt to secure an information system is that the users are aware
of and follow appropriate routines and procedures. It will remain beyond
the realms of practical reality to develop preventive strategies that make
it impossible for user to breach security, and it is the authorised users
of the system who are generally the weakest link in the security system”</span><span lang=EN-NZ></i>[<span
style='color:#FF6600'>21</span>]
Some <i>“clinical users consider computerisation offers significant advantages
in terms of security and confidentiality. Provided security systems are
activated and used properly, computerised notes are more secure than paper
notes; likewise e-mail is more secure than for example hard copy facsimiles.
Most practices were careful about this issue, but in others the attitude
to security was more ‘loose’, with clerical staff not only accessing the
notes, but being responsible for writing the patient summaries”</i>[<span style='color:#FF6600'>22</span>].</font></span></div>
<div class="MsoNormal"><span lang=EN-NZ><font color="#000000">It is surprising
to find that minimum-security requirements have not been established in
New Zealand and available security standards are open to interpretation
of its users. This potentially creates concerns for the security of the
entire New Zealand HIS. <i>“A health-data technical security policy should
be adopted by each Health Care Establishment site”</i>[<span style='color:red'>23</span>]</font></span></div>
<div class="MsoNormal"><span style='mso-ansi-language:EN-US'><font color="#000000">Most
literature refers to generalized security principles that users should
adhere to, but minimum-security standards either national or international
are not available. </font><o:p></o:p></span></div>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000">For best practice
purposes Standards New Zealand has released the security management standard
AS/NZS ISO/ICE 17799:2001 Information Technology – Code of practice for
information security management, there is no evidence that this document
has been adopted and implemented by the New Zealand Health service. </font></span><span style='mso-ansi-language:EN-US'><o:p></o:p></span>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000"><i>“The bad
news is that even basic security measures are new to the health care industry,
generally considered to be 10 to 15 years behind other industries with
regard to security”</span><span
lang=EN-NZ></i>[<span style='color:#FF6600'>24</span>].</font></span>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000">Minimum-security
requirements establish an important basis for consistency in developing
health companies HIS security policies and procedures. There are still
grave concerns. The NZ West Coast District Health Board identified in their
Board report in September 2001 that in the area of E-security there was
“<i>Lack of policy/standards, no official policy, however good attention
to security within Information group compensates to a large degree”</i>.
[<span style='color:red'>25</span>]</font></span>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000">Continuation
of inconsistency in security policies and procedures jeopardises the quality
of patient care, and increases risk of litigation for health professionals
and organizations. The minimum-security requirements in the NZ residential
care industry are severely compromised and the risk of security breaches
and data loss is high.</font></span>
<p class="MsoNormal"><span style='mso-ansi-language:EN-US'><font color="#000000">The
outcome of the HIS security survey </span><span lang=EN-NZ>concludes
that minimum-security requirements in this residential care organization
are severely compromised and the risk of security breaches and data loss
is high. This potentially threatens the HIS and the safety of the residents.
The degree of risk encountered by the health company is high, this does
not reflect in risk for the NZ Health Intranet because the Residential
Care Provider is not connected.</font></span>
<p class="MsoNormal"><span lang=EN-NZ><font color="#000000">The sample
size if large enough to conclude that this is a fair representation of
the entire industry. We need to take in account that the sample originates
from one company only and is not cross-sectional for the residential care
industry. This has the potential to create bias due to the culture of the
organization surveyed.</font></span>
<br><span lang=EN-NZ style='font-size:13.0pt;font-family:Arial;mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-NZ;mso-fareast-language:EN-US;
mso-bidi-language:AR-SA'>
<br></span>
<h3>
<a NAME="_References"></a><span lang=EN-NZ><font color="#000000">Acknowledgements</font></span></h3>
<h3>
<span lang=EN-NZ style='font-size:12.0pt;font-family:"Times New Roman";
font-weight:normal'><font color="#000000">The
authors would like to acknowledge the support and encouragement from the
Otago University Post-Graduate Diploma in Health Informatics tutors. The
support, co-operation and time dedicated by the General manager Elderly
Care and staff of the Residential Care Provider that was surveyed. There
was no funding sourced for this article.</font><o:p></o:p></span></h3>
<h3>
<span lang=EN-NZ style='font-size:12.0pt;font-family:"Times New Roman";
font-weight:normal'><![if !supportEmptyParas]><font color="#000000"> </font><![endif]><o:p></o:p></span></h3>
<h3>
<font color="#000000">Conflict of Interest</font></h3>
<div class="MsoNormal"><font color="#000000">Possible conflict of interest
is that one author is the Manager, Reevedon Elderly Care Complex.</font></div>
<div class="MsoNormal"><b><font color="#000000"><font size=+1></font></font></b>
<br><b><font color="#000000"><font size=+1>Appendix 1</font></font></b></div>
<font color="#000000">Health Information Systems Security Survey 2002 (Appendix1.htm)</font>
<br>
<p class="MsoNormal"><b><font color="#000000"><font size=+1>References</font></font></b>
<p class="MsoHeader" style="tab-stops:36.0pt"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span>
<ol style='margin-top:0cm' start=1 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Gostin LO, Turek-Brezina J,
Powers M. Privacy and Security of Personal Information in a New Health
Care System. JAMA 1993 Nov; 270(20):2487-93 [<a href="http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?cmd=Retrieve&db=PubMed&list_uids=8192748&dopt=Abstract">Medline</a>]</font></span></li>
</ol>
<div class="MsoNormal" style="margin-left:18.0pt"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=2 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Gostin LO, Turek-Brezina J,
Powers M. Privacy and Security of Personal Information in a New Health
Care System. JAMA 1993 Nov; 270(20):2487-93 [<a href="http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?cmd=Retrieve&db=PubMed&list_uids=8192748&dopt=Abstract">Medline</a>]</font></span></li>
</ol>
<div class="MsoHeader" style="tab-stops:36.0pt"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=3 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Danda M. Protect Yourself
On Line. Washington: Microsoft Press; 2001. p. xvii</font></span></li>
</ol>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=4 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Szekely D, Milam S, Khademi
J. (1996). Legal Issues of the Electronic Dental Record: Security and Confidentiality.
J Dent Educ, 1996 Jan: 60(1):19-23.[<a href="http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?cmd=Retrieve&db=PubMed&list_uids=8594098&dopt=Abstract">Medline</a>]</font></span></li>
</ol>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=5 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">NZ.Government. (1995, 02-07-97).
Information Systems Security and Data Protection. URL: <!--[if gte vml 1]><v:shape id="_x0000_i1027"
type="#_x0000_t75" alt="Linkout" style='width:13.5pt;height:11.25pt'>
<v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
</v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1027" height=15 width=18><![endif]><span
style="mso-spacerun: yes"> </span><u><a href="http://www.nzhis.govt.nz/publications/Security.html">http://www.nzhis.govt.nz/publications/Security.html</a></u>
[accessed 2002 Mar 27]</font></span><span style='font-family:Arial;mso-ansi-language:
EN-US'><o:p></o:p></span></li>
</ol>
<div class="MsoNormal"><span style='font-family:Arial;mso-ansi-language:EN-US'><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=6 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Rodsjo S. Hack Attack. Healthc
Inform [Serial online] 2001 Jan [cited 2002 Mar 27];18(1):37-40, 42, 44
URL: <!--[if gte vml 1]><v:shape
id="_x0000_i1028" type="#_x0000_t75" alt="Linkout" style='width:13.5pt;
height:11.25pt'>
<v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
</v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1028" height=15 width=18><![endif]><span
style="mso-spacerun: yes"> </span><span class=MsoHyperlink><u><a href="http://www.healthcare-information.com/issues/2001/01_01/rodsjo.htm">http://www.healthcare-information.com/issues/2001/01_01/rodsjo.htm</span></a></u>
[<a href="http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?cmd=Retrieve&db=PubMed&list_uids=11211424&dopt=Abstract">Medline</a>]</font></span></li>
</ol>
<div class="MsoNormal" style="margin-left:18.0pt"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=7 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Tabar P. A Security Strategy:
possibly the biggest task on the healthcare's to-do list. Healthc Inform.
[Serial online]<span
style="mso-spacerun: yes"> </span>2001
[cited 2002 Mar 27]; Feb;18(2):46, 48. URL: <!--[if gte vml 1]><v:shape id="_x0000_i1029" type="#_x0000_t75"
alt="Linkout" style='width:13.5pt;height:11.25pt'>
<v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
</v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1029" height=15 width=18><![endif]><span
style="mso-spacerun: yes"> </span><u><a href="http://www.healthcare-information.com/issues/2001/02_01/cover.htm#security">http://www.healthcare-information.com/issues/2001/02_01/cover.htm#security</a></u>
[<a href="http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?cmd=Retrieve&db=PubMed&list_uids=11225064&dopt=Abstract">Medline</a>]</font></span></li>
</ol>
<div class="MsoNormal" style="margin-left:18.0pt"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=8 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Anderson RJ. Security in Clinical
Information Systems. Cambridge: University of Cambridge: 1996</font></span></li>
</ol>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=9 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Hodge J, Jr, Gostin LO, Jacobson
PD. Legal issues Concerning Electronic Health Information. JAMA, 1999 Oct
20; 282(15):1466-71.[<a href="http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?cmd=Retrieve&db=PubMed&list_uids=10535438&dopt=Abstract">Medline</a>]</font></span></li>
</ol>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=10 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">NZ.Government. Information
Systems Security and Data Protection. URL: <!--[if gte vml 1]><v:shape id="_x0000_i1030" type="#_x0000_t75"
alt="Linkout" style='width:13.5pt;height:11.25pt'>
<v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
</v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1030" height=15 width=18><![endif]><span
style="mso-spacerun: yes"> </span><u><a href="http://www.nzhis.govt.nz/publications/Security.html">http://www.nzhis.govt.nz/publications/Security.html</a></u>[accessed
2002 Mar 27]</font></span><span style='font-family:Arial;
mso-ansi-language:EN-US'><o:p></o:p></span></li>
</ol>
<div class="MsoNormal"><span style='font-family:Arial;mso-ansi-language:EN-US'><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=11 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">NZ.Government. Standards (Health
Intranet) URL: <!--[if gte vml 1]><v:shape
id="_x0000_i1031" type="#_x0000_t75" alt="Linkout" style='width:13.5pt;
height:11.25pt'>
<v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
</v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1031" height=15 width=18><![endif]><span
style="mso-spacerun: yes"> </span><u><a href="http://www.nzhis.govt.nz/intranet/standards.html">http://www.nzhis.govt.nz/intranet/standards.html</a></u>
[accessed 2002 Mar 27]</font></span></li>
</ol>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=12 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">NZ.Government. Health Information
Privacy code 1994. Office of the NZ Privacy Commissioner. URL: <!--[if gte vml 1]><v:shape id="_x0000_i1032"
type="#_x0000_t75" alt="Linkout" style='width:13.5pt;height:11.25pt'>
<v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
</v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1032" height=15 width=18><![endif]><span
style="mso-spacerun: yes"> </span><u><a href="http://www.privacy.org.nz/comply/HIPCWWW.pdf">http://www.privacy.org.nz/comply/HIPCWWW.pdf</a></u>
[accessed 2002 Mar 27]</font></span></li>
</ol>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=13 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">NZ.Government. Minimum Standards
for Internet Security in the New Zealand Government URL: <!--[if gte vml 1]><v:shape id="_x0000_i1033"
type="#_x0000_t75" alt="Linkout" style='width:13.5pt;height:11.25pt'>
<v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
</v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1033" height=15 width=18><![endif]><span
style="mso-spacerun: yes"> </span><u><a href="http://www.e-government.govt.nz/docs/iss-draft/iss-draft.pdf">http://www.e-government.govt.nz/docs/iss-draft/iss-draft.pdf</a></u>[accessed
21-6, 2002]</font></span></li>
</ol>
<div class="MsoNormal" style="margin-left:18.0pt"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=14 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Rodsjo S. Hack Attack. Healthc
Inform [Serial online] 2001 Jan [cited 2002 Mar 27];18(1):37-40, 42, 44
URL: <!--[if gte vml 1]><v:shape
id="_x0000_i1034" type="#_x0000_t75" alt="Linkout" style='width:13.5pt;
height:11.25pt'>
<v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
</v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1034" height=15 width=18><![endif]><span
style="mso-spacerun: yes"> </span><span class=MsoHyperlink><u><a href="http://www.healthcare-information.com/issues/2001/01_01/rodsjo.htm">http://www.healthcare-information.com/issues/2001/01_01/rodsjo.htm</span></a></u>
[<a href="http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?cmd=Retrieve&db=PubMed&list_uids=11211424&dopt=Abstract">Medline</a>]</font></span></li>
</ol>
<div class="MsoNormal" style="margin-left:18.0pt"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<div class="MsoNormal"><span style='font-family:Arial;mso-ansi-language:EN-US'><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=15 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">NZ.Government. Information
Systems Security and Data Protection URL: <!--[if gte vml 1]><v:shape id="_x0000_i1035" type="#_x0000_t75"
alt="Linkout" style='width:13.5pt;height:11.25pt'>
<v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
</v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1035" height=15 width=18><![endif]><span
style="mso-spacerun: yes"> </span><u><a href="http://www.nzhis.govt.nz/publications/Security.html">http://www.nzhis.govt.nz/publications/Security.html</a></u>
[accessed 2002 Mar 27]</font></span><span style='font-family:Arial;mso-ansi-language:
EN-US'><o:p></o:p></span></li>
</ol>
<div class="MsoHeader" style="tab-stops:36.0pt"><span style='font-family:Arial;
mso-ansi-language:EN-US'><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=16 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Unknown. Health Level Seven
Southern Africa. URL: <!--[if gte vml 1]><v:shape
id="_x0000_i1036" type="#_x0000_t75" alt="Linkout" style='width:13.5pt;
height:11.25pt'>
<v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
</v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1036" height=15 width=18><![endif]><span
style="mso-spacerun: yes"> </span><u><a href="http://www.hl7.org.za/HealthLevelSevenGuide1.htm">http://www.hl7.org.za/HealthLevelSevenGuide1.htm</a></u>
[accessed 2002 Apr 16]</font></span></li>
</ol>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=17 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Danda M. Protect Yourself
On Line. Washington: Microsoft Press; 2001. p 8</font></span><span style='font-family:Arial;mso-ansi-language:EN-US'><o:p></o:p></span></li>
</ol>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=18 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Danda M. Protect Yourself
On Line. Washington: Microsoft Press; 2001</font></span></li>
</ol>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=19 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">NZ.Government. Information
Systems Security and Data Protection. URL: <!--[if gte vml 1]><v:shape id="_x0000_i1037" type="#_x0000_t75"
alt="Linkout" style='width:13.5pt;height:11.25pt'>
<v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
</v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1037" height=15 width=18><![endif]><span
style="mso-spacerun: yes"> </span><u><a href="http://www.nzhis.govt.nz/publications/Security.html">http://www.nzhis.govt.nz/publications/Security.html</a></u>
[accessed 2002 Mar 27]</font></span></li>
</ol>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=20 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Infopoll.com, Infopoll Designer
Version 7.URL: <!--[if gte vml 1]><v:shape
id="_x0000_i1038" type="#_x0000_t75" alt="Linkout" style='width:13.5pt;
height:11.25pt'>
<v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
</v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1038" height=15 width=18><![endif]><span
style="mso-spacerun: yes"> </span><u><a href="http://infopoll.com/">http://infopoll.com/download/</a></u>
[accessed 2002 Mar 30]</font></span></li>
</ol>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=21 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">NZ.Government. Information
Systems Security and Data Protection. URL: <!--[if gte vml 1]><v:shape id="_x0000_i1039" type="#_x0000_t75"
alt="Linkout" style='width:13.5pt;height:11.25pt'>
<v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
</v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1039" height=15 width=18><![endif]><span
style="mso-spacerun: yes"> </span><u><a href="http://www.nzhis.govt.nz/publications/Security.html">http://www.nzhis.govt.nz/publications/Security.html</a></u>
[accessed 2002 Mar 27]</font></span><span style='font-family:Arial;mso-ansi-language:
EN-US'><o:p></o:p></span></li>
</ol>
<div class="MsoNormal"><span style='font-family:Arial;mso-ansi-language:EN-US'><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=22 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Nielson A. C. Attitudes towards
information technology in Australian General Practice. URL: <!--[if gte vml 1]><v:shape id="_x0000_i1040"
type="#_x0000_t75" alt="Linkout" style='width:13.5pt;height:11.25pt'>
<v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
</v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1040" height=15 width=18><![endif]><span
style="mso-spacerun: yes"> </span><u><a href="http://www.health.gov.au/pubs/gpit/gpit2.pdf">http://www.health.gov.au/pubs/gpit/gpit2.pdf</a></u>
[accessed 2002 Apr 26]</font></span><span style='font-family:Arial;mso-ansi-language:
EN-US'><o:p></o:p></span></li>
</ol>
<div class="MsoNormal"><span style='font-family:Arial;mso-ansi-language:EN-US'><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=23 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Ilioudis C, Pangalos G.<span style="mso-spacerun: yes"> </span>A
framework for an Institutional High Level Security Policy for the Processing
of Medical Data and their Transmission Through the Internet. J Med Internet
Res.[serial online] 2001 Apr-Jun [cited 2002 June 21]; 3(2):E14.URL: <!--[if gte vml 1]><v:shape id="_x0000_i1041" type="#_x0000_t75"
alt="Linkout" style='width:13.5pt;height:11.25pt'>
<v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
</v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1041" height=15 width=18><![endif]><span
style="mso-spacerun: yes"> </span><u><a href="http://www.jmir.org/2001/2/e14/">http://www.jmir.org/2001/2/e14/</a></u>
[<a href="http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?cmd=Retrieve&db=PubMed&list_uids=11720956&dopt=Abstract">Medline</a>]</font></span></li>
</ol>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=24 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">Kibbe DC. A problem-Orientated
Approach to the HIPAA Security Standards. Fam Prac Manag, [serial online]
2001 July/August [cited 2002 Mar 27]; 8(7):37-43 [22 screens] URL: <span class=MsoHyperlink><!--[if gte vml 1]><v:shape
id="_x0000_i1042" type="#_x0000_t75" alt="Linkout" style='width:13.5pt;
height:11.25pt'>
<v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
</v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1042" height=15 width=18><![endif]><span
style="mso-spacerun: yes"><u> </span><a href="http://aafp.org/fpm/20010700/37apro.html">http://aafp.org/fpm/20010700/37apro.html<span
style="mso-spacerun: yes"></a> </span><a href="http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?cmd=Retrieve&db=PubMed&list_uids=11477951&dopt=Abstract">[Medline]</a> </u></font></span></span></li>
</ol>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<ol style='margin-top:0cm' start=25 type=1>
<li class="MsoNormal" style="mso-list:l25 level1 lfo29;tab-stops:list 36.0pt">
<span
lang=EN-NZ><font color="#000000">NZ.West.Coast.DHB. Board Report
28 Sept. 2001 URL: <!--[if gte vml 1]><v:shape
id="_x0000_i1043" type="#_x0000_t75" alt="Linkout" style='width:13.5pt;
height:11.25pt'>
<v:imagedata src="./HIS%20Security%20Article_files/image002.gif" o:href="http://www.jmir.org/images/linkout.gif"/>
</v:shape><![endif]--><![if !vml]><img SRC="image002.gif" ALT="Linkout" BORDER=0 v:shapes="_x0000_i1043" height=15 width=18><![endif]><span
style="mso-spacerun: yes"> </span><span class=MsoHyperlink><u><a href="http://www.westcoastdhb.org.nz/board/Papers/SeptHACPapers.pdf">www.westcoastdhb.org.nz/board/Papers/SeptHACPapers.pdf</a></u> </span>[accessed
2002 June 21]</font></span></li>
</ol>
<div class="MsoNormal" style="margin-left:18.0pt"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<br>
<h3>
<span lang=EN-NZ><font color="#000000">Abbreviations</font></span></h3>
<div class="MsoNormal"><span lang=EN-NZ><![if !supportEmptyParas]><![endif]><o:p></o:p></span></div>
<div class="MsoNormal" style="tab-stops:112.5pt"><span lang=EN-NZ><font color="#000000">BMA<span
style='mso-tab-count:1'></span>British
Medical Association</font></span></div>
<div class="MsoNormal" style="tab-stops:112.5pt"><span lang=EN-NZ><font color="#000000">EDI<span
style='mso-tab-count:1'></span>Electronic
Data Interchange</font></span></div>
<div class="MsoNormal" style="tab-stops:112.5pt"><span lang=EN-NZ><font color="#000000">HEIN<span
style='mso-tab-count:1'></span>Health
Informatics</font></span></div>
<div class="MsoNormal" style="tab-stops:112.5pt"><span lang=EN-NZ><font color="#000000">HHS<span
style='mso-tab-count:1'></span>Health
and Human Sciences</font></span></div>
<div class="MsoNormal" style="tab-stops:112.5pt"><span lang=EN-NZ><font color="#000000">HIPAA<span
style='mso-tab-count:1'></span>Health
Insurance Portability Act</font></span></div>
<div class="MsoHeader" style="tab-stops:112.5pt"><span lang=EN-NZ><font color="#000000">HIS<span
style='mso-tab-count:1'></span>Health
Information System</font></span></div>
<div class="MsoNormal" style="tab-stops:112.5pt"><span lang=EN-NZ><font color="#000000">HL7<span
style='mso-tab-count:1'></span>Health
Level 7</font></span></div>
<div class="MsoNormal" style="tab-stops:112.5pt"><span lang=EN-NZ><font color="#000000">IT<span
style='mso-tab-count:1'></span>Information
Technology</font></span></div>
<div class="MsoNormal" style="tab-stops:112.5pt"><span lang=EN-NZ><font color="#000000">NZ<span
style='mso-tab-count:1'></span>New
Zealand</font></span></div>
<div class="MsoNormal" style="tab-stops:112.5pt"><span lang=EN-NZ><font color="#000000">RN<span
style='mso-tab-count:1'></span>Registered
Nurse</font></span></div>
</div>
</body>
</html>