Published in the Journal of Healthcare Information Management, Spring 2007, pp. 34-40, by Protik Sandell, PMP, MBA, of Z-Tech, an ICF International Company. If appropriate security mechanisms aren't in place, individuals and groups can get unauthorized access to personal health data residing in clinical decision support systems (CDSS). These concerns are well founded; there has been a dramatic increase in reports of security incidents.The paper provides a framework for securing personal health data in CDSS.
The framework breaks down CDSS into data gathering, data management, and data delivery functions. It then provides the vulnerabilities that can occur in clinical decision support activities and the measures that need to be taken to protect the data.The framework is applied to protect the confidentiality, integrity, and availability of personal health data in a decision support system. Using the framework, project managers and architects can assess the potential risk of unauthorized data access in their decision support system. Moreover, they can design systems and procedures to effectively secure personal health data.