A GENERIC METHODOLOGY FOR HEALTH-CARE DATA-SECURITY

The aim is to outline the framework of a generic methodology for specifying countermeasures in health care environments. The method is specifically aimed at the enhancement of security in existing health care systems, and a key element is the use of predetermined 'profiles' by which these may be classified. Example scenarios are presented to illustrate how the concept could be applied in practice. The paper is based upon work that was initially carried out as part of the Commission of European Communities SEISMED (Secure Environment for Information Systems in MEDicine) project, the aim of which is to provide security recommendations for European health care establishments (HCEs).