Healthcare information systems deal with a large amount of Personally Identifiable Information related to patients like dates of birth and social security numbers, patients health information and history, and financial information like credit card details and bank accounts. Most healthcare institutions purchase information systems from commercial vendors and have minimal inhouse expertise required to maintain these systems. Most institutions lack the expertise required to research evolving threats and maintain a tough security posture. We propose a risk transference based system architecture that moves sensitive data outside the system boundary, into data stores that are managed with stringent and efficient security protocols.
翻译:保健信息系统处理大量与病人有关的个人识别信息,如出生日期和社会保障号码、病人健康信息和历史、财务信息,如信用卡细节和银行账户等,大多数保健机构从商业供应商购买信息系统,并拥有维持这些系统所需的最低内部专门知识;大多数机构缺乏研究不断变化的威胁和保持强硬的安全态势所需的专门知识;我们提议基于风险的转移系统结构,将敏感数据移出系统边界,进入以严格有效的安全程序管理的数据储存。