Health information is an important asset for health providers. This asset needs to be adequately protected. The primary focus of health information security is the protection and safeguarding of patient information and the requirements to protect the privacy of patients. In addition to this need for protection, health providers must ensure that information is accurate and available when required.
The protection of information involves the preservation of the following:
- Confidentiality – information should only be accessible and available to those authorised to have access.
- Integrity – Information should be stored, used, transferred and retrieved in manners such that there is confidence that the information has not been tampered with or modified other than as authorised.
- Availability – Ensures that information is accessible to authorised individuals when and where required.
Information security is achieved by implementing a suitable set of controls. A control may constitute a policy, a practice, a set of procedures, or perhaps a software function. These controls need to be established in order to ensure that the specific security objectives of the organisation are met.