Chapter 15. For Your Eyes Only

IT security has become more and more important over the last decades. Although at first security was frequently treated as a necessary evil, nowadays it has matured into a separate area of expertise. Recent drivers for applying security are changing government regulations, avoiding fraud, ensuring privacy, adhering to (stricter) auditing and compliancy rules, and providing more integration of both internal and external IT components using, for example, SOA and cloud computing.

For St. Matthews—and hospitals in general—security is a priority and an area of concern. Hospitals gather, store, and share sensitive personal information about patients. Medical records are strictly confidential and protected by government regulations. St. Matthews needs to be sure that information cannot be accessed by persons or organizations that are not authorized. Suppliers of medical equipment are allowed access to supplier services, not to services providing patient information and their medical history. Even more important, the hospital needs to rely on the quality of information and needs assurance that information is not unrightfully altered. Think about information on upcoming medical procedures (do we need to operate on the left or right leg?) and prescribed medication in combination with a patient’s condition (is the patient allergic to a particular antibiotic?). When the integrity of information is violated, St. Matthews needs to know immediately. Although security measures can greatly reduce these risks, they can never be avoided altogether. In case something goes wrong, St. Matthews needs audit trails to be able to know what went wrong when, where, and why.