SECURITY AND PRIVACY OF THE INTEGRATED CLINICAL ENVIRONMENT PART II

Abstract

Integration without security and privacy is not interoperability. The integrated clinical environment cannot achieve the goals of improving patient safety, increasing treatment effectiveness, and improving operational efficiency without engineering both privacy and security into clinical systems, institutional health information systems, and health information exchanges.

Security and Privacy of the Integrated Clinical Environment is a series of three articles. Part I discussed the basic concepts of interoperability and the integrated clinical environment (ICE), the legal and regulatory framework impacting an interoperable ICE, and an overview of the risks associated with the deployment of an interoperable, ICE. This article, Part II, will discuss the concept of privacy engineering and the various National Institute of Standards and Technology (NIST) frameworks and methodologies, including the new NIST Privacy Framework, that can be utilized to address both privacy and security risk adequately.