SECURITY AND PRIVACY OF THE INTEGRATED CLINICAL ENVIRONMENT PART III

Abstract

Integration without security and privacy is not interoperability. The integrated clinical environment cannot achieve patient safety goals, increase treatment effectiveness, and improve operational efficiency without engineering both privacy and security into clinical systems, institutional health information systems, and health information exchanges.

Security and Privacy of the Integrated Clinical Environment is a series of three articles. Part I discussed the basic concepts of interoperability and the integrated clinical environment (ICE), the legal and regulatory framework impacting an interoperable ICE, and an overview of the risks of deploying an interoperable ICE. The second article discussed the concept of privacy engineering and the various National Institute of Standards and Technology (NIST) frameworks and methodologies, including the new NIST Privacy Framework, that can be utilized to address both privacy and security risk adequately. The third and final article will discuss how the SABSA methodology can be leveraged to integrate privacy and security management throughout the interoperable, integrated clinical environment.