Clinical Information Systems Security
Clinical Information Systems (CIS) are computerized systems that have data that allows access to the most current data of patients, related to the medication history, clinical notes, and laboratory reports channeled either directly or across data networks. Developed for the healthcare industry, the adoption of CIS dates back to the 1960s when it was purely used for hospital accounting systems. However, in the 1970s applications used in the CIS mutated to communication and patients’ results reviews (Grandia, 2017). The CIS model involves a variety of networking technology, electronic medical records, clinical databases, and related clinical informatics research that is necessary for the management of patient conditions.
As the first tools in primary care, the CIS is used for recording and managing patient information efficiently. Secondly, it supports the process of organizing patients’ information according to specified demographics and clinical data. Thirdly, it ensures that the process of data storage and manipulation is associated with proper patient care; helps reduce prescription errors, unnecessary testing, and hospitalizations; supports meaningful treatment of patients; improves safety, productivity and outcomes of healthcare (Islam, Poly, & Li, 2018).
Features of the Model
Health practitioners have access to all information and services in a centralized place and have both direct and remote access to immediate updates of patients’ medical data. Furthermore, it has led to improved quality and analysis of patients’ data aligned with the knowledge of the physician and decisions on patients are guided by clinical evidence and best practice. There is also a quick turnaround of diagnosis of patients. It has also led to the utilization of a standard format of communication with different clinical information systems and enhanced communications between and among different health practitioners.
Noninterference Security Model
The model was developed by Goguen and Mesguer in 1982 and updated in 1984. Basically, it was designed to ensure that subjects and objects within different security levels do not interfere with those belonging to other levels. Here, objects are either data bits, processes, documents, or programs; while subjects are basically networks, system users, applications, or processes.
In non-interference security, a computer is viewed as a device that has both inputs and outputs, whereby they are both classified as either low sensitivity (unclassified information) or high sensitivity (unable to be viewed by users or resources without relevant clearance). Conversely, inputs with low sensitivity produce a proportionate output of low sensitivity, regardless of whether any high-level inputs exist (Finjan Cyber Security, 2017).
The core function is a strict separation of different security levels, done to prevent or minimize any leaks or breaches that are likely to occur through covert channels. The zoning function prevents any security bypass. Secondly, each attempt of data movement through a system does not rely on all others, and data is restricted from crossing its defined boundaries. This is important because security segregation at the different levels prevents access to shared resources or event likelihood of inference attacks. Finally, the non-interference model creates a very strict security regime that is effective for the use in the commercial industry.
Deducibility Security Model
Designed by David Sutherland, deducibility security entails achieving a level whereby any set of possible observations in the view is consistent with any possible sequence of hidden inputs. The model quantifies that it means information to flow from a user to another. In security terms, information flow is dependent on high-level activity consistency with each possible low-level observation (Zakithinos, 1996).
One key characteristic of deducibility security is that it prevents any kind of leaks because of Trojan Horses. A deducibility secure system is one that has no initial classification of information through the system in it, and in this case, no unauthorized users of that system will ever learn any classified information through the system. This means that any system which permits unlawful information flow through it is not deducibility secure.
This is a computer security model that was introduced by Graham Denning in 1972 and demonstrates how objects and subjects can be securely created and deleted. Secondly, it also addresses the process of assigning specific access rights. The model is majorly employed in access control mechanisms for distributed systems (CISSP, 2012).
The Graham-Denning model consists of three main components: a set of subjects, a set of objects, and a set of eight rules. Here, a subject can either be a user or a process that makes a request to be able to access a resource. An object is a resource that a user or process wants to access.
The model addresses the security issues associated with how to define a set of basic rights on how specific subjects can execute security functions on an object. The model has eight basic protection rules (actions) that outline, one, how to securely create and delete an object, and two, how to securely create and delete a subject. Three, the rules outline how to securely provide the read access right, four, how to securely provide the grant access right, and five, how to securely provide the delete access right, six, how to securely provide the transfer access right.
In this model, each object has an owner with specific rights, and at the same time, each subject has a controller with specific rights on it. This model adopts the Access-Control-Matrix.
CIISP (2012). Security Architecture and Design Domain. CIB, January 2012.
Finjan Cybersecurity (2017). The Non-Interference Model. Retrieved from https://blog.finjan.com/the-non-interference-model/
Grandia, L. (2017). Health Information Systems: A Look at the Past, Present, and Future. HealthCatalyst. Retrieved from http://www.healthcatalyst.com/wp-content/uploads/2014/05/A-Look-at-the-Past-Present-and-Future-Healthcare-Information-Systems.pdf
Islam, M. M., Poly, T. N., & Li, Y.-C. (2018). Recent Advancement of Clinical Information Systems: Opportunities and Challenges. Yearbook of Medical Informatics, 27(1), 83-90.Zakinthinos, A. (1996). On the composition of security properties. Ottawa: National Library of Canada = BibliothèqueNationalee du Canada.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more