Secure Knowledge Management for Healthcare Organizations

Abstract

As the healthcare industry enters the era of knowledge management it must place security at the foundation of the transition. Risks are pervasive to every aspect of information and knowledge management. Without secure practices that seek to avoid or mitigate the effects of these risks, how can healthcare organisations ensure that knowledge is captured, stored, distributed, used, destroyed and restored securely? In an age where risks and security threats are ever-increasing, secure knowledge management is an essential business practice. The cost of security breaches in a healthcare context can range from the unauthorized access of confidential information to the potential loss or unauthorized modification of patient information leading to patient injury. In this chapter the authors highlight different approaches to minimising these risks, based on the concepts of authentication, authorization, data integrity, availability and confidentiality. Security mechanisms have to be in-depth, rather like the layers of an onion, and security procedures have to be dynamic, due to the continually changing environment. For example, in the past, cryptographic algorithms that were proven to be safe, e.g., 56 bit key DES, have succumbed to advanced computer power or more sophisticated attacks, and have had to be replaced with more powerful alternatives. The authors present a model for ensuring dynamic secure knowledge management and demonstrate through the use of case studies, that if each of the security layers are covered, then we can be reasonably sure of the strength of our system’s security.