Security configuration of HIS

Security configuration has carried out in order to do some sort of hospital information system adaptation with the same system users and their level of access. System availability and accessibility differ according to shape of medical care unites and running processes. Also there are variables among level of services in compliance with funding current which nourish the primary providers to properly give the services in a good degree of acceptance. Meanwhile; those who refuse to join the state network of medical care would not get that advantage to have the same service standards. Though, medical institutions embraced what is called ‘security document’ which draw up the shape of security features regarding dealing of files processing, documents, equipments, and system programs. The primary and also primitive way to protect HIS from future misuse that briefly summarized in two steps; Identification and Authentication…

The person identifies himself/herself to confirm the person identity through certain system steps prepared and constructed to easily understandable with minimum steps of processing to get into hospital access gates. The second step is authentication; a) System might apply this step depending on some well known by users ex: password and user name. b) System might apply this step in form of user ID card or personal care provided by care providers or even state. c) Last one through biometric methods based on finger print analysis and iris. Most of these methods of authentications already applied and run presently in considerable number of country and critical service sites for some security reasons. A point here that level of system access of ordinary users like patients is completely differ in functionality from the access level of medical workers which applied on system inside tracks. That for sure, drawn in form of grape like network data construction. It means the apex of grape is the end user unites or value receiver persons who deal with the system on beneficiary base where every upgrade level related mainly to system management itself and security obligations. It is not necessary to regular service receivers to know about hidden security system figures should not be ever announced publicly.

Moreover; the process of identifications and authentications should undergo to be in compliance with data protection laws. Users directed only to the demanded functionality with total control of next level of authentication step to allow and give the necessary permission far from solid core of the hospital system which might be affected from big user numbers. The last point about HIS here is the matter of tracking the users and defined any existence of errors probably been happened or awaited due to misuse of the system. Also continuous in mind that the permission was granted to some users and guests who entitled to do and receive some work or technical issues touch the core of system. Soundness and intactness of the hospital information security is on the highest level of significance and first object to keep it far from any threatens that affect directly or even indirectly with time. Tracking users by whom authorized to check, delete and modify the entered data make the system safe for long decades and virgin land for next progress and development. Full health J