Abstract

If appropriate security mechanisms aren't in place, individuals and groups can get unauthorized access to personal health data residing in clinical decision support systems (CDSS). These concerns are well founded; there has been a dramatic increase in reports of security incidents. The paper provides a framework for securing personal health data in CDSS. The framework breaks down CDSS into data gathering, data management and data delivery functions. It then provides the vulnerabilities that can occur in clinical decision support activities and the measures that need to be taken to protect the data. The framework is applied to protect the confidentiality, integrity and availability of personal health data in a decision support system. Using the framework, project managers and architects can assess the potential risk of unauthorized data access in their decision support system. Moreover they can design systems and procedures to effectively secure personal health data.