The need for security--a clinical view.

Systems which process patient health data of any kind are considered to be medical information systems. Some data can be categorized as non-personal, non-identifiable, or non-patient-based such as knowledge bases. Others are considered as highly sensitive because of the 'need to know' to deliver health care to patient. Access is not only justifiable for doctors and nurses, but, for specific purposes to administrative personnel and public health organisations. Of special concern are registers on sexually transmitted diseases, mental health and genetic diseases. In future, patients might gain more autonomy and also have access to some parts of their own record. Telematics allows them to update a data base and to consult a knowledge base. Clearly, physicians in charge of the cases have a responsibility that has been recognised by law in all Western countries. Access to patient's data should take into account this responsibility. Although most health professionals would still believe that confidentiality is the main issue, it appears that data integrity and availability are as important in the context of the 'paperless' electronic record. Information should be complete and correct, to be only accessed by authorized persons. The health care environment is characterised by an open nature of clinics that leaves them vulnerable to theft, damage and unauthorized access. Disclosure of information may affect the patient's social standing as well as their general health. The health professions lack sufficiently well-defined organisational structure, culture and perceptions to support security.