Information security concepts and practices: the case of a provincial multi-specialty hospital

In recent years, major and widely accepted information security under-standings and achievements confirm that the problem is complex. They clarify that technologies are fundamental toots, but management processes have even bigger relevance, as also prestigious international magazines dossier clearly explained recently. Such a magazine attention outlines the wide impact that the subject has on watchful decision makers. ISO17799 is an emerging standard in information security. In principle there are no reasons for considering it not applicable to the health care sector. In practice, because of both the just conceptual level of the standard and the peculiarities of the health care data and institutions, a lot of analysis and design work need to be invested any time a health care institution decides to deal with the subject. CEN/ENV 12924 is another emerging standard certainly more on the spot of the health care. Nevertheless, it also asks for evident further investigation. The practical case of information security. design, implementation, management, and auditing inside a multi-specialty provincial Italian hospital will be described. (C) 2003 Elsevier Ireland Ltd. All rights reserved.