September 19, 1996

Medical Information Security Survey

Members of the group provided sample questions to ask healthcare professionals concerning the security of medical records and related information. The purpose of the questions is to Approximatly 25 questions were presented. Steven will consolidate the list and it convert it to survey format for group approval.

Project Approach

The group discussed the Ross Anderson healthcare policy specification and proposed that this policy, specied for the NT environment, be used as the model for this work. The difference between what the NT protection mechanism allows and what the policy specifies will define the primary area in which misuse can occur.

Project Task Assignments

Task 1: Characterizing Misuse -- Steven Templeton
Task 2: Session Characterization and Data Reduction-- Brant Hashii
Task 3: Compromised Software -- Brant Hashii
Task 4: Data Visualization -- Chris Wee
Task 5: Other Factors -- ???