September 19, 1996
Medical Information Security Survey
Members of the group provided sample questions to ask healthcare
professionals concerning the security of medical records and
related information. The purpose of the questions is to
- a) Educate about security issues
- b) Gain information about current attitudes about security.
- c) Identify persons to work with in the future.
Approximatly 25 questions were presented. Steven will consolidate the
list and it convert it to survey format for group approval.
Project Approach
The group discussed the Ross Anderson healthcare policy specification
and proposed that this policy, specied for the NT environment,
be used as the model for this work. The difference between what
the NT protection mechanism allows and what the policy specifies
will define the primary area in which misuse can occur.
Project Task Assignments
Task 1: Characterizing Misuse -- Steven Templeton
Task 2: Session Characterization and Data Reduction-- Brant Hashii
Task 3: Compromised Software -- Brant Hashii
Task 4: Data Visualization -- Chris Wee
Task 5: Other Factors -- ???