Abstract:
Inappropriate disclosure and use of personal health
information could have severe adverse consequences for
the individual to whom it pertains, but non-disclosure
could adversely affect other individuals or the society. In
Australia efforts are under way to develop legislation that
will address the protection of confidential health
information. Development of large-scale health
information repositories, intended to facilitate access to
health information to many more parties than was
previously possible, makes the Issue of consent
enforcement and access control more urgent than ever.
Literature suggests that the majority of security threats
arise out of insider activities. It is proposed to develop a
confidentiality protection framework that will ensure
personal, identifiable health information is only disclosed
by consent or under circumstances prescribed by law, and
that all access to that information is audited. The
framework, based on encryption of health information at
the time of collection, and decryption at the time of
authorised use, provides a number of advantages over the
traditional, enterprise-centric protection model.
