Defense Healthcare Information Assurance Program (DHIAP). DHIAP Phase I Composite Evaluation Report
Abstract
This report provides a composite view of the findings and conclusions of the MTF Information Security Evaluations conducted as part of DHIAP Phase I. Research found that the security of patient information in the military medical system can be compromised and is at risk. Vulnerabilities are inherent at the local MTF level, caused in part by the centralized selection, administration, and maintenance of mandated health information systems. The report provides two perspectives on DHIAP Phase I research findings and recommendations. The first outlines, for nine technical and organizational investigation subjects, the vulnerabilities and risks that were identified and provides subject-specific recommendations for remedial action. The second, derived from the same material, provides information that crosses the boundaries of the investigation subjects to outline recommended activity according to such organizational focus areas as policy definition, procedure development, and training. Each of the assessments highlights the requirement for formulation of clear policy guidance, supported by assessment of the operational needs that drive the policy and the requirement to address personnel issues to implement and enforce the guidance. The cultural issues forced by addressing policy, operational, and personnel issues are supplemented and supported by improvements in technical tools and procedures.
Document Details
- Document Type
- Technical Report
- Publication Date
- Feb 01, 2000
- Accession Number
- ADA404490
Entities
People
- Archie D. Andrews
- Christopher Alberts
- Lynn S. Crane
- Steven L. Packard
- Thorton C. White