Computer security when data = life

Security technologies were born of and initially implemented in a business, social and technical structure based on fundamental assumptions which no longer hold in health care. Thus, while computer security has much to offer health care, utilizing the full potential of computer security technologies with respect to patient information requires reevaluating priorities in computer security. Such a reevaluation requires defining the traditional goals of computer security. There are a number of tradeoffs inherent in the goals of computer security, for example information which is highly available is less confidential. Security is a multidimensional problem which must be solved with respect to the specific problem, not a generic technical add-on which can be added to any system. This paper presents two contrasting cases where distinctly different approaches to risk and security in patient information systems are taken.