Making public health data available to community-level decision makers--goals, issues, and a case report.

Effective community health assessment and planning depends on the availability of appropriate public health data. Web-based technologies have created an unprecedented opportunity for making data available to community-level public health decision makers. An interactive data retrieval system targeted to the community-level user must provide an intuitive and easy-to-learn user interface with functionality and statistical complexity appropriate to the expected users while maintaining confidentiality of personal health information. The authors use the Missouri Information for Community Assessment Web site as an example to discuss goals and issues involved in the development of such systems.

The futility of common firewall policies: an experimental demonstration.

Many healthcare organizations utilize network "firewalls" to protect their networks from being accessed by unauthorized external entities. These same firewalls are also often configured to deny access to certain external services from within the internal network. The latter policy can be subverted through a "protocol tunneling" strategy, which has been implemented as a set of programs called "Firehole." Organizations should be aware of this potential weakness in their network security designs. Policies that deny external services to users should be carefully evaluated in light of clearly defined organizational goals.

Effective audit trails--a taxonomy for determination of information requirements.

Current methods of detecting confidentiality breaches in electronic medical record systems are inadequate, partially due to the lack of necessary information at the point of audit trail analysis. In order to determine the information requirements for effective audit trail analysis, we have formulated a taxonomy of confidentiality breaches. By considering scenarios in which an inappropriate access might occur, we have identified "indicators" of confidentiality breaches, which may be thought of as evidence suggesting the possibility that a confidentiality breach has occurred. The collection of facts needed to describe the indicators provides insight into the types of information needed to improve confidentiality breach detection. Much of the information needed is unlikely to be available in the patient record. Research is needed exploring means of collecting and utilizing information from sources other than the patient record for use in improving patient information security.

Using external data sources to improve audit trail analysis.

Audit trail analysis is the primary means of detection of inappropriate use of the medical record. While audit logs contain large amounts of information, the information required to determine useful user-patient relationships is often not present. Adequate information isn't present because most audit trail analysis systems rely on the limited information available within the medical record system. We report a feature of the STAR (System for Text Archive and Retrieval) audit analysis system where information available in the medical record is augmented with external information sources such as: database sources, Light-weight Directory Access Protocol (LDAP) server sources, and World Wide Web (WWW) database sources. We discuss several issues that arise when combining the information from each of these disparate information sources. Furthermore, we explain how the enhanced person specific information obtained can be used to determine user-patient relationships that might signify a motive for inappropriately accessing a patient's medical record.