|
Confidentiality of
Patient Information
Doheny Eye Medical Group exists to offer the most sophisticated and
comprehensive tertiary subspecialty care available to ophthalmic patients in
Southern California. All information regarding a patient and his/her medical
condition and treatment that is provided to Doheny Eye Medical Group is
treated as private and confidential data. Except with the patient's express
consent or as required by law, Doheny Eye Medical Group will only release
patient information to the patient or his/her physician.
The system architecture is designed for use in highly confidential,
healthcare, computing environments where security is a high priority. A Web
server authenticates the identity of the end-users to ensure only authorized
end-users have access to secure Web applications. Users are usually
authenticated by one or more methods of what "they know," a valid user ID
and password, what "they have," a security token or a digital certificate,
or what someone else knows about them, a certificate authority.
Our primary security objectives are twofold: (1) to assure that the Internet
servers and their security controls are protected from any tampering that
would compromise their effectiveness. The operating system must be
configured to protect the server application and its database from
unauthorized modifications. (2) to guarantee authorized end-users cannot
obtain output from the applications by providing (a) access control
mechanisms that prevent unauthorized users from reaching the site, and (b)
some kind of encryption to ensure the privacy of the information as it
traverses the network to and from the end-users.
|
