Distributed Server Concept
Due to the nature of the doctor/patient relationship and the sensitivity of health issues, exchanging and collecting information on the web brings with it many concerns regarding privacy and confidentiality. Studies show that many users refrain from taking full advantage of health web sites for fear of privacy violations.
There is a fine balance between gathering important information to affect change in a positive way and maintaining the confidentiality of health information. Successfully competing in the new economy, while keeping the integrity of our profession intact, simply means addressing the issues of patient confidentiality and information security as seriously as we would a patient's health.
The official security policy at the Institute for Evaluative Research in Orthopaedic Surgery at the University of Bern (IEFO) is to take every measure possible to guarantee that the traditional physician/patient relationship, based on trust, is still the number one priority. This is done by dealing with the issue of Physician/Patient confidentiality at every level of the organization. Our systems are designed to ensure that the information, with which we are entrusted, is not misused or accessed, by accident or by malice, by any unauthorized persons.
What type of health information are we gathering and why?
IEFO is conscious of your privacy rights and consistently takes every measure possible to protect them. Our mission is to assemble medically relevant data for the purpose of aggregating information in order to create universal standards, and to increase the quality of healthcare and healthcare products.
Participants of the program will be given constant access to their own personal information, patient information as well as aggregated information by which they can assess themselves. At no time will any participants in the program be able to access identifiable information of participants or patients outside the same clinic.
Aggregated information will also be collected by IEFO for the purposes of creating international benchmarks and raising the bar for the healthcare profession. This information will be disseminated in the form of publications, and will be presented to trusted partners who are contractually obligated to abide by the same confidentiality policies as IEFO.
What makes up a good security system?
The concept behind the Internet is to give people an easy and inexpensive way to exchange information. This principle is in direct contradiction with the concept of creating a secure environment! Even so, developing this atmosphere is crucial in order for people to feel comfortable with this new mode of communication. A solid security concept is concerned with three issues:
Confidentiality
Ensuring only those who have been authorized to access electronic data are able to do so.
This concept is addressed by establishing user identity and implementing discretionary access controls.
Integrity
Maintaining the integrity of a database ensures that information goes from one point to another, unaltered.
Special audit features enable us to monitor who modifies data and when.
Once data has been verified by the responsible physician it is locked and can no longer be modified by anyone.
Availability
It is important for data to be accessible quickly, easily and whenever necessary.
This requires the elimination of down time when accessing information.
Data must be accessed in a form that is readable.
This also requires the creation of multiple back up files.
Database integrity does not begin nor end with securing personal computers. A security system is only as strong as its weakest link, and is only valuable if its integrity is maintained. Creating a secure environment to collect, manage, and retrieve data, begins with the method of compiling data and ends with our associates and physical environment.
Security architecture
Surgeons who participate in the registry only give their names and professional rank upon registration for the purposes of verification. Thereafter, they are referred to by a unique identifier number that is assigned at the time of registration.
Information that links the personal Identification numbers to the orthopaedic surgeons is only accessible by the site administrator.
Information Technology (IT)
IEFO uses ISO 9000 compliant computer systems.
Identification and authentication: the former identifies the party and allows him to access information to which he is entitled to view. The latter will confirm that the user is in fact who he states he is.
Firewalls are in place so that there is only one entry point to the internet site. This point grants web access only, and all other modes of access are restricted.
In addition to our own IT specialists, the University of Bern regularly audits our security systems, using their proprietary system, to ensure that IEFO security measures consistently meet the highest standards.
People
Promoting security awareness within the organization is a priority.
Associates are made aware as to the sensitivity of the information being handled and the importance of maintaining its integrity.
All employees are asked to sign a confidentiality agreement acknowledging that they understand the importance of maintaining confidentiality and that there are consequences for non-compliance.
In addition, this policy is available for any IEFO member to read at any time, and it is periodically reviewed as a group.
There is a fine balance between gathering important information to affect change in a positive way and maintaining the confidentiality of health information. Successfully competing in the new economy, while keeping the integrity of our profession intact, simply means addressing the issues of patient confidentiality and information security as seriously as we would a patient's health.
The official security policy at the Institute for Evaluative Research in Orthopaedic Surgery at the University of Bern (IEFO) is to take every measure possible to guarantee that the traditional physician/patient relationship, based on trust, is still the number one priority. This is done by dealing with the issue of Physician/Patient confidentiality at every level of the organization. Our systems are designed to ensure that the information, with which we are entrusted, is not misused or accessed, by accident or by malice, by any unauthorized persons.
What type of health information are we gathering and why?
IEFO is conscious of your privacy rights and consistently takes every measure possible to protect them. Our mission is to assemble medically relevant data for the purpose of aggregating information in order to create universal standards, and to increase the quality of healthcare and healthcare products.
Participants of the program will be given constant access to their own personal information, patient information as well as aggregated information by which they can assess themselves. At no time will any participants in the program be able to access identifiable information of participants or patients outside the same clinic.
Aggregated information will also be collected by IEFO for the purposes of creating international benchmarks and raising the bar for the healthcare profession. This information will be disseminated in the form of publications, and will be presented to trusted partners who are contractually obligated to abide by the same confidentiality policies as IEFO.
What makes up a good security system?
The concept behind the Internet is to give people an easy and inexpensive way to exchange information. This principle is in direct contradiction with the concept of creating a secure environment! Even so, developing this atmosphere is crucial in order for people to feel comfortable with this new mode of communication. A solid security concept is concerned with three issues:
Confidentiality
Ensuring only those who have been authorized to access electronic data are able to do so.
This concept is addressed by establishing user identity and implementing discretionary access controls.
Integrity
Maintaining the integrity of a database ensures that information goes from one point to another, unaltered.
Special audit features enable us to monitor who modifies data and when.
Once data has been verified by the responsible physician it is locked and can no longer be modified by anyone.
Availability
It is important for data to be accessible quickly, easily and whenever necessary.
This requires the elimination of down time when accessing information.
Data must be accessed in a form that is readable.
This also requires the creation of multiple back up files.
Database integrity does not begin nor end with securing personal computers. A security system is only as strong as its weakest link, and is only valuable if its integrity is maintained. Creating a secure environment to collect, manage, and retrieve data, begins with the method of compiling data and ends with our associates and physical environment.
Security architecture
Surgeons who participate in the registry only give their names and professional rank upon registration for the purposes of verification. Thereafter, they are referred to by a unique identifier number that is assigned at the time of registration.
Information that links the personal Identification numbers to the orthopaedic surgeons is only accessible by the site administrator.
Information Technology (IT)
IEFO uses ISO 9000 compliant computer systems.
Identification and authentication: the former identifies the party and allows him to access information to which he is entitled to view. The latter will confirm that the user is in fact who he states he is.
Firewalls are in place so that there is only one entry point to the internet site. This point grants web access only, and all other modes of access are restricted.
In addition to our own IT specialists, the University of Bern regularly audits our security systems, using their proprietary system, to ensure that IEFO security measures consistently meet the highest standards.
People
Promoting security awareness within the organization is a priority.
Associates are made aware as to the sensitivity of the information being handled and the importance of maintaining its integrity.
All employees are asked to sign a confidentiality agreement acknowledging that they understand the importance of maintaining confidentiality and that there are consequences for non-compliance.
In addition, this policy is available for any IEFO member to read at any time, and it is periodically reviewed as a group.
