Configuring Security Features in a Community Health Application

The Tasmanian Department of Health and Human Services (DHHS) is implementing a Statewide client management application across all of its community health services. This application, known as the Community Client Health Profile (CCHP) project, will be trialed at three community health centres during the third quarter of 2003, followed by a Statewide rollout and extension to other community-based services in 2004/5. The CCHP project will deliver a Statewide Electronic Health Record (EHR) and client management application for all community-based services in the DHHS. Initially this includes community nursing, home care and community allied health services but will eventually be expanded to include community mental health, palliative care and other DHHS community based services. In the CCHP, basic security is maintained by features such as encryption, passwords, inactivity time-out, firewall, audit trails, etc. There is nothing novel in these features and they are not discussed further in this paper. We describe some of the security issues and decisions made by the project team in configuring the trial implementation. Of interest here are the security features that were either designed for, or configured by, the DHHS project team. These include; Default and ad hoc Privacy settings Attribution User views defined by security groups