@cyberslate: INFOSEC Preso on Security and Privacy in SharePoint 2010: Healthcare – Life in Caps Lock: cyberslate’s posterous

Some great information here about using SharePoint in HealthCare.

Compartmentalization with a robust security grouping strategy can pay dividends. in many cases SharePoint can be used to manage workflow because the process of managing the workflow does not require visibility to PHI/PII information. In these cases separate and compartmentalize the PHI/PII data and control access through security groups.

I built this capability in SharePoint 2007 using associated lists. This allowed teams to review case workload and progress without having to see member information. Yet the member information was accessible via a simple hyperlink, providing the viewer had adequate security rights.

As is correctly pointed out, this needs Administrator involvement from the outset and ideally the creation of utilities and web parts that support this approach so that we make it easy for site administrators/developers to create departmental and team workflows that remain HIPAA client and don’t divulge PHI or PII to unauthorized personnel.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s