security practice described above and the committee's findings based on its site visits. These findings are reported in terms of examples of observed current practice in health care computing environments. As the committee's site visits revealed, the protection of patient information could be greatly improved if existing, but currently undeployed, technologies were brought into more routine practice in health care settings. Specific technologies include strong cryptographic tools for authentication (Box 4.1), uniform methods for authorization and access control, network firewall tools, more aggressive software management procedures, and effective use of tools for monitoring system vulnerability. In the discussion below, instances in which other undeployed technologies could improve security are pointed out. Obstacles to the use of these tools and techniques are addressed later in the chapter.
Authentication is any process of verifying the identity of an entity that is the source of a request or response for information in a computing environment. It is the linchpin for making decisions about appropriate access to health care information, just as it is for controlling legal and financial transactions. Generally, authentication is based on one or more of four criteria:
These, of course, all depend on user's integrity in not sharing the key, token, secret, or characteristic that purports to identify them. The classical method for authentication in computing environments is to assign each user a unique identifier (user or account name) and to associate a secret personal password with each such account. IDs and passwords can work reasonably well but are subject to a number of problems. For example, besides sharing their accounts with others, users may forget their password or they may pick passwords that can be guessed easily. Passwords may also be compromised if users write them down where others