and other media without degaussing can also lead to disclosure of confidential information.

The committee found that most of the sites visited had moderate physical security in place for their information systems; one site had somewhat stronger practices. The machines that provide centrally controlled services—mainframes and other production servers—were identified, located in very secure settings, and well controlled at the sites the committee visited. This derives from historical concerns in information systems departments for central equipment. In the strongest sites, support included excellent commercial-grade secure machine rooms with card-key access, alternative power, redundant storage for key file systems, and backup server equipment.

Outside the main server areas, however, physical security was much more relaxed. In organizations with 20,000 workstations of various sorts distributed throughout wide-reaching work locations, it is nearly impossible to maintain close physical control over the location of equipment and the means by which it is accessed. This does not mean there is no effort aimed at the physical security of these machines in the sites visited, just that the problem is operationally very difficult. Control of equipment in inpatient clinical care settings was tighter than in outpatient settings, and the least control was exerted over machines in research areas. Even in clinical settings, it was often difficult to control access to workstations and terminals so that the demands of work flow did not impede information security. For example, configuring terminals so that authorized clinical staff have easy access may conflict with a configuration in which unauthorized people are unable to look at display content, sit at an abandoned logged-in terminal, or snoop output at printers or paper disposal containers.

To prevent unauthorized users from gaining access to machines that are left unattended while logged on (and to prevent employees from working at such machines under another employee's ID), many of the sites visited programmed their workstations to automatically log-off or obscure screen contents after a specified period of time. Practices varied among locations within sites visited, depending on the set of applications accessible from a given workstation and the work flow within a particular setting. Computer terminals in nursing stations, for example, may typically wait longer before logging off than those in more accessible areas because nurses often need to walk away from terminals momentarily to check on patients or refer to other information. Workstations used by physicians for order entry may have to be programmed to log off more quickly, to prevent an unauthorized person from entering a false order. Some hospitals allow departments to adjust the log-off time within some specified parameters to fit in better with the needs of users. In several



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement