Trust--can it be controlled?

Abstract

Trust is an important component in the security of an information system. The advent of the electronic health record (EHR) and the health information system (HIS) have raised it to greater prominence. These systems and their intended benefits are rendered less effective through a low level of trust between the stakeholders. The potential reciprocal relationship between accountability and trust is investigated. A literature study examines both concepts and their interrelationship. The accountability and audit controls provided by the NIST SP 800-53 security guide and the ISO 27799 security standard are extracted, collated and expanded to strengthen the accountability mechanisms within an HIS security program. A dedicated set of accountability controls (NIM) which is specific to the healthcare environment is produced. It is proposed that through the strengthening of the accountability function of the HIS, its level of trustworthiness may be improved.