Annex 4 - References

Many of the following documents are available from the CQU Computer Security Committee.

Canadian Health Record Association (1980). Code of Practice for Safeguarding Health Information, CHRA, Toronto.

Canadian Health Record Association (1990). Electronic Authentication, CHRA, Toronto.

Canadian Health Record Association (1985). Patient Access to Health Records, CHRA, Toronto.

Canadian Health Record Association (1987). Record Security, CHRA, Toronto.

Canadian Health Record Association (1989). Security of Computerised Health Information, CHRA, Toronto.

Canadian Health Record Association (1989). Transmission of Health Information by Facsimile, CHRA, Toronto.

Caelli, Bill (1992). Evaluation of System Security, Professional Computer, Jul/Aug.

Carl-Mitchell, Smoot, and Quarterman, John S (1992). Building Internet Firewalls, UNIXWorld, Feb.

Dimmock, Chris (1992). Desktop Data Security, Professional Computer, Jul-Aug.

Gritzalis, D., Socratis, K. (1993). A High Level Security Policy for Health Care Establishments, Commission of the European Communities, Advanced Informatics in Medicine, SEISMED (A2033), Greece.

Industry Canada (1994). Privacy and the Canadian Information Highway, Supply and Services Canada, Ottawa.

New Brunswick Government Task Force On Data Sharing and Protection of Personal Privacy (1994). Protecting Privacy in an Information Sharing Environment, Government of New Brunswick, Fredericton.

Royal Canadian Mounted Police (1994). Guide to Threat and Risk Assessment for Information Technology (Interim), Supply and Services Canada, Ottawa.

Royal Canadian Mounted Police (1992). Small Systems Security Guidelines, Supply and Services Canada, Ottawa.

Royal Canadian Mounted Police (1992). A Security Guide for the Electronic Office Environment, Supply and Services Canada, Ottawa.

Royal Canadian Mounted Police (1992). Technical Security Standards for Information Technology, Supply and Services Canada, Ottawa.

Seismed Project (c1994-5). The following documents from the European Community's SEISMED (Secure Environment for Information Systems in Medicine) project are available with the CQU Computer Security Committee.

Codes of Professional Ethics

Security of Medical Database Systems - Part 1

Security of Medical Database Systems - Part 2: Security Guidelines for HCE management

Security of Medical Database Systems - Part 3: Medical Database Security Guidelines for General HCE staff

Guidelines for Health Care Security Risk Analysis for Health Care IT and Security Personnel

Recommendations for European Health Data Protection Legislation

Security Guidelines for Existing Health Care Systems

Analysis and Conclusions from a Survey of Data Protection in European Health Care Establishments

Legal Issues of Medical Personal data protection

Health Informatics Deontology Code

Guidelines for Health Care Security Risk Analysis for Health Care IT Users

Guidelines on Secure Implementation

Guidelines for Health Care Security Risk Analysis for Health Care Management

Introduction to the SEISMED Guidelines

Aggregate Report on the Risk Analysis reviews at the Four Reference Centres

Guidelines for system procurement, development and design - Health Care Management

Guideline for cryptographic mechanisms - Health care management

Guideline for cryptographic mechanisms - IT-system end-users

Guidelines for system procurement, development and design - IT-Staff

Technical recommendations on cryptographic mechanisms - IT and security personnel

A Generic Protection Methodology for Existing Health Care Systems

High Level Security Policy (HLSP) for Health Care Establishments

Guidelines for the Possible Implementation of the Security Mechanisms and Protocols by the Reference Centres

Security Guidelines for Existing Health Care Systems - General HCE Staff

Security Guidelines for Existing Health Care Systems - HCE Management

Security Guidelines for Existing Health Care Systems - IT & Security Personnel

Smuckler, R. (1994). Health Care Information: Access and Protection, A Working Paper, Institute for Primary Care Informatics, North York.

Wright, T. (1992). Health Card Technology: A Privacy Perspective, Information and Privacy Commissioner/Ontario, Toronto.

Wright, T. (1994). Privacy Protection Principles for Electronic Mail Systems, Information and Privacy Commissioner/Ontario, Toronto.

Wright, T. (1993). Smart Cards, Information and Privacy Commissioner/Ontario, Toronto.

Other Documents available from the CQU Computer Security Committee:

AUSCERT - AUSCERT Information Sheet, University of Queensland, Griffith University, QUT, April 1994

Computer Users Handbook - Information Technology Division, 1995

Draft IT Policy Statements - Ian Jenkins, November 1991

SIGICE Bulletin
* Management Guidelines for PC Security
* Small Computers and Security

Site Security Policy Development

Site Security Handbook - Network Working Group, July 1991

Contents
Background: [1] [2] [3] _Section: [1] [2] [3] [4] [5] [6] [7] [8] [9] _Annex: [1] [2] [3] [4] [Index]
Guidelines for Computer Security at CQU, A C Lynn Zelmer, PhD; Editor/Adaptor
Copyright © 1996 CQU Computer Security Committee

Central Queensland University Home Page