Securing Mobile Healthcare Systems Based on
Information Classification: DITIS Case Study
Eliana Stavrou
, Andreas Pitsillides
Department of Computer Science, University of Cyprus
P.O. Box 20537 CY1678, Nicosia, Cyprus
Abstract. Healthcare applications require special attention regarding security
issues since healthcare is associated with mission critical services that are con-
nected with the well being of life. Security raises special considerations when
mobility is introduced in the healthcare environment. This research work pro-
poses a security framework for mobile healthcare systems based on information
classification into security levels. By categorizing the information used in mo-
bile healthcare systems and linking it with the security objectives and security
technologies, we aim in balancing the trade-off between security complexity
and performance. Furthermore, this paper discusses a number of issues that are
raised in the healthcare environment: privacy, confidentiality, integrity, legal
and ethical considerations.
1 Introduction
The introduction of mobile services into our every day work has changed the way
people interact with each other, process information and complete mission critical
tasks. Within the framework of mobile services, the healthcare sector has evolved in
such a way meeting the needs of its patients for an enhanced quality of care. A num-
ber of mobile healthcare applications exists today taking advantage of modern infor-
mation technology in information systems and supplementing traditional delivery of
healthcare services. Benefits from this trend include among others, improved com-
munication among the healthcare professionals, instant access to medical information,
and effective management of people (such as healthcare professionals and patients)
and information, all these leading to the number one priority of healthcare sector for
improved quality of care and patient satisfaction.
Healthcare applications require special attention regarding security issues since
healthcare is associated with mission critical services that are connected with the well
being of life. However, mobile devices raise extra security considerations since mo-
bility encompasses other dangers such as physical threats and compromization of
sensitive information stored on mobile devices. In addition, limitations of mobile
devices (limited battery life, computational power) often affect the security technolo-
gies adopted. Therefore, it is essential to use security solutions in an effective way so
that healthcare services can be provided without been affected.
Stavrou E. and Pitsillides A. (2006).
Securing Mobile Healthcare Systems Based on Information Classification: DITIS Case Study.
In Proceedings of the 4th International Workshop on Security in Information Systems, pages 67-79
This research work proposes a security framework for mobile healthcare systems
based on information classification into security levels. By categorizing information
used in the healthcare application and by linking it with the security objectives and
security technologies we aim in balancing the trade-off between security complexity
and performance. The proposed security solutions are further categorized based on
the security objective they serve.
Furthermore, this paper discusses a number of issues that are raised within the mo-
bile healthcare environment: privacy, confidentiality, integrity, legal and ethical con-
siderations. Nowadays, there are various mobile healthcare applications that are in
use, many of which are initiated in a research project context. WARD IN HAND
(IST-1999-10479) allows the management of key clinical information while provid-
ing decision support to mobile medical staff of a hospital ward, MOBIDEV (IST-
2000-26402) promises to provide mobile users with secure access to the Hospital
Information System in and outside the hospital, using web interfaces based on Blue-
tooth technology and GPRS/UMTS networks and also improve user friendliness via
voice commands, DOCMEM (IST-2000-25318) and MOMEDA (HC 4015) aim to
offer web access to electronic patients records (EMR) via multimedia terminal and
possibilities of remote consultation, SMARTIE (IST-2000- 25429) aims to develop
web tools for multi-platform EMR access and support for medical error prevention,
MTM (IST-1999-11100) provides via a local wireless network multimedia medical
support to the mobile hospital personnel. These projects are based on a variety of
technologies (e.g., GSM, GPRS or local wireless networks) and face the mobile
health care problem from a variety of angles. Although all healthcare applications
have implemented some kind of security, none is concerned in adequate detail with
the security challenges that are raised in the mobile environment.
This work is made in the context of DITIS case study, a mobile telemedicine ap-
plication and is organized as follows. Section 2 discusses related work. Section 3
briefly describes the case study. Section 4 presents the security framework based on
the information classification. Section 5 constitutes conclusions.
2 Related Work
A number of guides [1], [2], [3], [4] exists today providing information on how to
classify confidential information for a variety of sectors like the government and the
healthcare sector. Through out our research, no security framework has been detected
to be focused on information classification and which is applied on mobile healthcare
systems. However, healthcare security frameworks exist that do not take into consid-
eration information classification. Markovic et al. [5] overview modern security sys-
tems which are used in medical electronic business systems and mobile healthcare
systems. Bourka et al. [6] describe and assess the integration of Public Key Infra-
structure security mechanisms (such as strong authentication and encryption) in an
electronic referral and prescription application. Spinellis et al. [7] proposed a secure
framework for web-based telemedical applications defining among others the rela-
tionship between security services and security concepts and technologies. Misra et
al. [8] address the security challenges raised by mobile communication and discuss
the wired equivalent security showing how this concept can be applied to achieve
end-to-end security in a mobile healthcare environment.
3 Case Study
The healthcare application and its infrastructure considered for this research are used
to derive the main information and services that could be used in other mobile health-
care applications and be included into information classification, the security objec-
tives and considerations identified and the security technologies implemented within
the environment under consideration.
3.1 Environment
DITIS [9], [10] (in Greek it stands for Networked Collaboration for Home healthcare)
is an Internet-based Group collaboration system with fixed and GSM/GPRS mobile
DITIS was initiated in 1999, supporting the activities of the home healthcare ser-
vice of the Cyprus Association of Cancer Patients and Friends (PASYKAF). DITIS
supports homecare by offering wireless healthcare services for chronic illnesses with
emphasis on prevention, assessment and diagnosis. The main service is the dynamic
creation, management and co-ordination of Virtual Collaborative Healthcare Teams
for the continuous treatment of a patient at home, independently of physical location
of the team’s members, or the patient. For each patient a flexible (dynamic) virtual
medical team is provided, made up from visiting homecare nurses, doctors, and other
healthcare professionals, responsible for each case that may not be physically located
at the same time at a particular patient. The team has easy and timely access to the
unified Electronic Medical Record database to retrieve information about a patient i.e.
the current medical treatment and modify it as needed, as well as a range of collabora-
tion tools and services. Currently, the main mobile device used within DITIS applica-
tion is Sony Ericsson P900 mobile phone.
3.2 Stakeholders
Currently, DITIS application is used by the following categories of people:
Healthcare professionals (i.e. oncologists, cardiologists)
Therapists (i.e. physiotherapists, social workers)
Secretarial personnel
All people aforementioned are working for the welfare of the patients.
3.3 Services
The main services that are provided through DITIS application are the following:
Medical history
Symptoms registry
Virtual Team registry
4 Security Framework
In this section, a classification of information into security levels is proposed based
on the data and services that could be used in a mobile healthcare application, fol-
lowed up by the identification of the security objectives and considerations raised
within such an environment. Furthermore, appropriate security technologies are cate-
gorization under each objective. Finally, an association between the categorized in-
formation, the security objectives and security technologies is made, aiming in bal-
ancing the trade-off between security complexity and performance. In this way, im-
plementing a complex and flat security architecture that will degrade the performance
of the provided services, is been prevented. Security technologies must be used in a
smart and efficient way in order to balance security complexity and performance.
4.1 Information Classification
According to the Council of Europe Recommendation R(97)5 on the Protection of
Medical Data “Appropriate technical and organizational measures shall be taken to
protect personal data - processed in accordance with this recommendation - against
accidental or illegal destruction, accidental loss, as well as against unauthorized
access, alteration, communication or any other form of processing. Such measures
shall ensure an appropriate level of security taking account, on the one hand, of the
technical state of the art and, on the other hand, of the sensitive nature of medical
data and the evaluation of potential risks.”
It is obvious that the medical data is placed on the center of all efforts towards se-
curity. As stated earlier, a number of guides [1], [2], [3], [4] provides guidance on
how to classify confidential information.
The proposed healthcare security framework defines a four level classification:
Public level. Information is categorized in the public level if it is intended to be used
by any interested party. This level includes: educational material, press releases,
annual reports, and statistics. Security mechanisms are not needed for this level.
Internal Use Only level. Although this information is intended to be used internally,
compromization will not impact the organization. Internal Use Only information
involves demographics, internal project reports, appointments and the virtual team
assigned to each patient. Security is required but kept at minimum levels.
Confidential level. This category involves patients’ medical records that are accessed
by appropriate personnel on a need-to-know basis. Medical records include, among
others, information on medical history, symptoms, diagnosis, treatment and medi-
cation. Security at this category must be highly defined.
Highly confidential level. This level involves medical records of special content such
as information related to physical abuse, HIV status, and abortions. Furthermore, it
includes medical records of recognized people (such as the president of a country)
that their wok position is considered critical.
4.2 Security Objectives
Based on DITIS profile and taking into consideration the fact that DITIS is a mobile
telemedicine application, the security objectives that are defined using the OCTAVE
(Operationally Critical Threat, Asset and Evaluation) technique [11] are the follow-
Confidentiality ensures that sensitive information is kept secret and is available
only to those who are authorized to access it. Since information is related to sensitive
personal information such as medical records, Data Protection Law [12], [13] restric-
tions should be followed. Furthermore, the network architecture and sensitive con-
figurations must be kept secret from people without the need to know.
Confidentiality objective is more complex to maintain when sensitive data is stored
on handheld devices since a device can be lost. Furthermore, mobile communication
uses the airwave that is open to adversaries that could eavesdrop on the communica-
tion and steal sensitive data.
In DITIS, the healthcare professionals are greatly concerned with the medical con-
fidentiality. As mentioned earlier, a variety of job roles are involved in DITIS, raising
considerations for people that are not bound by the medical confidentiality (such as a
secretary), since these people can compromise sensitive information. People involved
in DITIS require that appropriate penalties are created so that if someone is found
compromising confidentiality then she/he must be considered liable.
Loss of confidentiality can cause great damage to the reputation of a certain patient
that may embarrass him and affect his life as he could even loose his job. For this
reason, and with respect to the privacy and confidentiality objectives, the healthcare
team is obligated to inform the patients that they use their personal information in
order to provide their services. Patients must give their written consent in order to
store and process their personal data; in this way the healthcare team is legally cov-
ered in a case of a lawsuit.
Integrity protects systems and information from unexpected modifications. Since a
healthcare system relies on the integrity of the information to function with accurate
outcomes, integrity objective is a top-level requirement. Therefore, there is urgent
need to make sure that information is traveling from one end to the other without
being intercepted and modified in the process. Medical records must be kept accurate
and be modified only by authorized personnel. System configurations must be up to
date and modified by authorized members of the development team to preserve the
stability of the system.
The healthcare team considers unacceptable situations where medical information
is altered in any way. The success of DITIS system is mainly depended from the
team’s satisfaction that must trust it 100% in order to use it for their everyday work.
After all, at the end of the day the healthcare team will first take the blame if they
provide services based on inaccurate data and cause damage.
Information and systems should be accessible at any requested time. Due to the na-
ture and criticality of the healthcare sector, medical records and systems must be
available on a 24/7 basis to nurse patients quickly and effectively at any time needed.
Loss of availability can cause severe damage especially for online service-oriented
systems that depend on information to function; in the case of healthcare systems the
damage may cause even death. DITIS healthcare team made it clear that since they
are dependent on the system to offer their services, they expect uninterrupted flow of
operation at all times.
Furthermore, availability problems may arise due to battery constrains. Without a
lightweight security solution, the battery of handheld devices may be absorbed
quickly resulting in loss of availability at the point of care.
Authentication & Authorization
Authentication and Authorization are two related concepts. Authentication pro-
vides a way to proof identify of a user and authorization determines whether an au-
thenticated user has the credentials to carry out a certain activity. Healthcare and
development team members should be assigned special credentials to access the sys-
tem and information stored on them. Proper security education should be provided to
prevent people from exchanging passwords or performing other actions that could
endanger the safety of people, information and systems.
These objectives are directly related with information classification. Low sensitiv-
ity levels may need simple authentication methods where highly sensitive levels could
require a combination of techniques.
Logical Access Control
Access control is essential for any system that handles sensitive information since
it implements appropriate mechanisms to protect the system and resources against
unauthorized access. As mentioned earlier, mobile healthcare services raise extra
considerations since they support the continuity of life. Therefore, healthcare infor-
mation must be accessed on a need-to-know basis. Since a mobile healthcare applica-
tion requires a fixed infrastructure to function that hosts a number of servers such as
web and database servers, appropriate configurations must be made to provide access
to data only to the designated personnel.
The most valuable asset of any healthcare application is the medical records that
hold specific medical data about a patient i.e. health condition, medication treatment.
This information is hosted and can be retrieved from the database server(s). There-
fore, in order to maintain the security of the systems and information, different logical
access control mechanisms should be provided to safeguard different levels of sensi-
tivity. For example first level access control should be implemented for information
shared between the healthcare team while second (or more) access controls should be
applied for information designated for a group of users such as nurses, social work-
ers, and physiotherapists.
Actions taken by legitimate users can be tracked down. By doing so, a user is ac-
countable for his actions. Mechanisms should be in place to protect people from been
accused for something they did not do. In addition to this, appropriate legislation
must be in place to legally cover people when they performed well their responsibili-
DITIS healthcare team considers this requirement to be one of the most basic chal-
lenges they have to face in their work. For example, the nurses need to be sure that
the system identifies doctor X as the person who changed the medical treatment of
patient Y. Nurses are responsible only for the provided treatment, in accordance with
the prescribed protocol, but they are not responsible for its selection.
Physical security
Since the study is focused on mobile healthcare applications, physical security of
the mobile devices is a critical objective that must be achieved in order to protect
sensitive information that is stored locally on the devices. Mobile devices can be
easily misplaced or lost. Therefore, appropriate techniques must be applied to main-
tain security even though a mobile device is stolen.
4.3 Security Technologies Classification
As stated earlier, this section briefly discusses appropriate security technologies that
should be included in a security framework and support the previous defined objec-
tives. These technologies are also implemented within DITIS environment, expect if
indicated otherwise.
4.3.1 Integrity & Confidentially
There are many places where the data may be intercepted; for example at the client
side, when synchronizing data or at the server side. In order to retain the integrity and
confidentiality of the data it is a necessity to implement end-to-end encryption be-
tween the mobile device and the fixed infrastructure or implement encryption on the
device to encrypt stored data that need protection.
Public Key Infrastructure (PKI)
PKI [14] makes use of the technology known as public key cryptography. Public
key cryptography uses a pair of keys to encrypt and decrypt messages, a public key
and a private key. The public key is widely distributed in digital certificates whereas
the private key is held secretly by its owner. Messages are protected from adversaries
by encrypting them with the public key of the recipient. Only the recipient can de-
crypt the message by using his / her private key, thus retaining the privacy of the
Virtual Private Networks (VPN)
A VPN [15] allows a user to send data between two remote devices across a public
network as he was using a point-to-point private link. Information sent over a VPN
connection is kept private by using a tunneling protocol and appropriate security
procedures. Data is encrypted and encapsulated with a header containing routing
information that is used to find its destination. In this way, even if the packets are
intercepted, the attacker cannot read it or modify it without the changes be seen by the
4.3.2 Availability
In many cases, medical professionals like nurses may visit patients who are located
away from a fully equipped hospital and use their mobile device to connect with the
hospital’s database and retrieve information about the patient. This communication
must be retained at all times so that nurses can respond immediately to emergencies.
Fail safe plan
In sensitive areas like the healthcare sector, the implementation and operation of
healthcare applications must be performed in a well-designed environment. The main
idea is to be precautious and have a fail safe plan implemented so that if anything
happens (due to physical threats like fires or a security violation) with the primary
infrastructure, a secondary infrastructure will take over until the problem is solved;
this means that equipment must be redundant so that operation will continuously be
supported. This plan may introduce overhead in managing the two infrastructures but
it is a cost that needs to be taken since the benefit to be gained is more important.
In order to support a fail safe plan, it is necessary to maintain appropriate backups
of the critical data hosted on systems. Data to be backuped may include medical re-
cords, security configurations and any other data that is considered to be critical for
operation and must be accessible in a 24 / 7 basis. Data must be stored on removable
media or other redundant equipment and be well protected (i.e. locked down) since it
could be used immediately if a system crashes and goes down.
4.3.3 Authentication & Authorization
Authentication mechanisms incorporate one or more of the following elements:
Something the user has, like a digital certificate or a token.
Something the user knows, like a password.
A physical attribute, like a fingerprint.
The three pillars of authentication, as they are often called, can be used separately
or combined for even stronger authentication.
Mobile device users must be able to authenticate themselves to the mobile device
by providing a Personal Identification Number - PIN (i.e. for mobile phones), or a
password (i.e. for PDAs). Attention is needed when choosing weak PINs or pass-
words since they could easily be compromised and give access to an adversary that
would masquerade as the legitimate user. At the most basic level, organizations
should require the selection of strong passwords that would be difficult to guess.
Digital certificate
A user’s digital certificate can be required (code-specific) to either be authenti-
cated to a mobile device or to the healthcare application in order to be able to access
it and use the available services.
Smart cards
Smart cards are hardware devices similar to credit cards. They however provide
additional functionality. A smart card has a memory chip and a mini-processor at-
tached to it. An amount of information can be stored in a smart card and used for
various purposes. For instance, a smart card can be used to hold a user’s private key
or medical record and contact information. A smart card can have many usages. For
example, a user may use his smart card for authentication purposes in order to gain
access to a building, an X-Ray machine etc. Additionally, a smart card can be used to
digitally sign a transaction or a document; for example, it can be used from a doctor
to sign changes made to a patient’s record. Currently, DITIS does not support smart
card usage; it is planned as a future task.
Biometric [16] user authentication can be accomplished using unique characteris-
tics i.e. face, voice, fingerprint, and retinal. Mobile devices can be configured to use
fingerprint and voice biometric authentication to give access to the application in use;
these authentication methods use more compact devices that are suitable for the mo-
bility aspect of mobile devices. Currently, DITIS does not use biometrics as an au-
thentication mean.
4.3.4 Accountability
As mentioned earlier, a mobile healthcare application is supported by a fixed infra-
structure, where a variety of systems host sensitive data like the patients’ medical
records. Since it is important to record a number of events like who accessed certain
information, who made a change and where, when a modification happened etc, it is
essential to implement history tables on the database level.
The database server that hosts the data must be configured appropriately so that
history tables are created. The history tables will contain all the recorded events so
that a user action can be tracked down if necessary. For an enhanced level of security,
the history tables must only be accessed by the administrator of the systems or other
designated personnel; in addition to this, the tables must be encrypted so that noone
who has access to the database server will be able to read and modify the tables.
Digital signature
The digital signature is created within the PKI framework and has the same pur-
pose as a handwritten signature. When a user digitally signs an electronic document
(email, spreadsheet, text file etc.) he provides a mean to the recipient to authenticate
him as the writer of the document. In addition, by receiving a digitally signed docu-
ment a user can verify that it has not been altered in any way since the writer created
it. In the case an adversary changes the message, the PKI mechanism informs the user
about the situation.
By using digital signatures in a healthcare application, we achieve non-repudiating
actions. For example, a doctor changing the medical treatment of a patient cannot
later deny his action. However, it is important to educate the users about issues like
the importance of protecting the private key; if someone else compromises the key
then he would be able to sign documents on behalf of the user owning the key.
Furthermore, it is essential to make a background research and find out if the local
legislation supports the operation of digital signatures [17] and whether such evidence
is accepted by a court of law.
Confidentiality documents
Although the healthcare team must be convinced for the transparency of how the
application is functioning, they also have responsibilities against the patients and
against the organization offering the healthcare services [18].
Medical personnel accessing medical information have a responsibility to maintain
the privacy of the data. After all, a patient’s reputation may be damaged if his medical
condition is publicized, for example he could loose his job.
In addition to the medical personnel, the development personnel of the healthcare
application may has access to confidential documents. Therefore, it is critical to cre-
ate confidentiality and code of ethics documents that must be signed by both medical
and development personnel. By signing these documents, all personnel recognize the
importance of keeping information confidential and also the responsibilities they have
towards the organization. These documents should adhere to local and national data
protection laws.
To retain the accountability objective, it is important to bind the patients as well.
The patients must sign an appropriate form, acknowledging and permitting the stor-
age and processing of their personal and medical information for providing an en-
hanced quality of care. In this way, the healthcare team is legally covered in a case of
a lawsuit.
Auditing is used to check systems if they fulfil the appropriate security require-
ments and security policies. In addition to this, any action against the security policies
is recorded for further investigation. In this way, people’s action can be tracked
4.3.5 Logical Access Control
Role separation must be implemented to provide increased database security. Since
the healthcare sector involves a number of medical professionals i.e. nurses, oncolo-
gists, physiotherapists, there is the need to distinguish the rights and permissions of
each professional. Before deploying the application, it is essential to perform a de-
tailed analysis in order to design access rights for each group of users. According to
the organization, all appropriate user roles must be identified and their responsibilities
must be documented in order to define their permissions. Based on the permissions
defined, each group of users will have an appropriate view of the data stored on the
database server.
4.3.6 Physical Security
Physical security controls [19] are implemented to protect the facility housing system
resources, the system resources themselves, and the facilities used to support their
According to NIST Handbook, “The controls over physical access to the elements
of a system can include controlled areas, barriers that isolate each area, entry points in
the barriers, and screening measures at each of the entry points”.
In the case of mobile devices, there is an increased risk of theft and physical dam-
age. Therefore, appropriate mechanisms should be developed so that after a number
of unsuccessful attempts to be authenticated, all sensitive information stored on the
device is locked or even destroyed.
4.4 Information Classification, Security Objectives and Technologies
Table 1 indicates the relationship between the classification of information, the secu-
rity objectives and technologies discussed in the previous section. All these, formu-
late a security framework that could be adopted in a mobile healthcare environment.
Table 1. Information classification, security objectives and technologies association.
5 Conclusions
Mobile healthcare applications have revolutionized the healthcare sector. However,
new challenges are raised regarding privacy, confidentiality, integrity and legal is-
sues. All these are necessary to be addressed in a comprehensive security framework
where security technologies will complement one another. By categorizing informa-
tion used in the healthcare application and by linking it with the security objectives
and security technologies we aim in balancing the trade-off between security com-
plexity and performance. The target of all these efforts is to develop mobile health-
care applications for improved quality of care.
This work is supported by the Cyprus Research Promotion Foundation under the
SKINIKO project.
1. Boran, S. (2003), IT Security Cookbook, Chapter 4: Information Classification
2. CSTB - Computer Science and Telecommunications Board Commission on Physical Sci-
ences, Committee on Maintaining Privacy and Security in Health Care application (1997),
For the Record: Protecting Electronic Health Information, National Academy Press, pg. 94-
3. ISO17799 Security Standard, Section 5: Asset Classification and Control
4. Krutz, R. et al. (2001), The CISSP Prep Guide: Mastering the Ten Domains of Computer
Security, Wiley, pg. 5-10
5. Markovic, M., Savic, Z. and Kovacevic, B. (2004), Secure mobile health systems: Princi-
ples and solutions, Book Chapter in M-Health: Emerging Mobile Health Systems, Kluwer
Academic/Plenum Publishers
6. Bourka, A., Kaliontzoglou, A., Polemi, D., Georgoulas, A. and Sklavos, P. (2003) PKI-
based security of electronic healthcare documents, SSGRR 2003 International Conference
on Advances in Infrastructure for Electronic Business, Science, Education, Medicine, and
Mobile Technologies.
7. Spinellis, D., Gritzalis, S., Iliadis, J., Gritzalis, D., and Katsikas, S. (1999) Trusted third
party services for deploying secure telemedical applications over the WWW, Computers
and Security, 18(7):627–639
8. Misra, S., Wickramasinghe, N., and Goldberg, S., (2003) Security Challenge in a mobile
healthcare setting
9. Pitsillides, A., Pitsillides, B., Samaras, G., Dikaiakos, M., Christodoulou, E., Andeou, P.
and Georgiades, D. (2005) DITIS: A Collaborative Virtual Medical Team for the Home
Healthcare of Cancer Patients, Book Chapter in M-Health: Emerging Mobile Health, Klu-
wer Academic/Plenum Publishers.
10. Pitsillides, B., Pitsillides, A., Samaras G. and Nicolaou, M. (2004) DITIS: Virtual collabo-
rative teams for improved home healthcare, Book Chapter in 'Virtual Teams: Concepts and
Applications', ICFAI University Press.
11. Alberts C, Dorofee A. “Managing Information Security Risks: The OCTAVE approach”,
Addison Wesley Publisher 2002
12. European Union Directive 95/46/EC of the European Parliament and of the Council of 24
October 1995 on the protection of individuals with regard to the processing of personal
data and on the free movement of such data
13. Council of Europe (1997), Recommendation R(97)5, On the Protection of Medical Data
14. Digital Signature Trust, PKI basics: Digital Signatures and Public Key Infrastructure
15. Microsoft, (2000) Virtual Private Networking in Windows 2000
16. Reid, P. (2003) Biometrics for Network Security, Prentice Hall
17. European Union Directive 1999/93/EC on e-Signatures
18. NHS Code of Practice (2003) Confidentiality
19. NIST Handbook (1996): An Introduction to Computer Security, Chapter 15: Physical and
Environmental Security