Chief medical officer actions on information security in an Italian rehabilitation centre

In a multi-speciality rehabilitation centre, where child neuropsychiatrists, neurologists, physical rehabilitators, psychologists, nurses, therapists and other health care professionals actively care for patients, the moment will arrive when information security takes high priority on the chief medical officer (CMO) agenda. This has happened at the La Nostra Famiglia Institution. Local push to high priority arose from several concurrent forces, like privacy both on the patient and on the doctor side, legal and ethical aspects. Recommendations on the protection of medical data require appropriate technical and organisational measures to be taken to protect personal data against unauthorised access, alterations or any other form of inappropriate processing. In the same time quick and easy access to patient information should be granted to authorised personnel to ensure proper and in time treatment of patients. A long lasting sequence of co-operative negotiation meetings between the CMO and the chief information officer (CIO) led to appropriate outline of policies. We developed a suitable and modular architecture for designing systems that can simultaneously manage an increasing number of healthcare actors, objects and related access levels taking into account temporal conditions. Actions for keeping the prototype in use on an everyday basis are directly taken by the CMO.