This paper considers the increasing requirement for security in healthcare IT systems and, in particular, identifies the need for appropriate means by which healthcare establishments (HCEs) may respond to incidents.

The main discussion focuses upon two significant initiatives that have been established in order to improve understanding and awareness of healthcare security issues. The first is the establishment of a dedicated Incident Reporting Scheme (IRS) for HCEs, enabling the level and types of security incidents faced within the healthcare community to be monitored and advice appropriately targeted. The second aspect presents a description of healthcare security World Wide Web service, which provides a comprehensive source of advice and guidance for establishments when trying to address and prevent IT security breaches.

The discussion is based upon work that is currently being undertaken with the ISHTAR (Implementing Secure Healthcare Telematics Applications in Europe) project, as part of the Telematics Applicationsfor Health programme ofthe European Commission.