Department of Health

General and Application Controls Over the Health Information Network

The Health Information Network is a web-based information system maintained by the Department of Health for users in the Department and local health departments throughout New York State. The Network contains information relating to hospital operations, births and deaths, communicable diseases, and other aspects of public health. We examined whether confidential information in the Network was adequately protected against access by unauthorized individuals. We found that the controls for preventing such access were generally adequate, but improvements could be made in certain controls to provide even better protection. We also found that plans needed to be developed and other actions taken to prevent service interruptions and a loss of information from power failures, natural disasters and other such events.

For a complete copy of Report 2001-S-4 click here.
For a copy of the 90-day response click here.