The invention relates generally to the field of computer security, and in particular to providing security for information stored on a computer server.
The pervasiveness of the Internet has allowed information to become available to a user anywhere and at anytime. A user can store his/her personal information, for example, an address book and family photos on a Web server and be able to access the personal information from, e.g., a home personal computer (PC) or from a cell phone while on vacation in a foreign country. However, unauthorized users, e.g., hackers, also have an increased opportunity to access the user's personal information to, for example, copy, delete, or modify, the user's information.
Despite the growing number of hackers ranging from mischievous teenagers to hardened criminals, the typical Web site has minimal security. A typical Web site has the user's information stored on an on-line database connected to the Web server. A user accesses his/her data via a user ID and a password. the password file is also stored on the Web server. Both the password file and all the information in the database are vulnerable to a hacker. As users begin to store sensitive information such as credit card numbers or personal medical information, on a Web site, this minimal security is inadequate.
In the case of a person's medical records, there are significant advantages to having a person's medical records available on-line, i.e., accessible on a Web server via the Internet. For example, when a person visits a specialist or a physician that is not adequately familiar with the person's medical history and/or current conditions, treatments and medications, a commercially available service is available that will allow the specialist or physician to receive and review information, including the clinical records that have been prepared by the person's previous or other current health care providers, that could indicate the cause of the current problem, help avoid redundant or unnecessary tests and conflicting or ineffective treatments, and help reduce the possibility of adverse drug reactions. However, a person's medical records are particularly sensitive and patients need to be sure of security measures before their records are available for on-line access. Conventional web servers with their on-line databases and password files provide little assurance that a person's medical records will remain secure.
Therefore what is needed is a computer security system which significantly reduces the risk of unauthorized access via the Internet to sensitive information, for example, a user's personal information and more specifically, to a person's medical records stored in a database.