Health care is a highly regulated industry in which much value is placed upon privacy and confidentiality. The business of health care, particularly in certain academic environments, requires access to data of varying sensitivities, including information from the public Internet. This paper proposes a VLAN-based architecture for segregating data of varying sensitivities, a list of components that facilitate access to and distillation of data, and a method for one-way promotion of individual nodes from areas of lower security to areas of higher security.The proposed solution is an implementable and pragmatic approach to reducing the risk of data leakage. Quality of experience (QoE) measures of two methods for access (node promotion and porthole-based access) are compared. The node promotion method improves the user-perceived responsiveness of applications over the porthole-based method while reducing flexibility.
Keywords-health care information systems, electronic health records, VLAN, QoE, network securityI.