Modern healthcare systems incorporate databases for effective and efficient management of patient healthcare. Databases are vulnerable to cyberattacks and must be designed and built with security controls from the beginning of the life cycle. Although hardening the database early in the life cycle is better, security is often incorporated after deployment, forcing hospital and healthcare IT professionals to play catch-up. Database security requirements should be defined at the requirements stage of acquisition and procurement.
System security engineers and other acquisition personnel can effectively assist vendors in building better healthcare database systems by specifying security requirements up front within the request for proposal (RFP).
An RFP, about 10 to 12 pages, in the form of a double-spaced Word document with citations in APA format.