The CC combines the best aspects of existing criteria for the security evaluation of information technology systems and products.

This paper explains how distributed, interactive computing can be used to assist decision makers to investigate alternative courses of action in complex, dynamic businesses and policy environments.  The military\‘s use of computer-generated synthetic battlefields for training is the metaphor; the creation of synthetic economies within which to practice policy and management prerogatives is the goal. Wxposition proceeds by example, while methodological excursions and underlying theory are provided in supporting appendices.

This White Paper explains key elements of the Clinton Administration\‘s policy on critical infrastructure protection. It is intended for dissemination to all interested parties in both the private and public sectors. It will also be used in U.S. Government professional education institutions, such as the National Defense University and the National Foreign Affairs Training Center, for coursework and exercises on iteragency practices and procedures. Wide dissemination of this unclassified White Paper is encouraged by all agencies of the U.S. Government.

The growth of managed care and integrated delivery systems has created a new commodity, health information and the technology that it requires. Surveys by Deloitte and Touche indicate that over half of the hospitals in the US are in the process of implementing electronic patient record (EPR) systems. The National Research Counsil has established that industry spends as much as $15 billion on information technology (IT), an amount that is xpanding by 20% per year. The importance of collecting, electronically storing, and using the information is undisputed. This information is needed by consumers to make informed choices; by physicians to provide appropriate quality clinical care; and by health plans to assess outcomes, control costs and monitor quality. The collection, storage and communication of a large variety of personal patient data, however, present a major dilemma. How can we provide the data required by the new forms of health care delivery and at the same time protect the personal privacy of patients? Recent debates concerning medical privacy legislation, software regulation, and telemedicin suggest that this dilemma eill not be easily resolved. The problem is systematic and arises out of the routine use and flow of information throughout the health industry. Health care information is primarily transferred among authorized users. Not only is the information used for patient care and financial reimbursement, secondary users of the information include medical, nursing, and allied health education, research, social services, public health, regulation, litigation, and commercial purposes such as the development of new medical technology and marketing. The main threats to privacy and confidentiality arise from within the institutions that provide patient care as well as institutions that have access to patient data for secondary purposes.