Information Security in a Distributed Healthcare Domain
Rose-Mharie Åhlfeldt2006
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
In healthcare, patient information is a critical factor. The right information at the right time is a necessity in order to provide the best possible care for a patient. Patient information must also be protected from unauthorized access in order to protect patient privacy. It is furthermore common for patients to visit more than one healthcare provider, which implies a need for cross border healthcare and continuity in the patient process.
Related papers
Information Security in a Distributed Healthcare Domain: Exploring the Problems and Needs of Different Health Care Providers
2006
In healthcare, patient information is a critical factor. The right information at the right time is a necessity in order to provide the best possible care for a patient. Patient information must also be protected from unauthorized access in order to protect patient privacy. It is furthermore common for patients to visit more than one healthcare provider, which implies a need for cross border healthcare and continuity in the patient process.
Information Security in Distributed Healthcare: Exploring the Needs for Achieving Patient Safety and Patient Privacy
2008
In healthcare, patient information is a critical factor. The right information at the right time is a necessity in order to provide the best possible care for a patient. Patient information must also be protected from unauthorized access in order to protect patient privacy. It is furthermore common for patients to visit more than one healthcare provider, which implies a need for cross border healthcare and continuity in the patient process.
Security recommendations for implementation in distributed healthcare systems
2008
Abstract Healthcare applications involve complex structures of interacting processes and professionals that need to exchange information to provide the care services. In this kind of systems many different professional competencies, ethical and sensibility requirements as well a legal frameworks coexist and because of that the information managed inside the system should not be freely accessed, on the contrary it must be subject to very complex privacy restrictions.
Information Security and Privacy in Healthcare
Cloud computing is appearing as a good prototype for computing and is drawing the attention from both academia and industry. The cloud-computing model is transferring the computing infrastructure to third-party service providers that handle the hardware and software resources with important cost reductions. It is emerging as a new computing example in the medical field apart from other business domains. Many health firms have started moving to electronic health information to the cloud environment. Initiating cloud services in the health sector will not only eases the exchange of electronic medical records between the hospitals and clinics but also enables the cloud to act as a medical record storage center. Besides, moving to cloud environment eases the healthcare organizations from the repetitive tasks of infrastructure management and reduces development and maintenance costs. The medical data stored in the cloud makes the treatment systematic by recovering patient's medical h...
A Security based Framework for Interoperability of Healthcare Systems
International Journal of Applied Information Systems, 2013
The healthcare domain requires the seamless, secured and meaningful exchange of health related information for effective and efficient patient care. These information are highly sensitive and they are meant to be highly confidential. However, health related information are usually distributed across several heterogeneous and autonomous healthcare systems which makes the interoperability process prone to abuse, medical fraud, inappropriate disclosure of patients' information for secondary purposes by unauthorized persons and misuse. The effects of inadequate security and privacy in healthcare include monetary penalties, loss of revenue, damage to the healthcare system reputation, risk of receiving less information for optimum care, decreased quality of patients' care as well as threat to patients' lives. Consequently, effective information protection within the healthcare domain is highly significant. Hence, this paper examines the security and privacy policies that safeguard sensitive and confidential information in healthcare systems during the exchange and use of vital health information. The paper also proposes a security based framework that seeks to mitigate security risks in healthcare, and thus protect the integrity, confidentiality, and access to health related information.
Security and Information Assurance in Healthcare: Global Perspectives
Security and Information Assurance in Healthcare: Global Perspectives, 2024
Increasingly, the cyber threat target is the healthcare sector, and the nature of its data makes it a prime target for such a threat to be successful. The National Institute of Standards and Technology (NIST) has stated that its 2020 Cybersecurity Framework (CSF) is "as relevant to the healthcare and public health (HPH) sector as it is to any private sector industry" (U.S. Department of Health & Human Services, 2022). However, what do we know about security and information assurance in globally connected healthcare systems? This paper will address that question, informed by a literature review of old and new research.
Security Issues in Health Care Process Integration ? a Research-in-Progress Report
Conference on Advanced Information Systems Engineering, 2005
and eva.soderstrom}@ida.his.se
A literature review: Security Aspects in the Implementation of Electronic Medical Records in Hospitals
MEDIA ILMU KESEHATAN
Backgrounds: Electronic Medical Records have complete and integrated patient health data, and are up to date because RME combines clinical and genomic data, this poses a great risk to data disclosure The priority of privacy is data security (security) so that data will not leak to other parties. That way cyber attacks can be suppressed by increasing cybersecurity, namely conducting regular evaluation and testing of security levels.Objectives: To determine the security technique that maintains privacy of electronic medical records.Methods: This type of research uses a literature review methodResults: Data security techniques are determined from each type of health service. Data security techniques that can be applied are cryptographic methods, firewalls, access control, and other security techniques. This method has proven to be a very promising and successful technique for safeguarding the privacy and security of RMEConclusion: Patient medical records or medical records are very pri...
Future of healthcare vis-a-vis building trust in major stakeholders through Information Security Management
IARS' International Research Journal, 2013
The Healthcare sector is growing leaps and bound, so is its data and information. Security and privacy of this Information has become a crucial issue for this proliferating healthcare industry. In this fast moving global scenario, patients need not carry their medical records in a big bag on move, as in this digital world ,all that patients have to do is to get admitted in a hospital for the treatment , rest all is in hands of Information Assets Infrastructure of these mushrooming hospitals. But due to the increased use of patient’s information sharing among doctors, vis hospitals ;patients and their families raise an issue for security of their medical data and records. Hence improving the Information Security Management Systems (ISMS) has become the necessity to keep secure digital patient records for success of hospitals and their brands or at large name and fame of Healthcare Industry. Patients are required to share information with doctors for correct diagnosis and treatment....
Information Security and Privacy of Patient-Centered Health IT Services: What Needs to Be Done?
Proceedings of the 47th Hawaii International Conference on System Sciences (HICSS 2014), 2014
Patients increasingly want to access health information and services via tailored patient-centered health IT services (PHS). PHS produce value by managing, assessing, and working on users’ sensitive personal health information and leverage benefits of supporting technologies like cloud computing or mobile information and communication technology. Thus, information security and privacy is highly relevant for the development, deployment, and assessment of PHS. To ease PHS requirements engineering and contribute to the mastering of arising information security and privacy challenges, we derive PHS information security and privacy requirements. With our research we contribute to the scientific knowledge base by illustrating PHS information security and privacy requirements and providing a foundation for PHS requirements development, which represents a fundamental part of software engineering. For practice-oriented audiences, this research can serve as introduction to PHS and offers a foundation and guide for secure and privacy-ensuring development and deployment of PHS.
Related papers
Special Issue in Clinical Information Systems Security
Security and Communication Networks, 2008
Managing patient care records has become an increasingly complex issue with the widespread use of advanced technologies. The vast amount of information for every routine care procedure must be securely processed within different databases. Clinical information systems (CIS) address the need for a computerized approach in managing personal health information. Hospitals and public or private health insurance organizations are continuously upgrading their database and data management systems to more sophisticated architectures. The possible support of today's large patient archives and the flexibility of a CIS in providing up-to-date patient information and worldwide doctors' collaboration, has leveraged research on CIS in both the academic and the government domains. At the same time, it has become apparent that patients require more control over their clinical data, these being either the results of clinical examinations or medical histories. Due to the large amount of information that can be found on the Internet and the free access to medical practitioners and hospitals worldwide, patients may choose to communicate their information so as to obtain several expert opinions regarding their conditions. Given the sensitive nature of the information stored and inevitably in transit, security has become an issue of outmost necessity. Numerous EU and US research projects have been launched to address security in CIS (e.g., EUROMED, ISHTAR, and RESHEN), whereas regulatory compliance to acts such as the HIPAA has become an obligation for centers moving to CIS.
Towards a practical healthcare information security model for healthcare institutions
4th International IEEE EMBS Special Topic Conference on Information Technology Applications in Biomedicine, 2003., 2003
In recent years, a number of countries have introduced plans for national electronic patient record (EPR) systems. This paper argues that, in the near future, both patients and healthcare stakeholders will be able to access medical records from WWW-based EPR systems. We contend that the primary impediment to the successful implementation and widespread uptake of the EPR concept is the fact that current healthcare information security (HIS) applications are not sufficiently robust. This paper identifies two main Information Security technologies: 1) Public key infrastructure (PKI) and 2) Biometrics that hold a lot of promise in a healthcare context. The key contribution of this paper is to propose a novel multi-layered HIS framework based on a combination of PKI, Smartcard and Biometrics technologies. We argue that this new HIS framework could assist healthcare institutions to provide a truly secure infrastructure for the electronic transmission of clinical data in the future. This paper also makes a case for the creation of a new nodal HIS body because existing information security bodies like the Forum of Incident Response and Security Teams are for general-purpose organizations and not specifically suited for the healthcare sector.
Information Security in a Heterogeneous Healthcare Domain
2006
Healthcare is an information-intensive activity involving the collection, communication and display of large amounts of information. This information is highly sensitive and most countries have special legislation to prevent its misuse. Hence, it is natural to use the support of computers in order to efficiently improve such an information-intensive organization. The increased use of computers for handling the information also gives access to information held in databases in a way that was previously impossible [21]. Swedish healthcare has gone through an efficiency improvement the last few years but it will also face major challenges and changes in the years to come.
Information Security of Patient-Centered Services Utilising the German Nationwide Health Information Technology Infrastructure
2012
Health information technology can have positive impacts on healthcare delivery and is utilised for various applications. Patient-centred services are a special kind of health information technology and are designed to cater the needs of patients. They manage personal medical information and utilise such information to offer personalised, advantageous services as well as information for patients. Due to the sensitivity of medical information and the gravity of possible consequences, if medical information falls into the wrong hands, patient-centred services need to employ security measures to ensure the privacy of patients. The German Nationwide Health Information Technology Infrastructure (HTI), which is currently being established, could serve as a fit and proper foundation for securely offering patient-centred services. In this paper, we illustrate the past developments and current status of the HTI introduction with a focus on security aspects related to patient-centred services. We depict how security features of the HTI can be applied to improve secure provision of patient-centred services. Furthermore, we present additional security measures that should be implemented by providers of patient-centred services.
Medical Information Security
2011
Modern medicine is facing a complex environment, not from medical technology but rather government regulations and information vulnerability. HIPPA is the government’s attempt to protect patient’s information yet this only addresses traditional record handling. The main threat is from the evolving security issues. Many medical offices and facilities have multiple areas of information security concerns. Physical security is often weak, office personnel are not always aware of security needs and application security and transmission protocols are not consistently maintained. Health insurance needs and general financial opportunity has created an emerging market in medical identity theft. Medical offices have the perfect storm of information collection, personal, credit, banking, health, and insurance. Thieves have realized that medical facilities have as much economic value as banks and the security is much easier to crack. Mostly committed by insiders, medical identity theft is a wel...
Information Security Threats in Patient-Centred Healthcare
M-Health Innovations for Patient-Centered Care
Healthcare is taking an evolutionary approach towards the adoption of Patient-Centred (PC) delivery approach, which requires the flow of information between different healthcare providers to support a patient's treatment plan, so the Care Team (CT) can seamlessly and securely access relevant information held in the different discrete Legacy Information Systems (LIS). Each of these LIS deploys an organisational-driven information security policy that meets its local information sharing context needs. Nevertheless, incorporating these LIS in collaborative PC care brings multiple inconsistent policies together, which raises a number of information security threats that can block the CT access to critical information across a patient's treatment journey. Using an empirical study, this chapter identifies information security threats that can cause the issue, and defines a common collaboration-driven information security design. Finally, it identifies requirements in LIS to address the inconsistent policies in modern PC collaborative environments that would help improve the quality of care.
Security requirements and solutions in distributed Electronic Health Records
Springer eBooks, 1997
The healthcare systems in all developed countries are changing to labour-shared structures as Shared Care. Such structures require an extended communication and co-operation. Medical information systems integrated into the care processes must be able to support that communication and co-operation adequately, representing an active and distributed Electronic Health Record (EHR) system. Distributed health record systems must meet high demands for data protection and data security, which concern integrity, availability, confidentiality including access management, and accountability. Communication and cooperation in information systems can be provided by middleware architectures. For the different middleware architectures used in healthcare as EDI (HL7, EDIFACT), CORBA or DHE, the architectural principles and security solutions are shortly described in the paper. Supporting open information systems, these security solutions are independent of applications and transparent to the user. For trusted communication and cooperation, application-related and user-related security mechanisms are required. Such mechanisms have to fulfil the security policy of the application domain. They are using the basic security mechanisms of the underlying communication-and cooperation-supporting systems. The discussed policy, threats, and countermeasures are referred to the first German regional distributed medical record, which is developed and step by step refined in the Clinical Cancer Registry Magdeburg/Saxony-Anhalt.
Security Issues in Health Care Process Integration: Research-in-Progress Report
2005
and eva.soderstrom}@ida.his.se
Ensuring the security and privacy of information in mobile health-care communication systems
South African Journal of …, 2011
The sensitivity of health-care information and its accessibility via the Internet and mobile technology systems is a cause for concern in these modern times. The privacy, integrity and confidentiality of a patient's data are key factors to be considered in the transmission of medical information for use by authorised health-care personnel. Mobile communication has enabled medical consultancy, treatment, drug administration and the provision of laboratory results to take place outside the hospital. With the implementation of electronic patient records and the Internet and Intranets, medical information sharing amongst relevant health-care providers was made possible. But the vital issue in this method of information sharing is security: the patient's privacy, as well as the confidentiality and integrity of the health-care information system, should not be compromised. We examine various ways of ensuring the security and privacy of a patient's electronic medical information in order to ensure the integrity and confidentiality of the information.
Introduction to e-Healthcare Information Security
The e-Healthcare information offers unique security, privacy and confidentiality challenges that require a fresh examination of the mainstream concepts and approaches to information security. The significance of security and privacy in e- Healthcare information raised the issues of individual consent, confidentiality and privacy, which are the main determinants in adopting and successful utilising the e-Healthcare information. Current trends in the domain of e-Healthcare information management point to the need for comprehensive incorporation of security, privacy and confidentiality safeguards within the review of e-Healthcare information management frameworks and approaches. This raises major challenges that demands holistic approaches spanning a wide variety of legal, ethical, psychological, information and security engineering. This introductory chapter explores information security and challenges facing e-Healthcare information management.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.