Special Issue in Clinical Information Systems Security
(黃炳龍) Ray Huang2008, Security and Communication Networks
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
Managing patient care records has become an increasingly complex issue with the widespread use of advanced technologies. The vast amount of information for every routine care procedure must be securely processed within different databases. Clinical information systems (CIS) address the need for a computerized approach in managing personal health information. Hospitals and public or private health insurance organizations are continuously upgrading their database and data management systems to more sophisticated architectures. The possible support of today's large patient archives and the flexibility of a CIS in providing up-to-date patient information and worldwide doctors' collaboration, has leveraged research on CIS in both the academic and the government domains. At the same time, it has become apparent that patients require more control over their clinical data, these being either the results of clinical examinations or medical histories. Due to the large amount of information that can be found on the Internet and the free access to medical practitioners and hospitals worldwide, patients may choose to communicate their information so as to obtain several expert opinions regarding their conditions. Given the sensitive nature of the information stored and inevitably in transit, security has become an issue of outmost necessity. Numerous EU and US research projects have been launched to address security in CIS (e.g., EUROMED, ISHTAR, and RESHEN), whereas regulatory compliance to acts such as the HIPAA has become an obligation for centers moving to CIS.
Related papers
Medical Information Security
2011
Modern medicine is facing a complex environment, not from medical technology but rather government regulations and information vulnerability. HIPPA is the government’s attempt to protect patient’s information yet this only addresses traditional record handling. The main threat is from the evolving security issues. Many medical offices and facilities have multiple areas of information security concerns. Physical security is often weak, office personnel are not always aware of security needs and application security and transmission protocols are not consistently maintained. Health insurance needs and general financial opportunity has created an emerging market in medical identity theft. Medical offices have the perfect storm of information collection, personal, credit, banking, health, and insurance. Thieves have realized that medical facilities have as much economic value as banks and the security is much easier to crack. Mostly committed by insiders, medical identity theft is a wel...
A literature review: Security Aspects in the Implementation of Electronic Medical Records in Hospitals
MEDIA ILMU KESEHATAN
Backgrounds: Electronic Medical Records have complete and integrated patient health data, and are up to date because RME combines clinical and genomic data, this poses a great risk to data disclosure The priority of privacy is data security (security) so that data will not leak to other parties. That way cyber attacks can be suppressed by increasing cybersecurity, namely conducting regular evaluation and testing of security levels.Objectives: To determine the security technique that maintains privacy of electronic medical records.Methods: This type of research uses a literature review methodResults: Data security techniques are determined from each type of health service. Data security techniques that can be applied are cryptographic methods, firewalls, access control, and other security techniques. This method has proven to be a very promising and successful technique for safeguarding the privacy and security of RMEConclusion: Patient medical records or medical records are very pri...
INFORMATION SECURITY IN ELECTRONIC MEDICAL RECORDS MANAGEMENT SYSTEM
Web technologies offer some very exciting benefits in Health Care environments, such as the ease of use, capabilities to organise and link information (from distributed sources), strong multimedia presentation capabilities, and broad coverage of most hardware platforms and operating systems. These benefits have been adopted and used by the Electronic Medical Record Systems, which provide access to medical record information using Electronic Information Technologies. In this Research, study the security problems related to the Electronic Medical Record (EHMs). More specifically we propose a security policy (based on the Role Based Access Control) that addresses many of the related security problems it also describes an Internet-based application for patient care using advanced multimedia techniques in a secure environment. The aim is to offer high quality care to users of health services over inexpensive communication pathways, using secure Internet-based, interactive communication tools. The provision of communication security over the Internet requires also the use of cryptographic and authentication techniques for Internet environment and the use of firewalls. Electronic medical records (EMR) adoption is posited to improve patient care through enhancements in activities ranging from information access and exchange, to medical research. As such, a concerted governmental effort is underway to encourage EMR adoption. However, uptake has been slow as breaches have led to concerns over information security and privacy. The response of EMR managers to these concerns will be critical to EMR adoption. That said, managing information security and privacy is a complicated endeavour, requiring attention to multiple facets of the firm. Thus, research is needed to assist scholars and EMR managers in exploring and understanding the 6 related salient issues. This study conceptualizes and applies a framework based largely on the work of Dhillon (1997, 2006) which addresses the technical, formal, and informal dimensions of information security and privacy in the healthcare provider context. In doing so, it 1) describes and supports a conceptual framework for scholarly exploration of EMR information security and privacy issues, 2) highlights key issues within each dimension of the framework, and 3) provides an information security and privacy planning framework for EMR managers
A Framework for an Institutional High Level Security Policy for the Processing of Medical Data and their Transmission through the Internet
Journal of Medical Internet Research, 2001
Background: The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy. Objective: To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information. Methods: We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet. Results: We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information. Conclusions: The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a specific implementation environment. When implemented in specific environments, these principles and guidelines must also be complemented by measures, which are more specific. Even when a High Level Security Policy already exists in an institution, it is advisable that the management of the Health Care Establishment periodically revisits it to see whether it should be modified or augmented.
Towards a practical healthcare information security model for healthcare institutions
4th International IEEE EMBS Special Topic Conference on Information Technology Applications in Biomedicine, 2003., 2003
In recent years, a number of countries have introduced plans for national electronic patient record (EPR) systems. This paper argues that, in the near future, both patients and healthcare stakeholders will be able to access medical records from WWW-based EPR systems. We contend that the primary impediment to the successful implementation and widespread uptake of the EPR concept is the fact that current healthcare information security (HIS) applications are not sufficiently robust. This paper identifies two main Information Security technologies: 1) Public key infrastructure (PKI) and 2) Biometrics that hold a lot of promise in a healthcare context. The key contribution of this paper is to propose a novel multi-layered HIS framework based on a combination of PKI, Smartcard and Biometrics technologies. We argue that this new HIS framework could assist healthcare institutions to provide a truly secure infrastructure for the electronic transmission of clinical data in the future. This paper also makes a case for the creation of a new nodal HIS body because existing information security bodies like the Forum of Incident Response and Security Teams are for general-purpose organizations and not specifically suited for the healthcare sector.
Security Requirements and Solutions in Electronic Health Records: Lessons Learned from a Comparative Study
Journal of Medical Systems, 2010
A growing capacity of information technologies in collection, storage and transmission of information in unprecedented amounts has produced significant problems about the availability of wide limit of the consumers of Electronic Health Records of Patients. With regard to the existence of many approaches to developing Electronic Health Records, the basic question is what kind of Model is suitable for the
Health Information Privacy and Security Framework: Supporting Electronic Medical Records in Healthcare Systems
2017
The need to record information regarding a patient has been considered as an old, but important issue within the medical arena. Recently, much progress has been noted in the process of collection, storage, and retrieval of patients‘ data, with more healthcare organizations moving towards paperless environment of electronic medical records (EMRs). However, only a handful of studies have looked into privacy and security issues associated with EMRs, as perceived by patients and healthcare providers. Such issues, if left unaddressed, may affect the quality of EMRs, the speed at which they are implemented and accepted by patients and providers, the ability for healthcare institutions to exchange patient information, as well as the quality of patient care and patient safety. As such, this article proposes a comprehensive and multidimensional framework of EMRs success in the healthcare sector. The framework developed in this study can be applied to evaluate and to measure the effectiveness...
Information Security in a Distributed Healthcare Domain: Exploring the Problems and Needs of Different Health Care Providers
2006
In healthcare, patient information is a critical factor. The right information at the right time is a necessity in order to provide the best possible care for a patient. Patient information must also be protected from unauthorized access in order to protect patient privacy. It is furthermore common for patients to visit more than one healthcare provider, which implies a need for cross border healthcare and continuity in the patient process.
Healthcare Data Security Technology: HIPAA Compliance
Wireless Communications and Mobile Computing
Information technology (IT) plays an increasingly important and prominent role in the health sector. Data security is more important than ever to the healthcare industry and in world in general. The number of data breaches compromising confidential healthcare data is on the rise. For data security, cloud computing is very useful for securing data. Due to data storage issue, there is a need to use the electronic communication, and a number of methods have been developed for data security technology. Health Insurance Portability and Accountability Act (HIPAA) is one of the methods that can help in healthcare research. On stored database of patient in hospital or clinic, we can develop a conservational and analytical method so as to keep the medical records of the patients in a well-preserved and adequate environment. The method includes the improvement of working possibilities by delivering all the details necessary for the patient. All the information must be identified clearly. The ...
Data security in medical information systems: The Greek case
Computers & Security, 1991
In this paper, initial results of an attitude survey on rhe security of medical information systems in Greece are reported. Greece for the moment lacks a gcncric data prorection act; therefore a systematic approach to introducing secure information systems in public health establishments rcquircs the determination of the security needs of the medical community. The survey was conducted using a properly designed questionnaire. This qucstionuaire addressed issues relevant to the extent of-infortllation technology currently in use, the need for information security, classification of used information with a view towards adopting methods, techniques and legislation providing sufficient sccurity guarantees, etc. The questionnaire was addressed to a sufticicnt number of cmployccs of organized health care establishments. so that the results would be worth while and reliable.
Information Security in a Distributed Healthcare Domain
2006
In healthcare, patient information is a critical factor. The right information at the right time is a necessity in order to provide the best possible care for a patient. Patient information must also be protected from unauthorized access in order to protect patient privacy. It is furthermore common for patients to visit more than one healthcare provider, which implies a need for cross border healthcare and continuity in the patient process.
The Information Security of Personal Medical Data in an Electronic Environment
Informasiya texnologiyaları problemləri, 2015
This article investigates the problems of personal data security in the electronic medical system. Approaches to information security support of patients' medical data are presented, features of personal medical data are specified, and potential threats to the privacy and safety of the data in medical information systems are identified. The legal basis of personal data security in Azerbaijan is reviewed, and the feasibility of regulating the information security of personal medical data in Azerbaijan is justified.
Managing the Information Security Issues of Electronic Medical Records
International Journal of Security, Privacy and Trust Management, 2018
All healthcare providers should have enough knowledge and sufficient information to understand the potential risk, which can lead to a breach in the Jordanian health information system (Hakeem program). This study aims to emphasise the importance of sharing sensitive health information among healthcare providers, create laws and regulations to keep the electronic medical records secure, and increase the awareness about health information security among healthcare providers. The study conducted seven interviews with medical staff and an information technology technician. The study results showed that sharing sensitive information in a secure environment, creating laws and regulations, and increasing the awareness about health information security render the electronic medical records of patients more secure and safe.
Security requirements and solutions in distributed Electronic Health Records
Springer eBooks, 1997
The healthcare systems in all developed countries are changing to labour-shared structures as Shared Care. Such structures require an extended communication and co-operation. Medical information systems integrated into the care processes must be able to support that communication and co-operation adequately, representing an active and distributed Electronic Health Record (EHR) system. Distributed health record systems must meet high demands for data protection and data security, which concern integrity, availability, confidentiality including access management, and accountability. Communication and cooperation in information systems can be provided by middleware architectures. For the different middleware architectures used in healthcare as EDI (HL7, EDIFACT), CORBA or DHE, the architectural principles and security solutions are shortly described in the paper. Supporting open information systems, these security solutions are independent of applications and transparent to the user. For trusted communication and cooperation, application-related and user-related security mechanisms are required. Such mechanisms have to fulfil the security policy of the application domain. They are using the basic security mechanisms of the underlying communication-and cooperation-supporting systems. The discussed policy, threats, and countermeasures are referred to the first German regional distributed medical record, which is developed and step by step refined in the Clinical Cancer Registry Magdeburg/Saxony-Anhalt.
Information Security and Privacy in Healthcare
Cloud computing is appearing as a good prototype for computing and is drawing the attention from both academia and industry. The cloud-computing model is transferring the computing infrastructure to third-party service providers that handle the hardware and software resources with important cost reductions. It is emerging as a new computing example in the medical field apart from other business domains. Many health firms have started moving to electronic health information to the cloud environment. Initiating cloud services in the health sector will not only eases the exchange of electronic medical records between the hospitals and clinics but also enables the cloud to act as a medical record storage center. Besides, moving to cloud environment eases the healthcare organizations from the repetitive tasks of infrastructure management and reduces development and maintenance costs. The medical data stored in the cloud makes the treatment systematic by recovering patient's medical h...
Establishing Information Security for the Interoperability of Electronic Health Records among Heterogeneous Sources to Standardize Healthcare Data
Electronic Health records (EHRs) are clearly in the future of medication. It benefits to all parties providing accurate and well timed health record information. It is essential and dependent upon the certificate of the organization and the certificate of associated complected organizations. The current methodology of wide regulative steering and letting industry do its best has neglected in the fiscal sphere where identity theft has become a substantial crime. Allowing the same consequence to occur in EHRs will both restrain the efficiency, strength and interoperability of organizations. The solution is to contain certificate from the earth up in a style similar to national security systems. To do so across the myriad of historians in health care will ask regulating. This paper searches the foundation for expert solutions and suggests security mechanisms to protect EHRs.
A Security based Framework for Interoperability of Healthcare Systems
International Journal of Applied Information Systems, 2013
The healthcare domain requires the seamless, secured and meaningful exchange of health related information for effective and efficient patient care. These information are highly sensitive and they are meant to be highly confidential. However, health related information are usually distributed across several heterogeneous and autonomous healthcare systems which makes the interoperability process prone to abuse, medical fraud, inappropriate disclosure of patients' information for secondary purposes by unauthorized persons and misuse. The effects of inadequate security and privacy in healthcare include monetary penalties, loss of revenue, damage to the healthcare system reputation, risk of receiving less information for optimum care, decreased quality of patients' care as well as threat to patients' lives. Consequently, effective information protection within the healthcare domain is highly significant. Hence, this paper examines the security and privacy policies that safeguard sensitive and confidential information in healthcare systems during the exchange and use of vital health information. The paper also proposes a security based framework that seeks to mitigate security risks in healthcare, and thus protect the integrity, confidentiality, and access to health related information.
Current Approaches to Secure Health Information Systems are Not Sustainable: an Analysis
2000
This paper proposes a viable IT-based solution for ensuring the privacy and security of sensitive information in contempo- rary Health Information Systems (HIS).
Information Security of Patient-Centered Services Utilising the German Nationwide Health Information Technology Infrastructure
2012
Health information technology can have positive impacts on healthcare delivery and is utilised for various applications. Patient-centred services are a special kind of health information technology and are designed to cater the needs of patients. They manage personal medical information and utilise such information to offer personalised, advantageous services as well as information for patients. Due to the sensitivity of medical information and the gravity of possible consequences, if medical information falls into the wrong hands, patient-centred services need to employ security measures to ensure the privacy of patients. The German Nationwide Health Information Technology Infrastructure (HTI), which is currently being established, could serve as a fit and proper foundation for securely offering patient-centred services. In this paper, we illustrate the past developments and current status of the HTI introduction with a focus on security aspects related to patient-centred services. We depict how security features of the HTI can be applied to improve secure provision of patient-centred services. Furthermore, we present additional security measures that should be implemented by providers of patient-centred services.
A Comprehensive Model for Securing Sensitive Patient Data in a Clinical Scenario
IEEE Access, 2023
The clinical environment is one of the most important sources of sensitive patient data in healthcare. These data have attracted cybercriminals who pursue the theft of this information for personal gain. Therefore, protecting these data is a critical issue. This paper focuses on an analysis of the clinical environment, presents its general ecosystem and stakeholders, and inspects the main protocols implemented between the clinical components from a security and privacy perspective. Additionally, this article defines a complete use case to describe the typical workflow within a clinical setting: the life cycle of a patient sample. Moreover, we present and categorize crucial clinical information and divide it into two sensitivity levels: High and Very Sensitive, while considering the severe risks of cybercriminal access. The threat model for the use case has also been identified, in conjunction with the use case's security and privacy needs. This work served us as basis to develop the minimum security and privacy requirements to protect the use case. Accordingly, we have defined protection mechanisms for each sensitivity level with the enabling technologies needed to satisfy each requirement. Finally, the main challenges and future steps for the use case are presented. INDEX TERMS Clinical scenario, patient data, privacy, security, threat model.
Related topics
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.