Security in E-Health Applications
Snezana Sucurovic2007, Advances in Enterprise Information Technology Security
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
This chapter presents security solutions in integrated patient-centric Web-based health-care information systems, also known as electronic healthcare record (EHCR). Security solutions in several projects have been presented and in particular a solution for EHCR integration from scratch. Implementations of Public key infrastructure, privilege management infrastructure, role based access control and rule based access control in EHCR have been presented. Regarding EHCR integration from scratch architecture and security have been proposed and discussed. This integration is particularly suitable for developing countries with wide spread Internet while at the same time the integration of heterogeneous systems is not needed. The chapter aims at contributing to initiatives for implementation of national and transnational EHCR in security aspect.
Related papers
MEDIS - A Web Based Health Information System - Implementing Integrated Secure Electronic Health Record
International Conference on Enterprise Information Systems, 2006
In many countries there are initiatives for building an integrated patient-centric electronic health record. There are also initiatives for transnational integrations. These growing demands for integration result from the fact that it can provide improving healthcare treatments and reducing the cost of healthcare services. While in European highly developed countries computerisation in healthcare sector begun in the 70's and reached a high level, some developing countries, and Serbia and Montenegro among them, have started computerisation recently. This is why MEDIS (MEDical Information System) is aimed at integration itself from the very beginning instead of integration of heterogeneous information systems on a middle layer or using HL7 protocol. MEDIS has been implemented as a federated system where the central server hosts basic EHCR information about a patient, and clinical servers contain their own part of patients' EHCR. Clinical servers are connected to a central server through the Internet and the system can be accessed through a browser from a place that has an Internet connection. A user also has to have a public key certificate to be able to login. As health data are highly sensible, MEDIS implements solutions from recent years, such as Public Key Infrastructure and Privilege Management Infrastructure, SSL and Web Service security as well as pluggable, XML based access control policies.
A Security Architecture for e-Health Services
2008
⎯ This paper presents an alternative way to secure communications in e-health. During the communication processes, users exchange different types of information with different levels of sensitivities. For example, communications between a doctor and a patient contain data of higher levels of sensitivities than communications between a social worker and a nurse. The different levels of the sensitivities of the information are secured by using different types of security processes. In this paper, these different communication types and different levels of data sensitivities in e-health are explained, the requirements for each type for communications are described and the use of the cryptography to secure the communication is discussed.
New framework for authentication and authorization for e-health service systems
2006
The development of information technology has eased the medical services and provided the electronic health service in a way that a doctor can keep the records of patients in an information system and be informed of changes of status of patients, and make decisions promptly. However, there are increasing challenges over the privacy of patients due to the exposition of clinic information patients to ubiquitous networks. This paper introduces a framework for authentication and authorization in e-health services. It aims to build the architecture for authentication and authorisation within an e-health service system. The architecture will help to build a secure and privacyprotection e-health service system. The authors hope that understanding the underlying framework will not only inform researchers of a better design for e-health service, but also assist e-health systems developers in the understanding of intricate constructions within authentication and authorisation. Further, our paper highlights the importance of protecting the privacy of medical records of patients in terms of information privacy.
Security requirements and solutions in distributed Electronic Health Records
Springer eBooks, 1997
The healthcare systems in all developed countries are changing to labour-shared structures as Shared Care. Such structures require an extended communication and co-operation. Medical information systems integrated into the care processes must be able to support that communication and co-operation adequately, representing an active and distributed Electronic Health Record (EHR) system. Distributed health record systems must meet high demands for data protection and data security, which concern integrity, availability, confidentiality including access management, and accountability. Communication and cooperation in information systems can be provided by middleware architectures. For the different middleware architectures used in healthcare as EDI (HL7, EDIFACT), CORBA or DHE, the architectural principles and security solutions are shortly described in the paper. Supporting open information systems, these security solutions are independent of applications and transparent to the user. For trusted communication and cooperation, application-related and user-related security mechanisms are required. Such mechanisms have to fulfil the security policy of the application domain. They are using the basic security mechanisms of the underlying communication-and cooperation-supporting systems. The discussed policy, threats, and countermeasures are referred to the first German regional distributed medical record, which is developed and step by step refined in the Clinical Cancer Registry Magdeburg/Saxony-Anhalt.
A security architecture for interconnecting health information systems
International Journal of Medical Informatics, 2004
Information systems security; Computer security; Medical data security; Medical Data Protection; Electronic healthcare records;
N. M. Shrestha , Abeer Alsadoon , P.W.C. Prasad , L. Hourany , A. Elchouemi, " Enhanced e-Health Framework for Security and Privacy in Healthcare System," Digital Information Processing and Communications (ICDIPC), p. 75-79, Lebanon, 2016
—Patient health record (PHR) is a rising patient centric model which is frequently outsourced to store at third party. This addresses the issue in privacy such as hiding the sensitive health data of a patient which can be assessed by unauthorized users. In this paper, a new secured e-health framework has proposed. In this framework, patient centric personal data and access control scheme with enhanced encryption method has been considered. Security and privacy of personal health information have been identified by digital signature and patient pseudo identity as well as. This paper address the enhanced security model for more authentication and authorization functionality and expects to discover the new technique that can be utilized to build the efficiency in e-health care system based on security, privacy and user satisfaction. The survey has been conducted to test the proposed e-health framework. The data has been analyzed using SPSS tool. Keywords—Patient health record (PHR), e-health framework, authentication and authorization
A Security Framework for Electronic Medical Record
International Journal of Scientific Research in Computer Science, Engineering and Information Technology, 2020
Electronic Medical Record (EMR) is basically the digital equivalent of paper records, or charts at a clinician’s office. EMR assist and make easier the services rendered by a wide range of medical practitioners such as physicians, nurses, pharmacists and many others, hence, increasing the safety of patients. It's importance in the health sector cannot be overemphasized. The designed framework aims at identifying security challenges in the use and adoption of EMR, to design and implement a framework that will address issues identified in the use and adoption of EMR. This study presented a security framework to improve the security and privacy issues of EMRs by adopting Role Based Access Control and RSA cryptography. Role Based Access Control (RBAC) model was used because of its flexibility to support minimal functionality and its simplistic mode of assigning roles and permissions to users. In conclusion, this research was able to improve the security of EMRs and hence will increa...
Authorisation and access control for electronic health record systems
International Journal of Medical Informatics, 2004
Electronic healthcare record; Security; Privilege management; Role management; Authorisation; Access control;
Securing Electronic Healthcare Records in Web Applications
Regular issue, 2021
In such an unfortunate situation of a medical emergency, a lot of people tend to lose their lives which can be a result of misplaced/delayed paperwork. Thus it is essential to have the patient’s medical record history before going into major surgery and it is often unavailable at the required time due to the chain of communication between different hospitals. As a possible solution to this problem we propose a central chain of all medical records of a patients in an electronic format. The electronic health records (EHRs) are patient-centered, real-time records that make information available to authorized users and help doctors diagnose cases more quickly, reduce medical errors, and deliver safer care. EHRs improve the communication gap and make the process of getting medical attention quicker. Our methodology includes an easy to use 2 module approach (doctor portal and patient portal) with multiple sub modules all linked to a common database. We create a secure and centralized data...
Proposed Security Model for Protecting Patients Data in Electronic Health Record
IDSECCONF, 2022
A hospital provides various services ranging from general health treatments to special policlinics and has a variety of service facilities including pharmacy, radiology, physiotherapy and rehabilitation. A hospital also receives patients from other medical centers for further treatments. Meanwhile, a hospital may also support its research team to conduct medical research and clinical trials. For these purposes, the hospital can access the patient information from the healthcare information system. A hospital has various information technology (IT) assets classified in four different categories, namely hospital employees, databases storing patients’ information, medical and other records, hospital software systems and hardware facilities, and also hospital network. Our team propose a design of IT security and risk management solution in accordance with the security requirements of a hospital. This report is the documentation of proposed security management for a hospital, which focuses on Electronic Health Record (EHR).
Using a privilege management infrastructure for secure web-based e-health applications
Computer Communications, 2003
Within the European HARP project, the HARP Cross Security Platform (HCSP) has been specified to design and to implement trustworthy distributed applications for health over the open Internet enabling both communication and application security services. Certified servlets composed and attributed according to the user's authorisation create certified and signed XML messages. From those messages, user-rolerelated applets are generated. The HCSP consists of a client environment, web server, an application server, as well as a database server and an archive server. The needed Privilege Management Infrastructure (PMI) has been established by an Attribute Authority and a policy server. The HCSP components are distributed installed over all countries involved. The role-based authorization has been defined according to the policy deploying the user's attribute certificates. The HARP solution has been practically implemented for a Clinical Study demonstrator. q
A Security based Framework for Interoperability of Healthcare Systems
International Journal of Applied Information Systems, 2013
The healthcare domain requires the seamless, secured and meaningful exchange of health related information for effective and efficient patient care. These information are highly sensitive and they are meant to be highly confidential. However, health related information are usually distributed across several heterogeneous and autonomous healthcare systems which makes the interoperability process prone to abuse, medical fraud, inappropriate disclosure of patients' information for secondary purposes by unauthorized persons and misuse. The effects of inadequate security and privacy in healthcare include monetary penalties, loss of revenue, damage to the healthcare system reputation, risk of receiving less information for optimum care, decreased quality of patients' care as well as threat to patients' lives. Consequently, effective information protection within the healthcare domain is highly significant. Hence, this paper examines the security and privacy policies that safeguard sensitive and confidential information in healthcare systems during the exchange and use of vital health information. The paper also proposes a security based framework that seeks to mitigate security risks in healthcare, and thus protect the integrity, confidentiality, and access to health related information.
Introduction to e-Healthcare Information Security
The e-Healthcare information offers unique security, privacy and confidentiality challenges that require a fresh examination of the mainstream concepts and approaches to information security. The significance of security and privacy in e- Healthcare information raised the issues of individual consent, confidentiality and privacy, which are the main determinants in adopting and successful utilising the e-Healthcare information. Current trends in the domain of e-Healthcare information management point to the need for comprehensive incorporation of security, privacy and confidentiality safeguards within the review of e-Healthcare information management frameworks and approaches. This raises major challenges that demands holistic approaches spanning a wide variety of legal, ethical, psychological, information and security engineering. This introductory chapter explores information security and challenges facing e-Healthcare information management.
Security Challenges and Success Factors of Electronic Healthcare System
Procedia Technology, 2013
Potential benefits of the e-health system do not ignore the challenges that prevent the system from being fairly used. Security and privacy challenges of the e-health system need to be understood and resolved. The aim of this paper is to explore and analyze the current state of e-health systems security and privacy of patient records. Main focus is on security at the policy level in order to protect electronic patient record.
Security Aspects of Electronic Health Records and Possible Solutions
International Journal of Advanced Computer Science and Applications
Health related information of a person in systematic format using information and Communication technology is definitely required. Storing patient information according to guidelines provided by government will help to achieve the concept of one person one record. There is also need to share the personal health record whenever necessary. If patient record (History) is readily available, it will help to make correct decisions related to patient's treatment. In our country (India) Ministry of Health and Family Welfare have recommended to eliminate conventional health record system. The major focus of this paper is to represent various methodologies that are adopted to implement web based health record system. As there is need of security while accessing and sharing of health related information, security is the major factor. Use of block chain, cryptography and timestamp based log record method is discussed. To assure the sharing of records, Inter Planetary File System (IPFS) is also discussed. Major purpose is to provide systematic and easy to use interoperable electronic health Record system.
Dynamic Patient-Regulated Access Control Framework for Electronic Health Information
—The easiest and convenient approach to exchange and share medical-based information from one domain to another is through the use of Electronic Health Record (EHR). In advanced countries of the world, there are standard legal framework for ensuring security, confidentiality and privacy of medical information. Specifically, absolute privilege should be given to patient to direct, control and provide permission to anyone authorized to handle his medical details. As important as the issue of security and privacy is in healthcare delivery system, many researchers have suggested and even implemented various techniques. Existing solutions to handle this challenge are however suffering from one problem or the other. For instance, encryption technique that requires the use of smartcard for authentication and authorization strictly demands the physical presence of a patient. If however, a patient fails to show up for authorization, a physician will not be able to access basic information regarding the EHR of a patient. Against this backdrop, this paper presents a privacy and security architecture for EHR that gives room for dynamism and flexibility with absolute assurance for patient-regulated authorization. The security framework of this work relies heavily on applied cryptographic techniques (digital signatures) with unbridled integration into Electronic Health Record infrastructure. A patient is required to receive authorization from a medical institution through the provision of his identity number via mobile phone or proxy. The choice of a doctor to access patient's EHR details depends solely on his role hierarchy. Finally, the framework provides a feedback mechanism for the patient in form of a report through the Doctor's Feedback Server (DFS).
Security specification and implementation for mobile e-health services
e-Technology, e-Commerce …, 2004
INFORMATION SECURITY IN ELECTRONIC MEDICAL RECORDS MANAGEMENT SYSTEM
Web technologies offer some very exciting benefits in Health Care environments, such as the ease of use, capabilities to organise and link information (from distributed sources), strong multimedia presentation capabilities, and broad coverage of most hardware platforms and operating systems. These benefits have been adopted and used by the Electronic Medical Record Systems, which provide access to medical record information using Electronic Information Technologies. In this Research, study the security problems related to the Electronic Medical Record (EHMs). More specifically we propose a security policy (based on the Role Based Access Control) that addresses many of the related security problems it also describes an Internet-based application for patient care using advanced multimedia techniques in a secure environment. The aim is to offer high quality care to users of health services over inexpensive communication pathways, using secure Internet-based, interactive communication tools. The provision of communication security over the Internet requires also the use of cryptographic and authentication techniques for Internet environment and the use of firewalls. Electronic medical records (EMR) adoption is posited to improve patient care through enhancements in activities ranging from information access and exchange, to medical research. As such, a concerted governmental effort is underway to encourage EMR adoption. However, uptake has been slow as breaches have led to concerns over information security and privacy. The response of EMR managers to these concerns will be critical to EMR adoption. That said, managing information security and privacy is a complicated endeavour, requiring attention to multiple facets of the firm. Thus, research is needed to assist scholars and EMR managers in exploring and understanding the 6 related salient issues. This study conceptualizes and applies a framework based largely on the work of Dhillon (1997, 2006) which addresses the technical, formal, and informal dimensions of information security and privacy in the healthcare provider context. In doing so, it 1) describes and supports a conceptual framework for scholarly exploration of EMR information security and privacy issues, 2) highlights key issues within each dimension of the framework, and 3) provides an information security and privacy planning framework for EMR managers
Security and Privacy Issues in Ehealthcare Systems: Towards Trusted Services
International Journal of Advanced Computer Science and Applications, 2016
Recent years have witnessed a widespread availability of electronic healthcare data record (EHR) systems. Vast amounts of health data were generated in the process of treatment in medical centers such hospitals, clinics, or other institutions. To improve the quality of healthcare service, EHRs could be potentially shared by a variety of users. This results in significant privacy issues that should be addressed to make the use of EHR practical. In fact, despite the recent research in designing standards and regulations directives concerning security and privacy in EHR systems, it is still, however, not completely settled out the privacy challenges. In this paper, a systematic literature review was conducted concerning the privacy issues in electronic healthcare systems. More than 50 original articles were selected to study the existing security approaches and figure out the used security models. Also, a novel Context-aware Access Control Security Model (CARE) is proposed to capture the scenario of data interoperability and support the security fundamentals of healthcare systems along with the capability of providing fine-grained access control.
Design and Development of an Access Control Based Electronic Medical Record (Emr
Centrepoint Journal (Science Edition), 2020
Development of information and communication technology (ICT) has made it possible to use electronic medical records (EMR) for more than record keeping but also to enable the storage, collection, sharing, and management of EMR among healthcare personnel and other related healthcare institutions. The rapid development of Internet-based computing allows numerous technologies to be developed and this come with the risk of information getting to the hand of cyber criminals for various criminal acts, hence this study was informed. Access control and security of computer-based technology provides solution to this problem in health sector in particular. The system was developed using PHP as the backend, HTML and CSS as the frontend, apache as the server and mysql as the database. The proposed designed reduced patients" information access rate and enhance information integrity through encryption of patient information that is stored in the EMR, so that the data can be accessed only by authorized persons having secured the approval from the concerned patient(s).
Related topics
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.