Information Security Threats in Patient-Centred Healthcare

Studies in Health Technology and Informatics, 2013

Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient be- tween different healthcare providers as they follow the pa- tient’s treatment plan. However, PC care threatens the stabil- ity of the balance of information security in the support sys- tems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empiri- cal study using domain analysis, observations, and interviews, this paper identifies a need for six information security re- quirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

2006

In healthcare, patient information is a critical factor. The right information at the right time is a necessity in order to provide the best possible care for a patient. Patient information must also be protected from unauthorized access in order to protect patient privacy. It is furthermore common for patients to visit more than one healthcare provider, which implies a need for cross border healthcare and continuity in the patient process.

Proceedings of the 47th Hawaii International Conference on System Sciences (HICSS 2014), 2014

Patients increasingly want to access health information and services via tailored patient-centered health IT services (PHS). PHS produce value by managing, assessing, and working on users’ sensitive personal health information and leverage benefits of supporting technologies like cloud computing or mobile information and communication technology. Thus, information security and privacy is highly relevant for the development, deployment, and assessment of PHS. To ease PHS requirements engineering and contribute to the mastering of arising information security and privacy challenges, we derive PHS information security and privacy requirements. With our research we contribute to the scientific knowledge base by illustrating PHS information security and privacy requirements and providing a foundation for PHS requirements development, which represents a fundamental part of software engineering. For practice-oriented audiences, this research can serve as introduction to PHS and offers a foundation and guide for secure and privacy-ensuring development and deployment of PHS.

2006

In healthcare, patient information is a critical factor. The right information at the right time is a necessity in order to provide the best possible care for a patient. Patient information must also be protected from unauthorized access in order to protect patient privacy. It is furthermore common for patients to visit more than one healthcare provider, which implies a need for cross border healthcare and continuity in the patient process.

2008

In healthcare, patient information is a critical factor. The right information at the right time is a necessity in order to provide the best possible care for a patient. Patient information must also be protected from unauthorized access in order to protect patient privacy. It is furthermore common for patients to visit more than one healthcare provider, which implies a need for cross border healthcare and continuity in the patient process.

2015

To my darling mother who selflessly sacrificed her own PhD to take care of me so one day I could pursue mine. So, this one is for you, Mama!

2021

Healthcare, like society in general, is facing great changes and challenges. Rapid development and uptake of digital technologies bring about the need to change. With the COVID-19 pandemic, the amount of healthcare meetings taking place online has surged. This means, among other things, that there are more healthcare actors involved in a patient’s care, and that information relating to a patient needs to be shared across borders now more than ever need to be improved. However, this is currently not done seamlessly, and there are many hinders and obstacles to overcome. This research aims at enabling a holistic approach on how to handle patient information in order to support seamless and secure care along the whole patient process. In doing so, drivers and hinders need to be identified, and a socio-technical framework with concrete guidelines will be developed. These results will be a first step towards filling this research gap, and will connect several perspectives in order to make...

2006

Healthcare is an information-intensive activity involving the collection, communication and display of large amounts of information. This information is highly sensitive and most countries have special legislation to prevent its misuse. Hence, it is natural to use the support of computers in order to efficiently improve such an information-intensive organization. The increased use of computers for handling the information also gives access to information held in databases in a way that was previously impossible [21]. Swedish healthcare has gone through an efficiency improvement the last few years but it will also face major challenges and changes in the years to come.

4th International IEEE EMBS Special Topic Conference on Information Technology Applications in Biomedicine, 2003., 2003

In recent years, a number of countries have introduced plans for national electronic patient record (EPR) systems. This paper argues that, in the near future, both patients and healthcare stakeholders will be able to access medical records from WWW-based EPR systems. We contend that the primary impediment to the successful implementation and widespread uptake of the EPR concept is the fact that current healthcare information security (HIS) applications are not sufficiently robust. This paper identifies two main Information Security technologies: 1) Public key infrastructure (PKI) and 2) Biometrics that hold a lot of promise in a healthcare context. The key contribution of this paper is to propose a novel multi-layered HIS framework based on a combination of PKI, Smartcard and Biometrics technologies. We argue that this new HIS framework could assist healthcare institutions to provide a truly secure infrastructure for the electronic transmission of clinical data in the future. This paper also makes a case for the creation of a new nodal HIS body because existing information security bodies like the Forum of Incident Response and Security Teams are for general-purpose organizations and not specifically suited for the healthcare sector.

2012

Health information technology can have positive impacts on healthcare delivery and is utilised for various applications. Patient-centred services are a special kind of health information technology and are designed to cater the needs of patients. They manage personal medical information and utilise such information to offer personalised, advantageous services as well as information for patients. Due to the sensitivity of medical information and the gravity of possible consequences, if medical information falls into the wrong hands, patient-centred services need to employ security measures to ensure the privacy of patients. The German Nationwide Health Information Technology Infrastructure (HTI), which is currently being established, could serve as a fit and proper foundation for securely offering patient-centred services. In this paper, we illustrate the past developments and current status of the HTI introduction with a focus on security aspects related to patient-centred services. We depict how security features of the HTI can be applied to improve secure provision of patient-centred services. Furthermore, we present additional security measures that should be implemented by providers of patient-centred services.