Electronic Healthcare Information Security (eBook)
XXI, 190 Seiten
Springer US (Verlag)
978-0-387-84919-5 (ISBN)
The adoption of Information and Communication Technologies (ICT) in healthcare is driven by the need to contain costs while maximizing quality and efficiency. However, ICT adoption for healthcare information management has brought far-reaching effects and implications on the spirit of the Hippocratic Oath, patient privacy and confidentiality. A wave of security breaches have led to pressing calls for opt-in and opt-out provisions where patients are free to choose to or not have their healthcare information collected and recorded within healthcare information systems. Such provisions have negative impact on cost, efficiency and quality of patient care. Thus determined efforts to gain patient trust is increasingly under consideration for enforcement through legislation, standards, national policy frameworks and implementation systems geared towards closing gaps in ICT security frameworks. The ever-increasing healthcare expenditure and pressing demand for improved quality and efficiency in patient care services are driving innovation in healthcare information management. Key among the main innovations is the introduction of new healthcare practice concepts such as shared care, evidence-based medicine, clinical practice guidelines and protocols, the cradle-to-grave health record and clinical workflow or careflow. Central to these organizational re-engineering innovations is the widespread adoption of Information and Communication Technologies (ICT) at national and regional levels, which has ushered in computer-based healthcare information management that is centred on the electronic healthcare record (EHR).
Acknowledgements 7
Preface 8
Contents 10
List of Figures 15
List of Tables 17
LIST OF CONTRIBUTORS AND ORGANISATIONS 18
Chapter 1 Introduction to e-Healthcare Information Security 19
1.1 Introduction 19
1.2 The e-Healthcare Information: Nature and Trends 19
1.3 Security Impact of Trends in e-Healthcare Information Management 21
1.4 Trends in e-Healthcare Environment 22
1.4.1 Case Study: Canada 23
1.4.2 Case Study: IZIP and General Health Insurance Company of the Czech Republic 26
1.4.3 Case Study: Danish Health Data Network (DHDN) 27
1.4.4 Case Study: The Norwegian Healthcare System 31
1.4.5 Case Study: Sweden 33
1.4.6 Case Study: UK NHS Direct Online (NHSDO) Information Service 35
1.5 Securing e-Healthcare Information: Signi.cance and Challenges 37
1.6 Concepts of e-Healthcare Information Security 38
1.7 Frameworks and Approaches 39
1.8 Issues in e-Healthcare Information Security 41
1.9 Summary 43
References 43
Chapter 2 Securing e-Healthcare Information 46
2.1 Introduction 46
2.2 Breaches of Privacy and Con.dentiality in e-Healthcare 47
2.2.1 Accidental Privacy and Condentiality Breaches 47
2.2.2 Ethically Questionable Conduct 48
2.2.3 Breaches Due to Illegal Actions 49
2.2.4 Laxity in Security for Sensitive e-Healthcare Information 49
2.3 The IT Security Challenge for Securing e-Healthcare Information 49
2.4 The Privacy and Con.dentiality Challenge 50
2.5 Utilisation Challenges 52
2.6 Legal Protection Challenges 53
2.7 The Nature of Secure e-Healthcare Information 53
2.8 The Principles for Securing e-Healthcare Information 55
2.9 Combining Security with Privacy and Con.dentiality 57
2.10 Identi.ability in Securing e-Healthcare Information 59
2.11 Anonymisation and Pseudonymisation 60
2.12 Technological Frameworks in Securing e-Healthcare Information 62
2.13 Engineering of Secure e-Healthcare Information 64
2.13.1 Methodologies for Engineering Secure e-Healthcare Information Systems 64
2.13.2 Measures and Security Metrics for Securing e-Healthcare Information 66
2.13.3 Evaluation of Secure e-Healthcare Information 67
2.14 Discussion and Summary of Issues in Securing e-Healthcare Information 67
References 68
Chapter 3 Laws and Standards for Secure e-Healthcare Information 75
3.1 Introduction 75
3.2 The Rationale for Laws and Standards in Securing e-Healthcare Information 76
3.3 Laws and Standards: Relationships, Roles and Interactions 77
3.4 Legal Protection of Privacy in e-Healthcare Information Management 78
3.4.1 International and EU Law on Protection of e-Healthcare Information 78
3.4.2 Irish Law on Protection of e-Healthcare Information 80
3.4.3 UK Law on Protection of e-Healthcare Information 82
3.4.4 Australian Law on Protection of e-Healthcare Information 82
3.4.5 New Zealand Law on Protection of e-Healthcare Information 82
3.4.6 Japanese Law on Protection of e-Healthcare Information 83
3.4.7 US Law on Protection of e-Healthcare Information 83
3.4.7.1 Health Insurance Portability and Accountability Act (HIPAA) in 1996 84
3.4.7.2 HIPAA Rules 84
3.4.7.3 HIPAA Privacy and Security Rules 85
3.4.7.4 The Impact of HIPAA 1996 86
3.4.7.5 Merits and De-Merits of HIPAA Approach 86
3.4.8 Canadian Law on Protection of e-Healthcare Information 87
3.5 Standards for Secure e-Healthcare Information 88
3.5.1 Health Level 7 (HL7) Standardisation 88
3.5.2 Committee for European Normalisation (CEN) Technical Committee (TC) 251 Standardisation 90
3.5.3 The openEHR Specication Standard 91
3.5.4 International Standards Organisation Technical Committee (ISO/TC) 215 Healthcare Informatics Standardisation 94
3.5.5 ASTM Committee E31 on Healthcare Informatics Standardisation 95
3.5.5.1 ASTM Committee E31 Standards for Security and Privacy inHealthcare Informatics 95
3.5.5.2 ASTM E31 Security Model for e-Healthcare Information 99
3.5.6 Generic IT Security within e-Healthcare Information Management 100
3.5.6.1 Authentication and Authorisation in e-Healthcare 100
3.5.6.2 Identity and the Unique Position of Biometric Methods forAuthentication 101
3.5.6.3 Authentication and Authorisation in Emerging Technologies fore-Healthcare InformationManagement 101
3.5.6.4 Data Integrity and Non-repudiation 103
3.5.6.5 Dominant Encryption Standards for Protecting Confidentiality 104
3.5.6.6 Encryption for Protecting Confidentiality in e-Healthcare 105
3.5.6.7 Security Certification 107
3.5.6.8 Security in Web-based Contexts 108
3.5.6.9 Conclusion 109
3.6 Discussion and Summary of the Legal and Standardisation Challenges 109
3.7 Summary 111
References 112
Chapter 4 Secure e-Healthcare Information Systems 117
4.1 Introduction 117
4.2 The elements of Security and Privacy in e-Healthcare Information Systems 118
4.3 Security and Privacy Provisions in EHR Systems 120
4.3.1 The Canadian Health Infoway 121
4.3.2 Security and Privacy Provisions in the UK NHS Care Records 122
4.3.3 Security and Privacy Provisions in the WorldVistA EHR System 124
4.4 Security and Privacy Provisions in Electronic Personal Healthcare Records 125
4.4.1 Google Health e-PHR 126
4.4.2 The Microsoft e-PHR service: The HealthVault 127
4.4.3 The Indivo Open Source e-PHR system 128
4.4.4 Summary of Concerns and Issues with e-PHR systems and Services 128
4.5 Security and Privacy in Clinical Decision Support Systems 130
4.6 The Challenges from Security and Privacy for e-Healthcare Information Security 133
4.7 Future e-Healthcare Information Management: Towards the EHR/PEHR Hybridisation 134
4.8 Summary 136
References 137
Chapter 5 Towards a Comprehensive Framework for Secure e-Healthcare Information 138
5.1 Introduction 138
5.2 The Problem of Securing e-Healthcare Information 139
5.3 The Context and Concepts for Securing e-Healthcare Information 140
5.4 Towards Future-Enabled Requirements for Securing e-Healthcare Information 143
5.4.1 The Security and Privacy Impact of the Evolution of the Control of e-Healthcare Information in Context of the Patient-Centred Paradigm 144
5.4.2 The nature, security and privacy implications of the EHR/PEHR hybrid 147
5.4.3 The Role of Security Metrics 149
5.4.4 Summary of Security and Privacy Requirements for Future-Enabled e-Healthcare Information 150
5.5 The Approach to Securing e-Healthcare Information 150
5.6 The Framework for Securing e-Healthcare Information Security and Privacy 152
5.6.1 The Key Drivers to the Security and Privacy of e-Healthcare Information Security 153
5.6.2 The Model for the e-Healthcare Information Control and Security and Privacy Risk Level Over Time 155
5.6.2.1 Period 1: The immediate past - absolute control by the clinician orhealthcare organisation 156
5.6.2.2 Period 2 and 3A: The present - transition to patient control 156
5.6.2.3 Periods 3B and 4: The immediate future- Balancing professionalrequirements with patient privacy 157
5.6.3 The Conceptual Framework for Secure e-Health Information 159
5.7 The Conceptual Architecture 161
5.8 Discussion and Summary 163
References 165
Chapter 6 Towards a Uni.ed Security Evaluation Framework for e-Healthcare Information Systems 166
6.1 Introduction 166
6.2 Evaluating Privacy and Security in e-Healthcare 166
6.3 Approaches to Evaluation of e-Healthcare Information Security and Privacy 168
6.3.1 Standards-Based Security and Privacy Evaluation 168
6.3.2 Privacy Policy Evaluation 168
6.3.3 Ontology-Based Privacy Evaluation 169
6.3.4 Security and Privacy Metrics 169
6.3.4.1 Policy-Based SecurityMetrics 170
6.3.4.2 Risk Security Metrics 170
6.3.4.3 Attack Graph-Based Security Metrics 170
6.3.4.4 Arguments Against Security and PrivacyMetrics 171
6.3.4.5 The Qualities of a Good Security or PrivacyMetric 172
6.3.5 Model-Based Approach to Security and Privacy Evaluation 175
6.4 Frameworks for e-Healthcare Information Privacy and Security Evaluation 175
6.4.1 Information Security Management Model-Based Evaluation Frameworks 175
6.4.2 Security Metric-Based Evaluation Frameworks 176
6.4.3 Security and Privacy Policy-Based Evaluation Frameworks 176
6.5 Towards a Uni.ed Privacy and Security Evaluation Framework for e-Healthcare Information 177
6.5.1 The Security and Privacy Evaluation Challenges for e-Healthcare Information 177
6.5.2 Towards a Unied Framework for Evaluating Privacy and Security of e-Healthcare Information 178
6.6 Human Factors in Evaluating e-Healthcare Information Security and Privacy 182
6.6.1 Impact of Technological Human Factors 182
6.7 Summary 183
References 184
Chapter 7 Discussions 188
7.1 Introduction 188
7.2 Securing Personal e-Healthcare 189
7.3 Proliferation of New Technologies 191
7.4 Health Identifier 193
7.5 Problem of Securing e-Healthcare Information 194
7.6 Contribution to Knowledge 196
7.7 Conclusion 197
7.8 Future Work and Research Directions 197
References 198
Appendix A International Standards Organisational Technical Committee (ISO/TX) 215 Healthcare Informatics Standardisation 199
Index 202
| Erscheint lt. Verlag | 3.11.2010 |
|---|---|
| Reihe/Serie | Advances in Information Security | Advances in Information Security |
| Zusatzinfo | XXI, 190 p. |
| Verlagsort | New York |
| Sprache | englisch |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| Informatik ► Office Programme ► Outlook | |
| Medizin / Pharmazie ► Gesundheitswesen | |
| Studium ► Querschnittsbereiche ► Prävention / Gesundheitsförderung | |
| Wirtschaft ► Betriebswirtschaft / Management ► Marketing / Vertrieb | |
| Schlagworte | Data Security • E-Health • e-Healthcare • e-Healthcare information systems • electronic health • Healthcare • Healthcare informatics • Information Security • information system • privacy • quality • Radiologieinformationssystem • security |
| ISBN-10 | 0-387-84919-X / 038784919X |
| ISBN-13 | 978-0-387-84919-5 / 9780387849195 |
| Informationen gemäß Produktsicherheitsverordnung (GPSR) | |
| Haben Sie eine Frage zum Produkt? |
PDF (Wasserzeichen)Größe: 1,5 MB
DRM: Digitales Wasserzeichen
Dieses eBook enthält ein digitales Wasserzeichen und ist damit für Sie personalisiert. Bei einer missbräuchlichen Weitergabe des eBooks an Dritte ist eine Rückverfolgung an die Quelle möglich.
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür einen PDF-Viewer - z.B. den Adobe Reader oder Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür einen PDF-Viewer - z.B. die kostenlose Adobe Digital Editions-App.
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
