nach oben

Journal of Medical Systems

Erschienen in:

01.08.2006 | Original Article

Personal Health Record Systems and Their Security Protection

verfasst von: Khin Than Win, Willy Susilo, Yi Mu

Erschienen in: Journal of Medical Systems | Ausgabe 4/2006

Einloggen, um Zugang zu erhalten

Abstract

The objective of this study is to analyze the security protection of personal health record systems. To achieve this we have investigated different personal health record systems, their security functions, and security issues. We have noted that current security mechanisms are not adequate and we have proposed some security mechanisms to tackle these problems.

Eysenbach, G., Consumer health informatics: Recent advances Br. Med. J. 320:1713–1716, 2000.CrossRef

Gritzalis, D., and Lambrinoudakis, C., A security architecture for interconnecting health information systems. Int. J. Med. Inf. 73:305–309, 2004.CrossRef

Lemos, R. 2000, Medical Privacy Gets CPR, December. Available at http://www.zdnet.com/zdnn/stories/news/0,4586, 2667243,00.html accessed May 17, 2001.

Win, K. T., A review of security of electronic health records. Health Inf. Manage. J. 34(1):13–18, 2005.

Stallings, W., Cryptography and Network Security: Principle and Practices, 4th edn., Prentice-Hall, Englewood Cliffs, NJ, 2006.

Varadharajan, V., and Mu, Y., Design of secure end-to-end protocols for mobile systems. In Encarnacao, J. L., and Rabaey, K. M. (eds.), Mobile Communications, Chapman and Hall, London, pp. 258–266, 1996.

Waegemann, C. P., Status Report 2002: Electronic Health Records, Medical Records Institute, available at www.medrecinst.com/, 2002.

Committee on Data Standards for Patient Safety, Key Capabilities of an Electronic Health Record System, Institute of Medicine, The National Academies, Washington, DC, 2003.

NSW Ministerial Advisory Committee on Privacy and Health Information, ANACEA OR PLACEBO? Linked Electronic Health Records and Improvements in Health Outcomes, December, 2000.

10.

Australian Medical Council 2003, Legal, ethical and organisational aspects of the practice of medicine. In Marshall, V. C. et al. (ed.), Anthology of Medical Conditions, Australian Medical Council, Inc., Barton, ACT, Australia.

11.

Ross, S., and Chen, T. L., The effects of promoting patient access to medical records. J. Am. Med. Inf. Assoc. 10:129–138, 2003.CrossRef

12.

Sittig, D. F., Middleton, B., and Hazlehurst, L. B., Personalized Health Care Record Information on the Web, Proceedings of the Quality Healthcare Information on the “Net'99 Conference, October 13, 1999 in New York. Available at: http://www.informatics-review.com/thoughts/personal.htm, 1999.

13.

Treseder, P., Keeping Your Health on Record, ISO/TC 215, Health Informatics. Available at; http://www.iso.ch/iso/en/commcentre/pdf/Health0011.pdf, (Accessed: February 2, 2004), 2000.

14.

Cimino, J. J., Patel, V. L., and Kushniruk, A. W., The patient clinical information system (PatCIS): Technical solutions for and experience with giving patients access to their electronic medical records. Int. J. Med. Inf. 68:113–127, 2002.CrossRef

15.

Win, K. T., Web-based personal health record systems evaluation, Int. J. Healthc. Technol. Manage. 7(3/4):208–217, 2006.

16.

Galvanon, News and Events: GE Healthcare's Health Kiosks Enable Easy “ATM style” Access to Electronic Medical Records [Online]. Available URL: http://www.galvanon.com/healthcare/whitepapers/ge_kiosks.htm, [Accessed 25 May 2005], 2005.

17.

Nicholas, D., Huntington, P., and Williams, P., An evaluation of the use of NHS touch-screen health kiosks: A national study, Aslib Proc. 54(6):372–384, 2002.CrossRef

18.

Briggs, B., Patients Step Up to Kiosks—Warily. Health Data Manage. 13(6):88–90, 2005.

19.

Schattner, P., and Plteshner, C., The GPCG Computer Security Project: Final Report. Monash University, The Department of General Practice in Affiliation with the Dept of Rural Health, The University of Melbourne, Monash Division of General Practice, 2004.

20.

Benoit, A., and Hamel, G., Adoption of Smart Cards in the Medical Sector: The Canadian Experience. Soc. Sci. Med. 53(7):879–894, 2001.CrossRef

21.

Smart Card Alliance, The Taiwan Health Care Smart Card Project [Online]. Available URL: http://www.smartcardalliance.org/pdf/about_alliance/user_profiles/Taiwan_Health_Card_Profile.pdf [Accessed 24 March 2005], 2005a.

22.

Chan, A., Cao, J., Chan, H., and Young, G., A web-enabled framework for smart card application in health services. Commun. ACM 44(9):77–82, 2001.CrossRef

23.

PAERS, Patient Access to Electronic Medical Record and Automatic Arrival System [Online]. Available URL: http://www.bromba.com/download/PAERSsystem_detailed.pdf, [Accessed 5 October 2005], 2004.

24.

Kim, M., and Johnson, K., Personal health records: Evaluation of functionality and utility. J. Am. Med. Inf. Assoc. 9(2):171–180, 2002.CrossRef

25.

Tobacman, J. K., Kissinger, P., Wells, M., Prokuski, J., Hoyer, M., McPherson, P., Wheeler, J., Kron-Chalupa, J., Parsons, C., Weller, P., and Zimmerman, B., Implementation of personal health records by case managers in a VAMC general medicine clinic. Patient Educ. Couns. 54:27–33.

26.

Fowles, J. B., Kind, A. C., Craft, C., Kind, E. A., Mandel, J. L., and Adlis, S., Patient’ interest in reading their medical record: Relation with clinical and sociodemographic characteristics and patients’ approach to health care. Arch. Intern. Med. 164:793–780, 2004.CrossRef

27.

Songini, M. C., and Dash, J., Hospital confirms hacker stole 5,000 patient files: Attack points to need for standards for patient records. Comput. World 34(51):7, 2000.

28.

Chin, T., Security breach: Hacker gets medical records. Am. Med. News 44:18–19, 2001.

29.

Chadwick, D. 2003, Patient privacy in electronic prescription transfer, IEEE Secur. Priv. 1(2):77–80.CrossRef

30.

American Society for Testing and Materials, E1714-00: Standard Guide for Properties of a Universal Healthcare Identifier, Available at: http://www.astm.org/cgibin/SoftCart.exe/index.shtml?E+mystore>, (n.d.).

31.

Allaert, F. A., Le Teuff, G., Quantin, C., and Barber, B., The legal knowledge of the electronic signature: A key for a secure direct access of patients to their computerised medical record, Int. J. Med. Inf. 73:239–242, 2004.CrossRef

32.

Horst, H., How to Tamper with Electronic Health Records. Available at: <http://www.gnumed.net/gnotary/tampering.html> (accessed May 2004), 2001.

33.

Schattner, P., and Plteshner, C., The GPCG Computer Security Project: Final Report, Monash University, The Department of General Practice in Affiliation with the Department of Rural Health, The University of Melbourne, Monash Division of General Practice, 2004.

34.

Bilykh, I., Bychkov, Y., Jahnke, J. H., McCallum, G., Obry, C., Onabajo, A., and Kuziemsky, C., Can GRID Services Provide Answers to the Challenges of National Health Information Sharing? Proceedings of the 2003 Conference of the Centre for Advanced Studies Conference, IBM, Canada, pp. 39–53, 2003.

35.

Sax, U., Kohane, I., and Mandl, K. D., Wireless technology infrastructures for authentication of patients: PKI that rings. J. Am. Med. Inf. Assoc. 12(3):263–268, 2005.CrossRef

36.

Fried, B. M., and Pittman, S., Protecting medical privacy in a digital age: Beyond policies and procedures. A critical role for technology. California, Surf Control Inc. Available at:<http://itpapers.news.com>, 2001.

37.

Gao, Y., Mu, Y., and Susilo, W., A New Client Puzzle Scheme Against DoS/DDoS Attacks. International Journal of Computer Science and Network Security (IJCSNS), Vol. 5 No. 10, pp.189–200, 2005.

38.

Gao, Y., Mu, Y., and Susilo, W., Preventing DoS Attacks with A New Client Puzzle Scheme. The AUUG’2005 Annual Conference, pp. 3–16, 2005.

39.

Huang, J., Susilo, W., and Seberry, J., Observations on the Message Integrity Code in IEEE 802.11 Wireless LANs. The 3rd Workshop on the Internet, Telecommunications and Signal Processing (WITSP 2004), pp. 328–332, 2004.

40.

Huang, J., Seberry, J., Susilo, W., and Bunder, M., Security Analysis of Michael: The IEEE 802.11i Message Integrity Code. Second International Symposium on Ubiquitous Intelligence and Smart Worlds (UISW2005), Lecture Notes in Computer Science 3823, pp. 423–432, Springer-Verlag, Berlin, 2005.

Titel: Personal Health Record Systems and Their Security Protection
verfasst von: Khin Than Win
Willy Susilo
Yi Mu
Publikationsdatum: 01.08.2006
Verlag: Springer US
Erschienen in: Journal of Medical Systems / Ausgabe 4/2006
Print ISSN: 0148-5598
Elektronische ISSN: 1573-689X
DOI: https://doi.org/10.1007/s10916-006-9019-y

Live-Webinar "Chronische Unterbauch- und Viszeralschmerzen in der Praxis managen"

Springer Medizin

Personal Health Record Systems and Their Security Protection

Abstract

Live-Webinar "Chronische Unterbauch- und Viszeralschmerzen in der Praxis managen"

Springer Medizin

Abstract

Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten

Weitere Artikel der Ausgabe 4/2006

Investigating Response Bias in an Information Technology Survey of Physicians

Discontinuous Region Growing Scheme for Preliminary Detection of Tumor in MRCP Images

Racial disparities in health information access: resilience of the digital divide

Adding Value with 3D Visualization and Haptic Forces to Radiosurgery—A Small Theory-Based, Quasi-Experimental Study

Leading Knowledge Producers Within the Biomedical Informatics Community

Assessing Health Consumerism on the Web: A Demographic Profile of Information-Seeking Behaviors