Skip header and navigation

Refine By

2 records – page 1 of 1.

A framework for an institutional high level security policy for the processing of medical data and their transmission through the Internet.

https://arctichealth.org/en/permalink/ahliterature192425
Source
J Med Internet Res. 2001 Apr-Jun;3(2):E14
Publication Type
Article
Author
C. Ilioudis
G. Pangalos
Author Affiliation
Informatics Laboratory, Faculty of Technology, Aristotle University of Thessaloniki, Thessaloniki, 54006, Greece; iliou@eng.auth.gr
Source
J Med Internet Res. 2001 Apr-Jun;3(2):E14
Language
English
Publication Type
Article
Keywords
Access to Information - legislation & jurisprudence
Canada
Computer Security - legislation & jurisprudence - standards
Confidentiality - standards
Databases as Topic - classification - legislation & jurisprudence
Education, Professional - legislation & jurisprudence
Europe
Guidelines as Topic
Humans
Informed Consent - legislation & jurisprudence
Internet - standards
Medical Informatics Computing - legislation & jurisprudence - standards
Medical Records Systems, Computerized - standards
Organizational Policy
Patient Rights - legislation & jurisprudence
Quality of Health Care - legislation & jurisprudence
United States
Abstract
The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy.
To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information.
We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet.
We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information.
The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a specific implementation environment. When implemented in specific environments, these principles and guidelines must also be complemented by measures, which are more specific. Even when a High Level Security Policy already exists in an institution, it is advisable that the management of the Health Care Establishment periodically revisits it to see whether it should be modified or augmented.
Notes
Cites: Med Inform Internet Med. 2000 Oct-Dec;25(4):265-7311198188
PubMed ID
11720956 View in PubMed
Less detail

Security middleware infrastructure for DICOM images in health information systems.

https://arctichealth.org/en/permalink/ahliterature181791
Source
J Digit Imaging. 2003 Dec;16(4):356-64
Publication Type
Article
Date
Dec-2003
Author
Vijay N V Kallepalli
Sylvanus A Ehikioya
Sergio Camorlinga
Jose A Rueda
Author Affiliation
Department of Computer Science, University of Manitoba, 561 Machray Hall, Winnipeg, Manitoba R3T 2N2, Canada. Vijay@cs.umanitoba.ca
Source
J Digit Imaging. 2003 Dec;16(4):356-64
Date
Dec-2003
Language
English
Publication Type
Article
Keywords
Access to Information - legislation & jurisprudence
Canada
Computer Communication Networks - legislation & jurisprudence
Computer Security - legislation & jurisprudence
Confidentiality - legislation & jurisprudence
Database Management Systems - legislation & jurisprudence
Guideline Adherence - legislation & jurisprudence
Health Insurance Portability and Accountability Act - legislation & jurisprudence
Hospital Information Systems - legislation & jurisprudence
Humans
Medical Records Systems, Computerized - legislation & jurisprudence
Radiology Information Systems - legislation & jurisprudence
Signal Processing, Computer-Assisted
United States
Abstract
In health care, it is mandatory to maintain the privacy and confidentiality of medical data. To achieve this, a fine-grained access control and an access log for accessing medical images are two important aspects that need to be considered in health care systems. Fine-grained access control provides access to medical data only to authorized persons based on priority, location, and content. A log captures each attempt to access medical data. This article describes an overall middleware infrastructure required for secure access to Digital Imaging and Communication in Medicine (DICOM) images, with an emphasis on access control and log maintenance. We introduce a hybrid access control model that combines the properties of two existing models. A trust relationship between hospitals is used to make the hybrid access control model scalable across hospitals. We also discuss events that have to be logged and where the log has to be maintained. A prototype of security middleware infrastructure is implemented.
Notes
Cites: J Digit Imaging. 2002;15 Suppl 1:107-1112105707
PubMed ID
14747934 View in PubMed
Less detail