The proper management of drug treatment is essential, since adverse drug reactions are common reasons of hospitalisations. Expenditure on drug therapy has also been growing faster than any other aspect of health care in many countries. Savings and quality improvements in drug treatment could be achieved with computerised prescribing. In this paper, the architecture of an electronic prescription system is described in the light of software certification and registration. An electronic prescription system is an example of a system supporting shared care and therefore it should be person based, integrated, secure and confidential and data should be shared among health care institutions. The system architecture shares the idea of a virtual patient record and a smart card will be used as a key to prescription data located on the network. The certification and registration of medical software is a difficult and costly procedure. Ensuring the quality of software can be based on; certification of development process, voluntary evaluation, and post-market surveillance. Voluntary evaluation practice would be a precious tool for both the customers and software developers, and it would also be an invaluable source of information in terms of developing new software.
The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy.
To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information.
We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet.
We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information.
The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a specific implementation environment. When implemented in specific environments, these principles and guidelines must also be complemented by measures, which are more specific. Even when a High Level Security Policy already exists in an institution, it is advisable that the management of the Health Care Establishment periodically revisits it to see whether it should be modified or augmented.
Cites: Med Inform Internet Med. 2000 Oct-Dec;25(4):265-7311198188
The article is a review of how national epidemiological data bases in Sweden can be used for research and statistical purposes. Over 500 major applications from research groups and others are dealt with annually by the National Cancer, Hospital discharge, Medical birth, and Cause-of-death registries, providing essential data for studies which have yielded well over a thousand peer-reviewed scientific papers. In over 40 years' Swedish experience of administering the registration of sensitive patient-specific information on diseases, there has not been a single case of data misuse. It is concluded that the benefits of national epidemiological registries far outweigh the risks and marginal costs of maintaining them.
The relation between privacy and confidentiality is critically discussed. The need to be able to process data for epidemiology and management is presented. Too often the protection of privacy is considered to be a synonym of denying access to the patient's data. The function of the Canadian National Institute for Health Information is mentioned as as example of a wider trend to have a national focal point in the development of national databanks and for administering health information networks. Protection of privacy is considered to be the most important threat to the effectiveness of such networks.