Patient data and security: An overview

International Journal of Medical Informatics

Volumn 49, Issue 1, 1998, Pages 19-30

  Barber, Barry ^a  

^a Health Data Protection   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

HEALTH CARE; INTERNATIONAL LAW; SECURITY OF DATA;

MEDICAL INFORMATICS;

MEDICAL COMPUTING;

COMPUTER PROGRAM; COMPUTER SYSTEM; CONFERENCE PAPER; CONFIDENTIALITY; DECISION MAKING; ETHICS; HUMAN RIGHTS; INFORMATION SYSTEM; INFORMED CONSENT; LEGAL ASPECT; MEDICAL INFORMATION; METHODOLOGY; PATIENT CODING; PRIORITY JOURNAL; RISK ASSESSMENT;

COMPUTER COMMUNICATION NETWORKS; COMPUTER SECURITY; CONFIDENTIALITY; EUROPE; EUROPEAN UNION; GUIDELINES; HUMAN RIGHTS; HUMANS; INTERNATIONAL COOPERATION; MEDICAL INFORMATICS; MEDICAL RECORDS SYSTEMS, COMPUTERIZED; PATIENT PARTICIPATION; REGISTRIES; RISK ASSESSMENT; SOCIAL RESPONSIBILITY;

EID: 0032031238     PISSN: 13865056     EISSN: None     Source Type: Journal    
DOI: 10.1016/S1386-5056(98)00006-9     Document Type: Conference Paper

References (62)

1. H.E. Peterson, R. Turn, System implications of information privacy, in: Proc. AFIPS FJCC, 30, 1967.
2. R.N. Freed, Legal aspects of computer use in medicine, Law and Contemporary Problems 32, 674-706.
3. Acheson E.D. Linkage of medical records. Br. Med. Bull. 24:1968;206-209.
4. J.L. Witts, People in confidence; the expanding circle, in: E.D. Acheson (Ed.), Record Linkage in Medicine, Livingstone, 1968, pp. 333-338.
5. Curran W.J.et al. Privacy, confidentiality and other legal considerations in the establishment of centralised health-data systems. N. Eng. J. Med. 281:1969;241-248.
6. General requirements for implementing hospital computer systems, in: M. Collen (Ed.), Hospital Computer System, Wiley, New York, 1974, pp. 14-15, ISBN 0-471-16510-7.
7. Barber B.et al. Some problems of confidentiality in medical computing. J. Med. Ethics. 2:1976;71-73.
8. K. Younger, Report of the Committee on Privacy to the UK Parliament, chaired by K. Younger, Cmnd 5012, HMSO, London, July 1972.
9. N. Lindop, Report of the Committee on Data Protection to the UK Parliament, chaired by N. Lindop, Cmnd 7341, HMSO, London, December 1978.
10. Computers and Privacy, UK Parliament White paper, Cmnd 6353, HMSO, London, December 1975.
11. J.A. Dinklo, Confidentiality of medical data in the usage of data Banks, in: J. Anderson and J.M. Forsythe (Eds.), MEDINFO 74, North-Holland, Elsevier, Amsterdam, 1974, pp. 181-187.
12. R. Thome, Protection and confidentiality of medical data: I efficient data protection through project-specific combination of methods, in: J. Anderson and J.M. Forsythe (Eds.), MEDINFO 74, North-Holland, Elsevier, Amsterdam, 1974, pp. 189-191.
13. K. Bohm, Protection and Confdentiality of Medical Data: II Simple Methods for Meeting Users Needs.
14. T.H. Fischer, J.M. Helmbock, Data privacy and data security in Kiel KIS, in: J. Anderson and J.M. Forsythe (Eds.), MEDINFO 74, North-Holland, Elsevier, Amsterdam, 1974, pp. 197-199.
15. L.M. Yanez, Introduction of a user-oriented THIS into a community hospital setting: confidentiality and security, in: J. Anderson and J.M. Forsythe (Eds.), MEDINFO 74, North-Holland, Elsevier, Amsterdam, 1974, pp. 201-206.
16. G.G. Griesser et al., Data Protection in Health Information Systems: Considerations and Guidelines, Elsevier, Amsterdam, 1980, ISBN 0 444 86052 5.
17. G.G. Griesser et al., Data Protection in Health Information Systems: Where Do We Stand?, Elsevier, Amsterdam, 1980, ISBN 0 444 86713 9.
18. Council of Europe 1950: Convention For the Protection of Human Rights and Fundamental Freedoms, 4 November 1950, and Protocols I-[20/3/52], 2[6/5/63] and 4 [16/9/63], Strasbourg, ISBN 92 871 0064 0.
19. Council of Europe 1981: Convention For the Protection of Individuals with regard to Automatic Processing of Personal Data, Convention 108, January 1981, ISBN (1982) 92-871-00225.
20. Council of Europe: Recommendation, R(81)1, On Automated Medical Data Banks, Strasbourg, 23 January 1981.
21. Council of Europe Recommendation, R(97)5, On the Protection of Medical Data, Council of Europe, Strasbourg, 12 February 1997.
22. European Community Directive 95/46/EC, On the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data, OJ L281/31-50, 24 October 1995.
23. Louveaux, Poullet: Data Protection in Health Telematics Projects: Compliance with the European Directive on the Protection of Personal Data, 1995.
24. R. Clark, Implications of the EU Data Protection Directive and Council of Europe Recommendation for HCEs, ISHTAR consortium deliverable ref I04UDOlA, June 1996.
25. B. Barber et al., The definition of data privacy for europe, in HC97 current perspectives, in: Richards et al. (Eds.), Health Care Computing 1997, pub for BCS by BJHC Weybridge, 1997, pp. 47-54, ISBN 0 948198 26 5.
26. B. Barber, F.-A. Allaert, Some implications of the EU data protection directive, in: C. Pappas et al. (Eds.), Medical Informatics 97, Studies in Health Technology and Informatics, vol. 43, IOS Press, Amsterdam, 1997, pp. 829-833, ISBN 90-5199-343 9.
27. I. Asimov, I Robot, Gnome Press, 1950. (or Doubleday and Co 1963 or 'Rest of the Robots', Dobson Books, 1967).
28. B. Barber, R. Vincent, M. Scholes, Worst case scenarios: the legal consequences, in: B. Richards et al. (Eds.), Current Perspectives in Health care Computing 1992, British Computer Society, BJHC Weybridge, 1992, pp. 282-288, ISBN 0 948198 12 5.
29. Report of the Independent Enquiry commissioned by the West Midlands Regional Health Authority into the Conduct of Isocentric radiotherapy at the North Staffordshire Royal Infirmary betvveen 1982 and 1991, West Midlands Regional Health Authority, August 1992.
30. AIM Requirements Board, Impact Assessment and Forecasts of Information and Communications Technologies Applied to Health Care, vols. I-IV, Ref. XHI/F/A10966C, AIM Secretariat, 61 Rue de Treves, Brussels, 1989.
31. B. Barber, O.A. Jensen, H. Lamberts, F. Roger, P. de Schouwer, H. Zollner, The six safety first principles of health information systems, in HC90: current perspectives in health computing, Br. J. Health Care Comput. (1990) 38-47, ISBN 0 948198 09 5.
32. B. Barber et al., The six safety first principles of health information systems: a program of implementation part 1: safety and security, B. Barber, O.A. Jensen, H. Lamberts, F. Roger, P. de Schouwer, H. Zollner, in: R. O'Moore, S. Bengtsson, J.R. Bryant, J.S. Bryden (Eds.), MIE90, vol. 40 in Lecture Notes in Medical Informatics, Springer Verlag, Berlin, 1990, pp. 608-613.
33. P. de Schouwer et al., The six safety first principles of health information systems: a program of implementation part 2: the environment, convenience and legal issues, P. Schouwer de, B. Barber, O.A. Jensen, H. Lamberts, F.H. Roger France, H. Zollner, in: R. O'Moore, S. Bengtsson, J.R. Bryant, J.S. Bryden (Eds.), MIE90, vol. 40, Springer-Verlag, Berlin, 1990, pp. 614-619.
34. P. Peterson, Fatal Defect: Chasing the Killer Computer Bugs, Vintage Books, New York, 1995, pp. 27-54, ISBN 0-8129-2023-6.
35. C. Stoll, The Cuckoo's Egg, Pan Books, London, 1991, ISBN 0-330-31742-3.
36. IT Security Breaches Survey, NCC, Manchester, 1994, tel +44 161 2286333.
37. Audit Commission Report: Opportunity makes a Thief: An Analysis of Computer Abuse, HMSO, London, 1994, ISBN 011 886 137 9.
38. The CRAMM User Guide, issue 1.0 April 1996, CRAMM software 3.0, The CRAMM Manager, PO Box 1028, London Nl lUX.
39. B. Barber, J. Davey, The use of the CCTA risk analysis and management methodology [CRAMM] in health information systems, in: K.C. Lun et al. (Eds.), MEDINFO 92, North-Holland, Amsterdam, 1992, pp. 1589-1593, ISBN 0 444 89668 6.
40. SEISMED, A Secure Environment for Information Systems in MEDicine, EU DG XIII, Project in Advanced Informatics in Medicine program, A2033, 1992-1995.
41. B. Barber et al., Towards security in medical telematics, in: B. Barber et al. (Eds.), Studies in Health Technology and lnformatics, vol. 27, SEISMED Consortium, IOS Press, Amsterdam, 1996, ISBN 90 5199 246 7.
42. SEISMED Consortium: Data Security for Health Care, in Studies in Health Technology and Informatics, vols. 31-33, IOS Press, Amsterdam, 1996.
43. ISHTAR 1996, Implementing Secure Health care Telematics Applications in Europe, EU Fourth Framework Health Telematics Project 1046, 1996-1998.
44. Trusted Health Information Systems, THIS, INFOSEC Project, Requirements on Electronic Signature Services and Trusted Third Party Services, Part 1, version 2, 12 January 1995.
45. Trust Health IEU DG XIII Fourth Framework Health Telematics Project, 1996-1997.
46. Categorisation and Protection Profile Standard, ENV 12924 Medical Informatics - Security Categorisation and Protection for Health care Information Systems, TC251 WG6 [PT012], ENV 12924, June 1997, CEN, Brussels, 1996.
47. Medical Informatics - -Algorithm for Digital Signature Services in Health care, ENV-12388 (1997), TC251 Digital Signature Standard, CEN, Brussels, 1997.
48. Password Standard, draft prENV, Medical Informatics - Secure User Authentication for Health Care: Management and Security of Authentication by Passwords, TC251 WG6, Ref. N95-022 rev, June 1995, CEN, Brussels, 1996.
49. MEDSEC, EU Health Care Security and Privacy project, 1997-1998.
50. SEMRIC, Secure Electronic Medical Record Information Communication, EU DG III Information Society Initiatives for Standardisation project, 1997.
51. Code of Practice for Information Security Management, BS 7799, BS7799, British Standards Institution, London, 1995, ISBN 0 580 23642.
52. IEC draft Standard 1508 Functional Safety: Safety Related Systems issued for public comment in June 1995, parts 1 to 7.
53. Standards of Australia Committee: Personal Privacy Protection in Health Information Systems, IT/14, AS4400-1995.
54. OECD: Guidelines for the Security of Information Systems, OECD/GD(92)190, Paris, November 1992.
55. ANSI/HISB: An Inventory of Health care Information Standards, January 1997.
56. ASTM/E31, ASTM E1869: Guide for Electronic Privacy Access and Data Security Principles for Health care Information.
57. ASTM/E31 ASTM E1762: Guide for Electronic Authentication of Health Care Information.
58. ANSI/ASTM, ASTM E1714-X: Properties of a Universal Health Care Identifier-UHID.
59. MEDSEC Project Ref. 52 deliverable 4, 1997.
60. European Commission: Data protection and confidentiality in health informatics: handling health data in Europe in the future, in: EU Commission (ed.), DG XIII/F AIM, Studies in Health Technology and Informatics, vol. 1, IOS Press, Amsterdam, 1991, ISBN 90 5199 052 9.
61. B. Barber et al., Caring for Health Information: Safety, Security and Secrecy, in: B. Barber et al. (Eds.), pub for IMIA WG4 Elsevier, Amsterdam, ISSN 00207101 [also in Int. J. BioMed. Comput. 35, Supplement February 1994].
62. A.R. Bakker et al., Communicating Health Information in an Insecure World, in: A.R. Bakker et al. (Eds.), pub for IMIA WG4 Elsevier, Amsterdam, 1996, ISSN 00207101 [also in Int. J. of BioMed. Comput. 43, Supplement October 1996].