Personal health record systems and their security protection

Journal of Medical Systems

Volumn 30, Issue 4, 2006, Pages 309-315

  Win, Khin Than ^a   Susilo, Willy ^a   Mu, Yi ^a  

^a UNIVERSITY OF WOLLONGONG   (Australia)

Author keywords

Electronic health record; Information protection; Personal health record; Privacy; Security

Indexed keywords

ACCESS TO INFORMATION; ARTICLE; COMPUTER SECURITY; CONFIDENTIALITY; ELECTRONIC MEDICAL RECORD; INTERNET; PERSONAL HEALTH RECORD;

COMPUTER SECURITY; CONFIDENTIALITY; MEDICAL RECORDS SYSTEMS, COMPUTERIZED; PATIENT IDENTIFICATION SYSTEMS;

EID: 33747622542     PISSN: 01485598     EISSN: None     Source Type: Journal    
DOI: 10.1007/s10916-006-9019-y     Document Type: Article

References (40)

1. Eysenbach, G., Consumer health informatics: Recent advances Br. Med. J. 320:1713-1716, 2000.
2. Gritzalis, D., and Lambrinoudakis, C., A security architecture for interconnecting health information systems. Int. J. Med. Inf. 73:305-309, 2004.
3. Lemos, R. 2000, Medical Privacy Gets CPR, December. Available at http://www.zdnet.com/zdnn/stories/news/0,4586,2667243,00.html accessed May 17, 2001.
4. Win, K. T., A review of security of electronic health records. Health Inf. Manage. J. 34(1):13-18, 2005.
5. Stallings, W., Cryptography and Network Security: Principle and Practices, 4th edn., Prentice-Hall, Englewood Cliffs, NJ, 2006.
6. Varadharajan, V., and Mu, Y., Design of secure end-to-end protocols for mobile systems. In Encarnacao, J. L., and Rabaey, K. M. (eds.), Mobile Communications, Chapman and Hall, London, pp. 258-266, 1996.
7. Waegemann, C. P., Status Report 2002: Electronic Health Records, Medical Records Institute, available at www.medrecinst.com/, 2002.
8. Committee on Data Standards for Patient Safety, Key Capabilities of an Electronic Health Record System, Institute of Medicine, The National Academies, Washington, DC, 2003.
9. NSW Ministerial Advisory Committee on Privacy and Health Information, ANACEA OR PLACEBO? Linked Electronic Health Records and Improvements in Health Outcomes, December, 2000.
10. Australian Medical Council 2003, Legal, ethical and organisational aspects of the practice of medicine. In Marshall, V. C. et al. (ed.), Anthology of Medical Conditions, Australian Medical Council, Inc., Barton, ACT, Australia.
11. Ross, S., and Chen, T. L., The effects of promoting patient access to medical records. J. Am. Med. Inf. Assoc. 10:129-138, 2003.
12. Sittig, D. F., Middleton, B., and Hazlehurst, L. B., Personalized Health Care Record Information on the Web, Proceedings of the Quality Healthcare Information on the "Net'99 Conference, October 13, 1999 in New York. Available at: http://www.informatics-review.com/thoughts/personal.htm, 1999.
13. Treseder, P., Keeping Your Health on Record, ISO/TC 215, Health Informatics. Available at; http://www.iso.ch/iso/en/commcentre/pdf/Health0011. pdf, (Accessed: February 2, 2004), 2000.
14. Cimino, J. J., Patel, V. L., and Kushniruk, A. W., The patient clinical information system (PatCIS): Technical solutions for and experience with giving patients access to their electronic medical records. Int. J. Med. Inf. 68:113-127, 2002.
15. Win, K. T., Web-based personal health record systems evaluation, Int. J. Healthc. Technol. Manage. 7(3/4):208-217, 2006.
16. Galvanon, News and Events: GE Healthcare's Health Kiosks Enable Easy "ATM style" Access to Electronic Medical Records [Online]. Available URL: http://www.galvanon.com/healthcare/whitepapers/ge_kiosks.htm, [Accessed 25 May 2005], 2005.
17. Nicholas, D., Huntington, P., and Williams, P., An evaluation of the use of NHS touch-screen health kiosks: A national study, Aslib Proc. 54(6):372-384, 2002.
18. Briggs, B., Patients Step Up to Kiosks-Warily. Health Data Manage. 13(6):88-90, 2005.
19. Schattner, P., and Plteshner, C., The GPCG Computer Security Project: Final Report. Monash University, The Department of General Practice in Affiliation with the Dept of Rural Health, The University of Melbourne, Monash Division of General Practice, 2004.
20. Benoit, A., and Hamel, G., Adoption of Smart Cards in the Medical Sector: The Canadian Experience. Soc. Sci. Med. 53(7):879-894, 2001.
21. Smart Card Alliance, The Taiwan Health Care Smart Card Project [Online]. Available URL: http://www.smartcardalliance.org/pdf/about_alliance/ user_profiles/Taiwan_Health_Card_Profile.pdf [Accessed 24 March 2005], 2005a.
22. Chan, A., Cao, J., Chan, H., and Young, G., A web-enabled framework for smart card application in health services. Commun. ACM 44(9):77-82, 2001.
23. PAERS, Patient Access to Electronic Medical Record and Automatic Arrival System [Online]. Available URL: http://www.bromba.com/download/ PAERSsystem_detailed.pdf, [Accessed 5 October 2005], 2004.
24. Kim, M., and Johnson, K., Personal health records: Evaluation of functionality and utility. J. Am. Med. Inf. Assoc. 9(2):171-180, 2002.
25. Tobacman, J. K., Kissinger, P., Wells, M., Prokuski, J., Hoyer, M., McPherson, P., Wheeler, J., Kron-Chalupa, J., Parsons, C., Weller, P., and Zimmerman, B., Implementation of personal health records by case managers in a VAMC general medicine clinic. Patient Educ. Couns. 54:27-33.
26. Fowles, J. B., Kind, A. C., Craft, C., Kind, E. A., Mandel, J. L., and Adlis, S., Patient' interest in reading their medical record: Relation with clinical and sociodemographic characteristics and patients' approach to health care. Arch. Intern. Med. 164:793-780, 2004.
27. Songini, M. C., and Dash, J., Hospital confirms hacker stole 5,000 patient files: Attack points to need for standards for patient records. Comput. World 34(51):7, 2000.
28. Chin, T., Security breach: Hacker gets medical records. Am. Med. News 44:18-19, 2001.
29. Chadwick, D. 2003, Patient privacy in electronic prescription transfer, IEEE Secur. Priv. 1(2):77-80.
30. American Society for Testing and Materials, E1714-00: Standard Guide for Properties of a Universal Healthcare Identifier, Available at: http://www.astm.org/cgibin/SoftCart.exe/index.shtml?E+mystore〉, (n.d.).
31. Allaert, F. A., Le Teuff, G., Quantin, C., and Barber, B., The legal knowledge of the electronic signature: A key for a secure direct access of patients to their computerised medical record, Int. J. Med. Inf. 73:239-242, 2004.
32. Horst, H., How to Tamper with Electronic Health Records. Available at: 〈http://www.gnumed.net/gnotary/tampering.html〉 (accessed May 2004), 2001.
33. Schattner, P., and Plteshner, C., The GPCG Computer Security Project: Final Report, Monash University, The Department of General Practice in Affiliation with the Department of Rural Health, The University of Melbourne, Monash Division of General Practice, 2004.
34. Bilykh, I., Bychkov, Y., Jahnke, J. H., McCallum, G., Obry, C., Onabajo, A., and Kuziemsky, C., Can GRID Services Provide Answers to the Challenges of National Health Information Sharing? Proceedings of the 2003 Conference of the Centre for Advanced Studies Conference, IBM, Canada, pp. 39-53, 2003.
35. Sax, U., Kohane, I., and Mandl, K. D., Wireless technology infrastructures for authentication of patients: PKI that rings. J. Am. Med. Inf. Assoc. 12(3):263-268, 2005.
36. Fried, B. M., and Pittman, S., Protecting medical privacy in a digital age: Beyond policies and procedures. A critical role for technology. California, Surf Control Inc. Available at:〈http://itpapers.news.com〉, 2001.
37. Gao, Y., Mu, Y., and Susilo, W., A New Client Puzzle Scheme Against DoS/DDoS Attacks. International Journal of Computer Science and Network Security (IJCSNS), Vol. 5 No. 10, pp.189-200, 2005.
38. Gao, Y., Mu, Y., and Susilo, W., Preventing DoS Attacks with A New Client Puzzle Scheme. The AUUG'2005 Annual Conference, pp. 3-16, 2005.
39. Huang, J., Susilo, W., and Seberry, J., Observations on the Message Integrity Code in IEEE 802.11 Wireless LANs. The 3rd Workshop on the Internet, Telecommunications and Signal Processing (WITSP 2004), pp. 328-332, 2004.
40. Huang, J., Seberry, J., Susilo, W., and Bunder, M., Security Analysis of Michael: The IEEE 802.11i Message Integrity Code. Second International Symposium on Ubiquitous Intelligence and Smart Worlds (UISW2005), Lecture Notes in Computer Science 3823, pp. 423-432, Springer-Verlag, Berlin, 2005.