Risk analysis of information security in a mobile instant messaging and presence system for healthcare

International Journal of Medical Informatics

Volumn 76, Issue 9, 2007, Pages 677-687

  Bønes, Erlend ^a   Hasvold, Per ^a   Henriksen, Eva ^a   Strandenæs, Thomas ^b  

^a UNIVERSITY HOSPITAL OF NORTH NORWAY   (Norway)

^b Well Diagnostics AS   (Norway)

Author keywords

Healthcare; Information security; Instant messaging; Mobility; Risk analysis

Indexed keywords

INSTANT MESSAGING; MEDIMOB ARCHITECTURES; RISK EVALUATION; SMART PHONES;

HEALTH CARE; MESSAGE PASSING; MOBILE DEVICES; MOBILE TELECOMMUNICATION SYSTEMS; REAL TIME SYSTEMS; RISK ANALYSIS;

SECURITY OF DATA;

ARTICLE; ELECTRONIC DATA INTERCHANGE; EVALUATION; HEALTH CARE ORGANIZATION; HEALTH CARE SYSTEM; HUMAN; HUMAN COMPUTER INTERACTION; INSTANT MESSAGING; PRIORITY JOURNAL; RISK ASSESSMENT; STATISTICAL MODEL; TREATMENT OUTCOME;

COMPUTER SECURITY; DELIVERY OF HEALTH CARE; ELECTRONIC MAIL; HOSPITAL INFORMATION SYSTEMS; MEDICAL INFORMATICS; NORWAY; RISK ASSESSMENT; RISK FACTORS; TELEMEDICINE;

EID: 34447542239     PISSN: 13865056     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.ijmedinf.2006.06.002     Document Type: Article

References (23)

1. J. Stone, S. Merrion, Instant Messaging or Instant Headache? ACM Queue, ACM, 2004, http://www.acmqueue.com/modules.php?name=Content&pa=showpage&pid=142 (last visited: 27 October 2005).
2. F. Langa, More Instant-Messaging Security Holes, InformationWeek, TechWeb, 2001, http://www.informationweek.com/story/IWK20010927S0021 (last visited: 27 October 2005).
3. D. Jacobson, M. Glowacki, Hidden Threats to HIPAA, Palisade Systems Inc., 2003, http://www.palisadesys.com/news&events/HIPAAstudy.pdf (last visited: 27 October 2005).
4. Top Five Security Risks for Instant Messaging in 2005. IMlogic, 2005, http://www.imlogic.com/pdf/Top5_IM_Security2005.pdf (last visited: 11 October 2005).
5. Nardi B.A., Whittaker S., and Bradner E. Interaction and outeraction: instant messaging in action. CSCW 2000 (Proceedings of the 2000 ACM Conference on Computer Supported Cooperative Work). Philadelphia, Pennsylvania, USA (2000)
6. Isaacs E., Walendowski A., Whittaker S., Schiano D.J., and Kamm C. The character, functions and styles of instant messaging in the workplace. CSCW 2002 (Proceedings of the 2002 ACM Conference on Computer Supported Cooperative Work). New Orleans, Louisiana, USA (2002)
7. Vos H.D., Hofte H.T., and Poot H.D. IM[@Work] adoption of instant messaging in a knowledge worker organisation. Hawaii International Conference on System Sciences. Big Island, Hawaii (2004)
8. Hofte H.T., Mulder I., Poot H.D., and Langley D. I M mobile, where R U?. ECSCW 2003 (European Conference on Computer Supported Cooperative Work). Helsinki, Finland (2003)
9. Bruun-Rasmussen M., Bernstein K., and Chronaki C. Collaboration-a new IT-service in the next generation of regional health care networks. Int. J. Med. Inf. 70 (2003) 205-214
10. B.D. Beardmore, Process-Driven, Wireless Computing & Enterprise Messaging in Healthcare, UnBound Technologies Inc.
11. Bardram J.E., and Bossen C. Moving to get ahead: local mobility and collaborative work. ECSCW 2003 (European Conference on Computer Supported Cooperative Work). Helsinki, Finland (2003)
12. Directive 95/46/EC on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data, European Parliament and Council of the European Union, 1995, http://www.europa.eu.int/eur-lex/lex/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML (last visited: 27 October 2005).
13. Health Insurance Portability and Accountability Act, United States Department of Health & Human Services (HHS), 1996, http://www.hhs.gov/ocr/hipaa/ (last visited: 27 October 2005).
14. ISO/IEC 17799: Information Technology - Security Techniques - Code of Practice for Information Security Management, 2nd ed., 2005-06-15, ISO/IEC 17799:2005(E).
15. Stamatiou Y., Skipenes E., Henriksen E., Stathiakis N., Sikianakis A., Charalambous E., Antonakis N., Stølen K., Braber F.D., Lund M.S., Papadaki K., and Valvis G. The CORAS approach for model-based risk management applied to a telemedicine service. MIE 2003 (Medical Informatics Europe). St. Malo, France (2003)
16. The CORAS Project, 2004, http://www.coras.sourceforge.net/ (last visited: 27 October 2005).
17. Risk Management, Standards Association of Australia, AS/NZS 4360:1999.
18. P. Saint-Andre, Extensible Messaging and Presence Protocol (XMPP): Core, IETF XMPP Working Group, 2004, http://www.xmpp.org/specs/rfc3920.txt (last visited: 27 October 2005).
19. P. Saint-Andre, Extensible Messaging and Presence Protocol (XMPP): Instant Messaging and Presence, IETF XMPP Working Group, 2004, http://www.xmpp.org/specs/rfc3921.txt (last visited: 27 October 2005).
20. P.E. Kummervold, PasientLink-Project Information, NST, 2004, http://www.telemed.no/index.php?language=en&cat=7457 (last visited: 27 October 2005).
21. P. Saint-Andre, End-to-End Signing and Object Encryption for the Extensible Messaging and Presence Protocol (XMPP), IETF XMPP Working Group, 2004, http://www.xmpp.org/specs/rfc3923.txt (last visited: 27 October 2005).
22. A. Shevchenko, An Overview of Mobile Device Security, Viruslist.com, Kaspersky Lab, 2005, http://www.viruslist.com/en/analysis?pubid=170773606 (last visited: 24 October 2005).
23. Cavalli E., Mattasoglio A., Pinciroli F., and Spaggiari P. Information security concepts and practices: the case of a provincial multi-speciality hospital. Int. J. Med. Inf. 73 (2004) 297-303