Draft standard for high level security policies for healthcare establishments

Studies in Health Technology and Informatics

Volumn 69, Issue , 2002, Pages 23-47

  Kokolakis, Spyros ^a   Gritzalis, Dimitris ^b   Katsikas, Sokratis ^a  

^a UNIVERSITY OF THE AEGEAN   (Greece)

^b ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS   (Greece)

Author keywords

[No Author keywords available]

Indexed keywords

DRAFT STANDARD; HEALTHCARE ESTABLISHMENTS; SECURITY POLICY;

ARTICLE; COMPUTER SECURITY; CONFIDENTIALITY; EUROPEAN UNION; HUMAN COMPUTER INTERACTION; INFORMATION SYSTEM; PRACTICE GUIDELINE; STANDARD;

COMPUTER SECURITY; COMPUTER USER TRAINING; CONFIDENTIALITY; EUROPEAN UNION; GUIDELINES; INFORMATION SYSTEMS;

EID: 5444247518     PISSN: 09269630     EISSN: 18798365     Source Type: Book Series    
DOI: 10.3233/978-1-60750-913-4-23     Document Type: Article

References (39)

1. European Union Directive 95/46/EC on the Protection of Individuals With Regard To the Processing of Personal Data and on the Free Movement of Such Data , 24 October 1995.
2. Council of Europe, Convention No. 108 for the Protection of Individuals With Regard To Automatic Processing of Personal Data , 28 January 1981.
3. Council of Europe, Recommendation R(97)5 on the Protection of Medical Data , February 1997.
4. Council of Europe, Recommendation R(83)10 o n the Protection of Personal Data Used for Scientific Research and Statistics , 23 September 1983.
5. Council of Europe, Recommendation R(97)18 on the Protection of Personal Data Collected and Processed for Statistical Purposes , 30 September 1997.
6. Council of Europe, Recommendation R(86) 1 on the Protection of Personal Data Used for Social Security Purposes , 23 October 1986.
7. OECD, Guidelines for the Security of Information Systems, 26 November 1992.
8. OECD, Guidelines for Cryptography Policy , 27 March 1997.
9. Anderson R., A n Update on the BMA Security Policy , Cambridge University Press, 1996.
10. Anderson R., "Clinical System Security: Interim Guidelines", British Medical Journal , vol.312, pp. 109-111, January. 1996.
11. ANSI/HISB, Inventory of Healthcare Information Standards , January 1997.
12. British Medical Association (BMA), Security in Clinical Information Systems, BMA, January 1996.
13. Bundesarztekammer. Empfehlungen zuarztlicher Schweigepflicht, Datenschutz und Date nverarbeitung in der Arztpraxis. Koln: Bundesarztekammer, 1996 (in German).
14. Callens S., Nys H., "Recommendations for European Health Data Protection Legislation", in Towards Security in Medical T e l e m a t i c s , B. Barber, et al. (Eds.), IOS Press, 1996.
15. Canadian Organisation for the Advancement of Computers in Health (COACH), Security a n d Privacy Guidelines for Health Information Systems, Canada's Health Informatics Association, 1995.
16. Cohen B., Models a n d Modelling Frameworks in Healthcare Informatics, in Proc. of the Conference on "Towards an Electronic Patient Record", San Diego and London, 1996.
17. Colleran A., Standardisation Issues f o r the European Trusted Services-ETS, Final report for the European Commission, May 1997.
18. Council of Europe, Convention 108: O n the Protection of Individuals with Regard to Automatic Processing of Personal Data, Strasbourg, 1981.
19. Council of Europe, Protection of Personal Data Collected and Poesed for Statistical Purposes , Strasbourg, June 1996.
20. Council of Europe, Draft Recommendation R(97)5, On the Protection of Medical Data, Strasbourg, 1997.
21. Cresson-Wood C , Information Security Po l i c i e s Made Easy, Baseline Software, USA, 1991.
22. European Commission, Information Technology Security Evaluation Criteria (ITSEC), June 1991.
23. European Parliament and the Council of the European Union, Directive 95/46/EC O n the Protection of Individuals with Regard to the Processing of Personal Data and Onte Free Movement of Such Data and on the Free Movement of Such Data, OJEC, L281/38, November 1995. .
24. Humphreys E., Security Standards for Medical Information Systems, in B. Barber, et al. (Eds.), Towards Security in Medical T e l e m a t i c s , IOS Press, 1995.
25. IB AG, The IBAG F r a m e w o r k f o r Co m m e r c i a l I T Security , INFOSEC Business Advisory Group, European Commission, INFOSEC Programme, ver. 2, September 1993.
26. ISHTAR, White Paper o n Healthcare Information Systems, Deliverable 37, Healthcare Telematics/ISHTAR Project, September 1997.
27. Katsikas S., Gritzalis D., "The Need for a Security Policy in Healthcare Institutions", J o u r n a l of B i o m e d i c a l C o m p u t i n g , vol. 35, pp. 73-80, 1994.
28. Laske C , "Legal Issues in Medical Informatics: A Bird's Eye View", in Towards Security in Medical T e l e m a t i c s , B. Barber, et al. (Eds.), IOS Press, 1996.
29. OECD, Guidelines for the Security of Information Systems, OECD/GD(92)190 Paris, November 1992.
30. OECD, Guidelines for Cryptography Policy , Paris, March 1997.
31. Pouloudi, A., Focus : Conflicting Concernso the Privacy of Electronic Medical Records in the NHSnet, Business Ethics, Vol. 6, no.2, 1997.
32. SEISMED Consortium, D a t a Security f o r Healthcare , Vol. 1, 2 and 3, IOS Press, 1996.
33. Smeets B., Johansson T., Secure Storage and Retrieval in Medical Information Systems, Dept. of Information Technology, Lund University, Sweden.
34. Standards Australia Committee IT/14, Personal Privacy Protectio n in Healthcare Information Systems, AS4400-1995.
35. Swedish Medical Association, Information Technology: The Physician and The Patient , SMA, Stockholm, 1995.
36. TrustHealth-1, TTP Infrastructure Implementation , Deliverable no. D2.1, INFOSEC/TrustHealth-1 Project, July 1996.
37. TrustHealth-1, Legal Aspects of Healthcare Telematics : First Proposal for Actions in the Legal Area , Deliverable no. D6.4, INFOSEC/TrustHealth-1 Project, April 1997.
38. TrusthHealth-1, Over view of Legal Issues, Deliverable no. D6.1, INFOSEC/TrustHealth-1 Project, March 1997.
39. TrusthHealth-1, Examination of the Implications of the EU Data Protection Directivetoa TrustHealth Information System, Deliverable no. D6.2, INFOSEC/TrustHealth-1 Project, October 1996.