Security considerations for e-mental health interventions

Journal of Medical Internet Research

Volumn 12, Issue 5, 2010, Pages

  Bennett, Kylie ^a   Bennett, Anthony James ^a   Griffiths, Kathleen Margaret ^a  

^a AUSTRALIAN NATIONAL UNIVERSITY   (Australia)

Author keywords

Computer security; Confidentiality; Data collection; Health technology; Implementation; Internet; Mental health; Privacy

Indexed keywords

ACCESS TO INFORMATION; ARTICLE; COMPUTER ASSISTED THERAPY; COMPUTER NETWORK; COMPUTER SECURITY; CONFIDENTIALITY; ELECTRONIC MEDICAL RECORD; HEALTH CARE QUALITY; HUMAN; MENTAL DISEASE; ORGANIZATION AND MANAGEMENT; PATIENT IDENTIFICATION;

ACCESS TO INFORMATION; COMPUTER COMMUNICATION NETWORKS; COMPUTER SECURITY; CONFIDENTIALITY; HUMANS; MEDICAL RECORDS SYSTEMS, COMPUTERIZED; MENTAL DISORDERS; PATIENT IDENTIFICATION SYSTEMS; QUALITY ASSURANCE, HEALTH CARE; THERAPY, COMPUTER-ASSISTED;

EID: 78651279967     PISSN: None     EISSN: 14388871     Source Type: Journal    
DOI: 10.2196/jmir.1468     Document Type: Article

References (33)

1. Bennett GG, Glasgow RE. The delivery of public health interventions via the Internet: actualizing their potential. Annu Rev Public Health 2009 Apr. 29;30:273-292. [doi: 10.1146/annurev. publhealth.031308.100235]
2. Fisher CB, Fried AL. Internet-mediated psychological services and the American Psychological Association Ethics Code. Psychotherapy Theory, Research, Practice, Training 2003;40(1-2): 103-111. [doi: 10.1037/0033-3204.40.1/2.103]
3. British Psychological Society Professional Practice Board. British Psychological Society. 2009. The provision of psychological services via the Internet and other non-direct means. 2nd edition URL: http://www.bps.org.uk/ document-download-area/document-download$.cfm?file-uuid= 2EBE71C3-BB34-2107-8DF4-B07EF8B2BF7A&ext=pdf [WebCite Cache ID 5sw7WbHKP]
4. Australian Psychological Society. 2004. Guidelines for providing psychological services and products on the Internet URL: http://www.psychology. org.au/Assets/Files/EG-Internet.pdf [accessed 2010-09-22] [WebCite Cache ID 5sw7l0i5L]
5. Curtin CM, Ayres L. Interhack Corporation. 2009. Using Science to Combat Data Loss: Analyzing Breaches by Type and Industry URL: http://web.interhack. com/publications/interhack-breach-taxonomy.pdf [accessed 2010-01-12] [WebCite Cache ID 5mioDeY0B]
6. Perlman R. An overview of PKI trust models. IEEE Network 1999 Dec; 13(6):38-43. [doi: 10.1109/65.806987] (Pubitemid 30526482)
7. Thompson H. Why security testing is hard. IEEE Security & Privacy Magazine 2003 Aug; 1(4):83-86. [doi: 10.1109/MSECP.2003.1219078]
8. Firesmith DG. The Journal of Object Technology. 2003. Engineering Security Requirements URL: http://www.jot.fm/issues/issue-2003-01/column6/ [accessed 2010-09-22] [WebCite Cache ID 5sw88lMBv]
9. National Vulnerability Database. URL: http://nvd.nist.gov/[accessed 2010-01-12] [WebCite Cache ID 5mipYtCKh]
10. CERT. 2003. CERT Advisory CA-2002-22 Multiple Vulnerabilities in Microsoft SQL Server URL: http://www.cert.org/advisories/CA-2002-22.html [WebCite Cache ID 5miqE2piH]
11. Microsoft. 2003. Microsoft Security Bulletin MS02-018 Cumulative Patch for Internet Information Services URL: http://www.microsoft.com/technet/ security/Bulletin/MS02-018.mspx [accessed 2010-01-12] [WebCite Cache ID 5miqMX9p8]
12. CVE. 2009. CVE-2009-2412 URL: http://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2009-2412 [accessed 2010-01-12] [WebCite Cache ID 5miqTQjEW]
13. CVE. 2008. PHP: Multiple vulnerabilities URL: http://www.gentoo.org/ security/en/glsa/glsa-200811-05.xml [accessed 2010-01-12] [WebCite Cache ID 5miqqtycT]
14. Bercegay JE. GulfTech Research and Development. 2005. Multiple Invision Power Board Vulnerabilities URL: http://www.gulftech.org/?node= research&article-id=00073-05052005 [accessed 2010-01-12] [WebCite Cache ID 5mir9xtjb]
15. SecurityFocus. Invision Power Board Login. PHP SQL Injection Vulnerability. 2005. URL: http://www.securityfocus.com/bid/13529/exploit [accessed 2010-01-12] [WebCite Cache ID 5mirTSFZ2]
16. Anley C. Advanced SQL Injection In SQL Server Applications. 2002. URL: http://www.cgisecurity.com/lib/advanced-sql-injection.pdf [accessed 2010-01-12] [WebCite Cache ID 5miraQ7Qu]
17. Di Lucca GA, Fasolino AR, Mastoianni M, Tramontana P. Identifying cross site scripting vulnerabilities in web applications. 2004 Presented at: the 6th IEEE International Workshop on Web Site Evolution; Sep. 11, 2004; Chicago, IL. [doi: 10.1109/WSE.2004.10013]
18. OWASP. 2009. Data Validation URL: http://www.owasp.org/index.php/Data- Validation [accessed 2010-01-12] [WebCite Cache ID 5mit0Km0M]
19. Rudolph A, Curphey M. Getting It Right: Data Validation. 2007. URL: http://www.softwaremag.com/l.cfm?doc=1006-12/2006 [accessed 2010-01-12] [WebCite Cache ID 5misp8ym1]
20. CERT. 2008. Multiple DNS implementations vulnerable to cache poisoning URL: http://www.kb.cert.org/vuls/id/800113 [accessed 2010-01-12] [WebCite Cache ID 5mit8BePU]
21. Cockburn A, Williams L. The Costs and Benefits of Pair Programming. 2000 Presented at: 1st International Conference on Extreme Programming and Flexible Processes Software Engineering; June 2000 URL: http://collaboration. csc.ncsu.edu/laurie/Papers/XPSardinia.PDF [WebCite Cache]
22. Verdon D, McGraw G. Risk analysis in software design. IEEE Security and Privacy Magazine 2004;2(4):79-84. [doi: 10.1109/MSP.2004.55]
23. Hernan S, Lambert S, Ostwald T, Shostack A. Uncover Security Design Flaws Using The STRIDE Approach. 2006. URL: http://msdn. microsoft.com/en-us/ magazine/cc163519.aspx [accessed 2010-01-12] [WebCite Cache ID 5mitKnrVS]
24. CVE. 2006. CVE Documents URL: http://cve.mitre.org/about/documents.html [accessed 2010-01-12] [WebCite Cache ID 5mithsiaf]
25. IEEE. 2006. 1074-2006 IEEE Standard for Developing a Software Project Life Cycle Process URL: http://ieeexplore. ieee.org/xpl/freeabs-all.jsp? arnumber=1665059 [WebCite Cache ID 5t5rXN26q]
26. Myers J, Frieden TR, Bherwani KM, Henning KJ. Ethics in public health research: privacy and public health at risk: public health confidentiality in the digital age. Am J Public Health 2008 May; 98(5):793-801 [FREE Full text] [doi: 10.2105/AJPH.2006.107706] (Pubitemid 351671568)
27. Wilson M, Hash J. National Institute of Standards and Technology, US Department of Commerce. 2003. Building An Information Technology Security Awareness and Training Program. NIST Special Publication 800-50 URL: http://csrc. nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf [accessed 2010-09-22] [WebCite Cache ID 5swBf0IVw]
28. Wilson M, de Zafra DE, Pitcher SI, Tressler JD, Ippolito JB. National Institute of Institute of Standards and Technology, US Department of Commerce. Information Technology Security Training Requirements: A Role-and Performance-Based Model. NIST Special Publication 800-16 URL: http://csrc.nist.gov/publications/nistpubs/800-16/800-16.pdf [accessed 2010-09-22] [WebCite Cache ID 5swFmfNei]
29. Bishop M. What is computer security? IEEE Security & Privacy Magazine 2003;1(1):67-69. [doi: 10.1109/MSECP.2003.1176998]
30. Pagliari C. Design and evaluation in eHealth: challenges and implications for an interdisciplinary field. J Med Internet Res 2007;9(2):e15 [FREE Full text] [doi: 10.2196/jmir.9.2.e15] (Pubitemid 47450399)
31. Chaudhry B, Wang J, Wu S, Maglione M, Mojica W, Roth E, et al. Systematic review: impact of health information technology on quality, efficiency, and costs of medical care. Ann Intern Med 2006 May 16; 144(10):742-752 [FREE Full text]
32. Chhanabhai P, Holt A. Consumers are ready to accept the transition to online and electronic records if they can be assured of the security measures. MedGenMed 2007;9(1):8 [FREE Full text]
33. Andersson G. Using the Internet to provide cognitive behaviour therapy. Behav Res Ther 2009 Mar; 47(3):175-180. [doi: 10.1016/j.brat.2009.01.010]