A patient-identity security mechanism for electronic medical records during transit and at rest

Medical Informatics and the Internet in Medicine

Volumn 30, Issue 3, 2005, Pages 227-240

  Chao, Hui Mei ^a,b   Twu, Shih Hsiung ^a   Hsu, Chin Ming ^b  

^a CHUNG YUAN CHRISTIAN UNIVERSITY   (Taiwan)

^b KAO YUAN UNIVERSITY   (Taiwan)

Author keywords

Electronic medical records; Patient identity; Public key infrastructure; Security

Indexed keywords

ARTICLE; COMPUTER PROGRAM; COMPUTER SECURITY; CONFIDENTIALITY; DATA BASE; ELECTRONIC MEDICAL RECORD; PATIENT IDENTIFICATION;

COMPUTER SECURITY; CONFIDENTIALITY; HUMANS; MEDICAL RECORDS SYSTEMS, COMPUTERIZED; PATIENT IDENTIFICATION SYSTEMS; PATIENT TRANSFER; TAIWAN;

EID: 80052084271     PISSN: 14639238     EISSN: 14645246     Source Type: Journal    
DOI: 10.1080/14639230500209443     Document Type: Article

References (38)

1. Matejkovic JE, Lahey KE. Identity theft: no help for consumers. Financial Services Review 2001;10:221-235.
2. Wales E. Identity theft. Computer Fraud & Security 2003;2:5-7.
3. Benner J, Givens B, Mierzwinski E. Nowhere to turn: Victims speak out on identity theft. CALPIRG/Privacy Rights Clearinghouse Report, 2000.
4. RSA Security Inc. Consumer perceptions about security. 2003. Available from: http://www.rsasecurity.com/ solutions/topics/whitepapers/CSPS_WP_0903.pdf
5. RSA Security Inc. An enterprise perspective on identity theft. 2003. Available from: http://www.rsasecurity.com/ solutions/idmgt/whitepapers/ IDT_WP_1003.pdf
6. Committee on Maintaining Privacy and Security in Health Care Applications of the National Information Infrastructure. For the record: Protecting electronic health information. Washington, DC: National Academy Press. 1997. Available from: http://www.nap.edu/readingroom/books/ftr/52e6.html
7. Office for Civil Rights-HIPAA, Medical privacy-national standards to protect the privacy of personal health Information. 2003. Available from: http://www.os.dhhs.gov/ocr/hipaa/finalreg.html
8. Chao HM, Hsu CM, Miaou SG. A data hiding technique with authentication, integration, and confidentiality for electronic patient records. IEEE Transactions on Information Technology in Biomedicine 2002;6:46-53.
9. Lees PJ, Chronaki CE, Simantirakis EN, Kostomanolakis SG, Orphanoudakis SC, Vardas PE. Remote access to medical records via the Internet: feasibility, security and multilingual considerations. Computers in Cardiology 1999;26:89-92.
10. Rafiq A, Zhao X, Cone S, Merrell R. Electronic multimedia data management for remote population in Ecuador. International Congress Series 2004;1268:301-306.
11. Zhang M. Analysis of the SPEKE password-authenticated key exchange protocol. IEEE Communications Letters 2004;8:63-65.
12. Frischholz RW, Dieckmann U. BioID: A multimodal biometric identification system. Computer 2000;33:64-68.
13. Ortega-Garcia J, Gonzalez-Rodriguez J, Marrero-Aguiar V, Diaz-Gomez CJJ, Garcia-Jimenez CR, Lucena-Molina CJ, Sanchez-Molero TJAG. AHUMADA: A large speech corpus in Spanish for speaker identification and verification. Proceedings of IEEE International Conference. Acoustics, Speech and Signal Processing 1998;2:773-776.
14. Bleha SA, Obaidat MS. Dimensionality reduction and feature extraction applications in identifying computer users. IEEE Transactions on Systems, Man, and Cybernetics 1991;21:452-456.
15. Bolle RM, Connell JH, Ratha NK. Biometric perils and patches. Pattern Recognition 2002;35:2727-2738.
16. Jain AK, Ross A, Prabhakar S. An introduction to biometric recognition. IEEE Transactions on Circuits and Systems for Video Technology 2004;14:4-20.
17. Jain AK. Biometric recognition: how do I know who you are? Proceedings of the IEEE 12th Signal Processing and Communications Applications Conference 2004;28-30, 3-5.
18. Johnson ML. Biometrics and the threat to civil liberties. Computer 2004;37:90-92.
19. McKee G. Biometric identity theft [Letters]. Computer 2000;33:5-10 .
20. Menasce DA. Security performance. IEEE Internet Computing 2003;7:84-87 .
21. Calcote S. Developing a secure healthcare information network on the Internet. Healthcare Financial Management 1997;51:68.
22. Louwerse K. The electronic patient record: The management of access - case study: Leiden University Hospital. International Journal of Medical Informatics 1998;49:39-44.
23. Dwivedi A, Bali RK, Belsis MA, Naguib RNG, Every P, Nassar NS. Towards a practical healthcare information security model for healthcare institution. The 4th International IEEE EMBS Special Topic Conference on Information Technology Applications in Biomedicine 2003. p 114-117.
24. Takeda H, Matsumura Y, Kuwata S, Nakano H, Sakamoto N, Yamamoto R. Architecture for networked electronic patient record systems. International Journal of Medical Informatics 2000;60:161-167.
25. Cox JL... . As well as developers. Health Management Technology 2000;21:27.
26. Hemmings T. PKI: Up close and personal. Health Management Technology 2000;21:20-23.
27. Etheridge Y. PKI - how and why it works. Health Management Technology, 2001;22:20-21.
28. Lynch JT, Lassus B. Mega enterprise chooses smart cards. Health Management Technology 2000;21:50-52.
29. Lovorn J. The power of PKI. Health Management Technology. 2001. Available from: http://www.healthmgttech. com/archives/h1201power.htm
30. Lancaster S, Yen DC, Huang SM. Public key infrastructure: A micro and macro analysis. Computer Standards & Interfaces 2003;25:437-446. Available from: http://www.elsevier.com/locate/csi
31. What's a PKI? Available from: http://www.entrust.com/resources/pdf/ whatsapki.pdf
32. Bobbitt M. PKI policy pitfalls. Information Security Magazine 2001;July. Available from: http://www.infosecuritymag.com/articles/july01/features_pki. shtml
33. Vawdrey DK, Sundelin TL, Seamons KE, Knutson CD. Trust negotiation for authentication and authorization in healthcare information systems. Proceedings of the 25th IEEE Annual International Conference on Engineering in Medicine and Biology Society 2003, 2, p 1406-1409.
34. Cimino JJ, Patel VL, Kushniruk AW. The patient clinical information system (PatCIS): technical solutions for and experience with giving patients access to their electronic medical records. International Journal of Medical Informatics 2002;68:113-127.
35. Gurgens S, Ochsenschlager P, Rudolph C. Role based specification and security analysis of cryptographic protocols using asynchronous product automata. Proceedings of 13th International Workshop on Database and Expert Systems Applications; 2002. p 473-479.
36. Menezes A, van Oorschot P, Vanstone S. Handbook of applied cryptography. Boca Raton, FL: CRC Press; 1996. Available from: http://www.cacr.math.uwaterloo. ca/hac/about/chap10.pdf
37. Zieschang T. Combinatorial properties of basic encryption operations. Berlin: Springer; 1998. p 14-26.
38. Motta GHMB, Furuie SS. A contextual role-based access control authorization model for electronic patient record. IEEE Transactions on Information Technology in Biomedicine 2003;7:202-207.