A risk management model for securing virtual healthcare communities

International Journal of Electronic Healthcare

Volumn 6, Issue 2-4, 2011, Pages 95-116

  Chryssanthou, Anargyros ^a   Varlamis, Iraklis ^b   Latsiou, Charikleia ^a  

^a Hellenic Data Protection Authority   (Greece)

^b HAROKOPIO UNIVERSITY   (Greece)

Author keywords

Healthcare; Information security; ISO 27000 family of standards; Risk assessment; Virtual communities

Indexed keywords

ARTICLE; CAREGIVER; COMPUTER INTERFACE; COMPUTER SECURITY; CONFIDENTIALITY; ELECTRONIC MEDICAL RECORD; HEALTH CARE DELIVERY; HEALTH CARE PERSONNEL; HEALTH SERVICES RESEARCH; HUMAN; INFORMATION SYSTEM; INTERNET; ORGANIZATION AND MANAGEMENT; PATIENT; RISK MANAGEMENT;

CAREGIVERS; COMPUTER SECURITY; CONFIDENTIALITY; HEALTH PERSONNEL; HEALTH SERVICES ACCESSIBILITY; HEALTH SERVICES RESEARCH; HUMANS; INFORMATION SYSTEMS; INTERNET; MEDICAL RECORDS SYSTEMS, COMPUTERIZED; PATIENTS; RISK MANAGEMENT; USER-COMPUTER INTERFACE;

EID: 84857173875     PISSN: 17418453     EISSN: 17418461     Source Type: Journal    
DOI: 10.1504/IJEH.2011.044344     Document Type: Article

References (31)

1. Apostolakis, I., Chryssanthou, A. and Varlamis, I. (2009) 'A holistic perspective of security in health related virtual communities', in Lazakidou, A. and Siassiakos, K. (Eds): Handbook of Research on Distributed Medical Informatics and E-Health, IGI Global, Hershey, PA, USA, pp.367-381.
2. Becker, M.Y. and Sewell, P. (2004) 'Cassandra: flexible trust management applied to electronic health records'. Paper presented at the 17th IEEE Workshop on Computer Security Foundations, 28-30 June, Asilomar Conference Center, Pacific Grove, CA, USA.
3. Chryssanthou, A., Latsiou, C. and Varlamis, I. (2009) 'Security and trust in virtual healthcare communities', Paper presented at the 2nd international Conference on Pervasive Technologies Related To Assistive Environments (PETRA 09), 9-13 June, Corfu, Greece.
4. Curtis, D.W., Pino, E.J., Bailey, J.M., Shih, E.I., Waterman, J., Vinterbo, S.A., Stair, T.O., Guttag, J.V., Greenes, R.A. and Ohno-Machado, L. (2008) 'SMART - an integrated, wireless system for monitoring unattended patients', Journal of the American Medical Informatics Association, Vol. 15, No. 1, pp.44-53. (Pubitemid 350216487)
5. Demiris, G., Parker, O.D., Fleming, D. and Edison, K. (2004) 'Hospice staff attitudes towards telehospice', American Journal of Hospice and Palliative Care, Vol. 21, No. 5, pp.343-348.
6. Ebner, W., Leimeister, J.M. and Krcmar, H. (2004) 'Trust in virtual healthcare communities: design and implementation of trust-enabling functionalities', Paper presented at the 37th Hawaii International Conference on System Sciences (HICSS 04) - Track 7, 5-8 January, Big Island, Hawaii.
7. European Council (1995) 'Directive 95/46/EC on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data' (N.I. 281/31-23/11/1995), Official Journal of the European Communities.
8. European Council (1997) Explanatory Memorandum to Recommendation No. R(97) 5 of the Committee of Ministers to Member States on the protection of medical data. (Adopted by the Committee of Ministers on 13 February 1997 at the 584th meeting of the Ministers' Deputies). Available online at: http://www.coe.int/t/dghl/standardsetting/dataprotection/EM/EM-R(97)5-EN.pdf
9. ISO/IEC 27001 (2005) Information Technology - Security Techniques - Information Security Management Systems - Requirements, 1st ed., 2005-10-15.
10. ISO/IEC 27002 (2005) Information Technology - Security Techniques - Code of Practice for Information Security Management1st ed.
11. ISO/IEC 27005 (2008) Information Technology - Security Techniques - Information Security Risk Management, 1st ed., 2008-06-1.
12. ISO/IEC 27799 (2008) Health Informatics - Information Security Management in Health Using ISO/IEC 27002, 1st ed., 2008-07-01.
13. Jones, V.M., van Halteren, A.T., Dokovski, N.T., Koprinkov, G., Peuscher, J., Bults, R., Konstantas, D., Widya, I.A. and Herzog, R. (2006) 'Mobihealth: mobile services for health professionals', in Istepanian, R.S.H., Laxminarayan, S. and Pattichis, C.S. (Eds.): M-Health Emerging Mobile Health Systems, Springer, New York, NY, USA, pp.237-246.
14. Kahn, S. and Sheshadri, V. (2008) 'Medical record privacy and security in a digital environment', IEEE Journal of IT Professional, Vol. 10, No. 2, pp.46-52. (Pubitemid 351467591)
15. Kaplan, D. (2009) 'Group unveils first-of-its-kind standard to secure patient data', SC Magazine. Available online at http://www.scmagazineus.com/ group-unveils-first-of-its-kind-standard-to-secure-patient-data/article/128168/ (accessed 20 June 2011).
16. Laleci, G.B., Dogac, A., Olduz, M., Tasyurt, I., Yuksel, M. and Okcan, A. (2008) 'SAPHIRE: a multi-agent system for remote healthcare monitoring through computerized clinical guidelines', in Annicchiarico, R., Cortés, U., Urdiales, C. (Eds): Agent Technology and e-Health. Whitestein Series in Software Agent Technologies and Autonomic Computing, Birkhäuser, Basel, Switzerland, pp.25-44.
17. Law 2472 (1997) Protection of Individuals from Personal Data Processing, Pub. L. No. 2472, Greece.
18. Law 3418 (2005) Medical Code of Deontology, Pub. L. No. 3418, Greece.
19. Law 3471 (2006) Protection of Personal Data and Privacy in the Telecommunications Sector - Amendment of Law 2472/1997, Pub. L. No 3471, Greece.
20. Lee, C.Y. (2009) 'Understanding security threats in virtual worlds', Paper presented at the 15th Americas Conference on Information Systems (AMCIS), 6-9 August, San Francisco, USA.
21. Lorincz, K., Malan, D.J., Fulford-Jones, T.R.F., Nawoj, A., Clavel, A., Shnayder, V., Mainland, G., Welsh, M., Moulton, S. (2004) 'Sensor networks for emergency response: challenges and opportunities', IEEE Journal on Pervasive Computing, Vol. 3, No. 4, pp.16-23. (Pubitemid 40010894)
22. Maji, A.K., Mukhoty, A., Majumdar, A.K., Mukhopadhyay, Shamik Sural, Paul, S. and Majumdar, B. (2008) 'Security Analysis and Implementation of web-based telemedicine services with a four-tier-architecture', Paper presented at the 2nd International Conference on Pervasive Computing Technologies for Healthcare (PervasiveHealth 2008), January 30-February 1, Tampere, Finland.
23. Medlin, D.B., Cazier, J.A. and Foulk, D.P. (2008) 'Analyzing the vulnerability of U.S. hospitals to social engineering attacks: how many of your employees would share their password?', International Journal of Information Security and Privacy, Vol. 2, No. 3, pp.71-83.
24. Mondy, J. and Torresi, M. (2008) 'CIGNA creating a virtual health care community', Cigna website, news releases. Available online at: http://newsroom.cigna.com/article-display.cfm?article-id=925 (accessed 20 June 2011).
25. Ng, H.S., Sim, M.L. and Tan, C.M. (2006) 'Security issues of wireless sensor networks in healthcare applications', BT Technology Journal, Vol. 24, No. 2, pp.138-144. (Pubitemid 44027470)
26. Samy, G.N., Ahmad, R. and Ismail, Z. (2010) 'Security threats categories in healthcare information systems', Health Informatics Journal, Vol. 16, No. 3, pp.201-209.
27. Schopp, L.H., Hales, J.W., Quetsch, J.L., Hauan, M.J. and Brown, G.D. (2004) 'Design of a peer-to-peer telerehabilitation model', Telemedicine Journal and E-Health, Vol. 10, No. 2, pp.243-251.
28. Stanberry, B. (1998) 'The legal and ethical aspects of telemedicine. Data protection, security and European law', Journal of Telemedicine and Telecare, Vol. 4, No. 1, pp.18-24.
29. U.S. Congress (2004) Health Insurance Portability and Accountability Act (H. REPT. 104-736), Government Printing Office, Washington, DC.
30. Varlamis, I. and Apostolakis, I. (2010) 'Self-supportive virtual communities', International Journal on Web Based Communities, Vol. 6, No. 1, pp.43-61.
31. Wozak, F., Schabetsberger, T. and Ammenwerth, E (2007) 'End-to-end security in telemedical networks - a practical guideline', International Journal on Medical Informatics, Vol. 76, Nos. 5/6, pp.484-490. (Pubitemid 46509757)