Current security issues faced by health care establishments and resulting requirements for a secure health information system architecture

Studies in Health Technology and Informatics

Volumn 66, Issue , 2001, Pages 101-147

  Blobel, Bernd ^a   Baum Waidner, Birgit ^a  

^a NONE

Author keywords

[No Author keywords available]

Indexed keywords

BIOASSAY; COMPUTER ARCHITECTURE; EMBEDDED SYSTEMS; HEALTH CARE; HEALTH RISKS; INFORMATION SYSTEMS; INFORMATION USE; INTEROPERABILITY; MEDICAL COMPUTING; SECURITY SYSTEMS; STANDARDIZATION;

ARCHITECTURAL APPROACH; COMMUNICATION SERVICE; DISTRIBUTED NETWORKING; EUROPEAN COMMISSION; HEALTH INFORMATION SYSTEMS; INFORMATION INFRASTRUCTURES; INTEGRATED HEALTH INFORMATION SYSTEMS; SECURITY REQUIREMENTS;

INFORMATION MANAGEMENT;

EID: 84887091210     PISSN: 09269630     EISSN: 18798365     Source Type: Book Series    
DOI: 10.3233/978-1-60750-910-3-101     Document Type: Article

References (71)

1. Ellsasser, K.-H., Kohler, C. O.: Shared Care: Konzept einer verteilten Pflege-Kurzund langfristige Perspektiven in Europa. Informatik, Biometrie und Epidemiologic in Medizin und Biologie 24 (1993) H.4, S. 188-198.
2. Blobel, B. (1996) Open Information Systems and Data Security in Medicine, in: B.Barber, A.Treacher and K.Louwerse (Edrs.): Towards Security in Medical Telematics: Legal and Technical Aspects, pp 168-182. Studies in Health Technology and Informatics Vol. 27. IOS Press, Amsterdam, Washington, Tokyo.
3. Blobel, B.: Clinical Record Systems in Oncology. Experiences and Developments on Cancer Registers in Eastern Germany. In: Personal Information-Security, Engineering and Ethics, pp 37-54. Cambridge 1996. Also published in: R.Anderson (Edr.): Personal Medical Information. Security, Engineering, and Ethics, pp 39-56. Springer, Berlin 1997.
4. Blobel, B., Bleumer, G, Mailer, A., Louwerse, K., Flikkenschild, E., Ottes, F.: Current Security Issues Faced by Health Care Establishments. ISHTAR Project HC 1028, Deliverable 09 (Fin), February 1997.
5. Chapman, D. B. Zwicky, Elizabeth D. (1995) Building Internet Firewalls. O'Reilly Associates, Inc., Sebastopol.
6. Lindley, R.A., Pacheco, F.: Smart Practice: Smart Card Design Considerations in Health Care. In: R.A. Green et al. (Edrs.): MEDINFO '95, pp 349-353. North-Holland, Amsterdam-London-New York-Tokyo 1995.
7. The SEISMED Consortium (Edr.): Data Security for Health Care. Studies in Health Technology and Informatics Vols. 31-33. IOS Press, Amsterdam 1996.
8. CEN: Medical Informatics. Security Categorisation and Protection for Healthcare Information Systems. Draft European Prestandard prENV 12924 1995-12-12, Project Team PT1-012, Comite Europeen de Normalisation, Brussels, Belgium 1995.
9. Commission of the European Communities (CEC): Information Technology Security Evaluation Criteria (ITSEC); Provisional Harmonised Criteria, Version 1.2, 28 June 1991. Office for Official Publications of the European Communities, Luxembourg.
10. Abelson, H., Bellovin, S.M., Benaloh, J., Blaze, M., Gilmore, J., Neumann, P.G., Rivest, R.L., Schiller, J.I., Schneier, B. (+R. Anderson, W. Diffie): The Risks of Key recovery, Key Escrow, and Trusted Third Party Encryption. May 21, 1997, supported by "The Center for Democracy and Technology", http://www.crypto.com/key-study/
11. Katsikas S., Barber, B.: Security Report on European Projects. ISHTAR Deliverable (Draft), September 1996.
12. Velde, R.v.d.: Hospital Information Systems-The Next Generation. Springer, Berlin 1992.
13. Blobel, B.: A Regional Clinical Cancer Documentation System for an Optimal Shared Health Care in Cancer. In: J. Brender, J.P. Christensen, J.-R. Scherrer, P. McNair (Edrs.): Medical Informatics Europe '96, pp 1019-1026. Studies in Health Technology and Informatics Vol. 34. IOS Press, Amsterdam, Washington, Tokyo 1996.
14. Barber, B., Treacher, A, Louwerse, K. (Edrs.): Towards Security in Medical Telematics: Legal and Technical Aspects. Proceedings of the SEISMED Workshop 11t h July 1994. Studies in Health Technology and Informatics Vol. 27. IOS Press, Amsterdam 1996.
15. Patel, A., Kantzavelou, I.: Implementing Network Security in Health Care Information Systems. In: R.A. Green et al. (Edrs.): MEDINFO '95, pp 671-674. North-Holland, Amsterdam-London-New York-Tokyo 1995.
16. Brannigan, V.M, Beier, B.R: Patient Privacy in the Era of Medical Computer Networks: A New Paradigm for a New Technology. In: R. A. Green et al. (Edrs.): MEDINFO '95, pp 640-643. North-Holland, Amsterdam-London-New York-Tokyo 1995.
17. Kluge, E.-H.W.: Patients, Patient Records, and Ethical Principles. In: R.A. Green et al. (Edrs.): MEDINFO '95, pp 1596-1600. North-Holland, Amsterdam-London-New York-Tokyo.
18. Kluge, E.-H.W. (1995) Health information, the fair information principles and ethics, in Yearbook of Medical Informatics (edrs. J.H. van Bemmel and A T McCray), pp 255-264. Schattauer, Stuttgart 1995.
19. European Communities-Commission: ITSEC: Information Technology Security Evaluation Criteria; (Provisional Harmonised Criteria, Version 1.2, 28 June 1991). Office for Official Publications of the European Communities, Luxembourg 1991.
20. European Communities-Commission: European Union Directive 95/46/EC, On the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data, OJ L281/31-50, 24 October 1995
21. Council of Europe Recommendation, R(97)5, on The Protection of Medical Data, Council of Europe, Strasbourg, 13 February 1997
22. Barber, B.: ISHTAR White Paper, in this volume.
23. Baur, H.J., Saurbier, F., Engelmann, U., Schroter, A, Baur, U., Meinzer, H.-P. (1996) Aspects of Data Security and Privacy in Teleradiology. CAR '96, Computer Assisted Radiology, Proceedings of the International Symposium on Computer and Communication Systems for Image Guided Diagnosis and Therapy, Paris, June 96.
24. Bundesamt fur Sicherheit in der Informationstechnik: IT- Grundschutzhandbuch-Massnahmenempfehlung fur den mittleren Schutzbedarf. Schriftenreihe zur IT Sicherheit, Bundesanzeiger Verlag GmbH, 1995, Germany.
25. Commission of the European Communities (CEC): Information Technology Security Evaluation Manual, ITSEM, Brussels and Luxembourg 1994, DGXIII, ISBN 92-826-7087-2.
26. Laske, C : Legal Issues in Medical Informatics: A Bird's Eye View. In: B. Barber, A. Treacher, A., K. Louwerse (Edrs.) (1996) Towards Security in Medical Telematics: Legal and Technical Aspects. Proceedings of the SEISMED Workshop 11t h July 1994. Studies in Health Technology and Informatics Vol. 27. IOS Press, Amsterdam 1996.
27. Schneier, B. : Applied Cryptography. Second Edition. John Wiley & Sons, Inc., New York 1996.
28. OMG: The CORBA Security Specification. OMGDoc. No. 95-12-01.
29. Allaert, F. A., Dusserre, L. : Legal Requirements for Tele-Assistance and Tele-Medicine. In: R.A. Green et al. (Edrs.): MEDINFO '95, pp 1593-1595. North-Holland, Amsterdam-London-New York-Tokyo 1995.
30. Piret, C, Roger-France, F.H., Pirard, F.: Development of a coherent policy of securityconfidentiality in a heterogeneous University hospital environment in Belgium. In: J. Brender, J.P. Christensen, J.-R. Scherrer, P. McNair (Edrs.): Medical Informatics Europe '96, pp 951-956. Series of Studies in Health Technology and Informatics Vol. 34. IOS Press, Amsterdam 1996.
31. OMG: Common Secure Interoperability. OMG Doc.No. orbos/96-06-20.
32. Blobel, B., Holena, M. : Comparing middleware concepts for advanced healthcare system architectures. International Journal of Medical Informatics 46 (1997) pp. 69-85.
33. Blobel, B., Holena, M : Comparison, Evaluation, and Possible Harmonisation of the HL7, DHE, and CORBA Middleware. In: J. Dudeck, B. Blobel, W. Lordieck, T. Burkle (Edrs.): New Technologies in Hospital Information Systems, pp. 40-47. Series in Health Technology and Informatics Vol. 45. IOS Press, Amsterdam 1997.
34. Blobel, B., Engel, K., Pharow, P., Spiegel, V. : HL7 Secure Transactions, Special Interest Group: Health Level Seven Security Services Framework, Part 1: Basics of HL7 Security (Final Draft). December 2000.
35. Blobel, B., Engel, K., Pharow, P., Spiegel, V.: HL7 Secure Transactions, Special Interest Group: Health Level Seven Security Services Framework, Part 2: Fundamentals of HL7 Security (Final Draft). December 2000.
36. EC DGIII: ISIS programme 96 / 85425: MEDSEC, Health Care Security and Privacy in the Information Society.
37. Security Issues for the Internet and the World Wide Web; CTR Report No 8, Computer Technology Research Corp., Charleston 1996.
38. Stallings, W.: Network and Internet Security. Principles and Practice. Prentice Hall, Hemel Hempstead 1995.
39. Blobel, B.: Datensicherheitsaspekte beim standardisierten Datenaustausch im Gesundheitswesen. In: H.T. Mayr: Informatik '96. Beherrschung von Informationssystemen, Bd.8, S. 155-167. R. Oldenbourg Verlag, Munchen und Wien 1996.
40. Blobel, B., Holena, M.: CORBA Security Services for Health Information Systems. International Journal of Medical Informatics 52 1-3 (1998) pp 29-38.
41. Blobel, B., Holena, M.: Security Threats and Solutions in Distributed, Interoperable Health Information Systems Using Middleware. In: J. Dudeck, B. Blobel, W. Lordieck, T. Burkle (Edrs.): New Technologies in Hospital Information Systems, pp. 66-73. Series in Health Technology and Informatics Vol. 45. IOS Press, Amsterdam 1997.
42. Frandji, B., Schot, J., Joubert, M., Soady, I., Kilsdonk, A : The RICHE reference architecture. Medical Informatics, 19 (1994) pp 1-11.
43. Blobel, B., Katsikas, S.K.: Patient data and the Internet-security issues. Chairpersons' introduction. International Journal of Medical Informatics 49 (1998) pp. S5-S8.
44. Katsikas, S.K., Spinellis, D.D., Iliadis, J., Blobel, B.: Using Trusted Third Parties for secure telemedical applications over the WWW: The EUROMED-ETS approach. International Journal of Medical Informatics 49 (1998) pp. 59-68.
45. The TrustHealth-1 Consortium: Das europaische Projekt Trustworthy Health Telematics 1. http://www.ramit.be/trusthealth
46. The TrustHealth-2 Consortium: Das europaische Projekt Trustworthy Health Telematics 2. http://www.spri.se/th2/default.htm
47. ISO 7498/ITU X.200
48. Blobel, B., Pharow, P., Roger-France, F.H.: Security Analysis and Design Based on a General Conceptual Security Model and UML. In: P. Sloot, M Bubak, A. Hoekstra, B. Hertzberger: High Performance Computing and Networking, pp. 919-930. Lecture Notes in Computer Sciences 1593. Springer, Berlin, Heidelberg, New York 1999.
49. Lacoste, G, Steiner, M., Waidner, M.: SEMPER: Secure Electronic Marketplace for Europe. Final Report, Springer, Berlin 2000.
50. Pharow, P., Blobel, B.: Trusted Third Party Services for Internet Security. In: N.E.Mastorakis (Edr.): Recent Advances in Signal Processing and Communications, pp 379-385. World Scientific and Engineering Society Press, 1999.
51. Grotan, T.O.: TC251/WG6 internal work (not published).
52. Blobel, B.: Security Requirements and Solutions in Distributed Electronic Health Records. In: L. Yngstrom and J. Carlsen (Edrs): Information Security in Research and Business, pp 377-390. Chapman & Hall, London 1997.
53. Warwick Ford: Computer Communications Security-Principles, Standard Protocols and Techniques. PTR Prentice Hall, Englewood Cliffs, New Jersey 1994
54. Bunz, H., Bertsch, A., Jurecic, M., Baum-Waidner, B., Capellaro, C : Secure Multimedia Applications and Teleservices-Security Requirements and Protoype for Health Care. Advanced Teleservices and High-Speed Communications Architectures, pp 224-236. Second International Workshop, IWACA 94, LNCS 868, Springer, Berlin 1994.
55. ITU-T Recommendation X.509: 1993 | ISO/IEC 9594-8:1995, "Information Technology - Open Systems Interconnection -The Directory: Authentication Framework"
56. Pfitzmann, A., Pfitzmann, B., Schunter, M., Waidner, M : Trusting Mobile User Devices and Security Modules. IEEE Computer Febr. 1996, pp. 61-68. Also: http://computer.org/computer/co 1997/r206labs, htm
57. Blobel, B., Pharow, P.: Authorisation and Access Control in Distributed Electronic Health Record Systems. EuroRec '99, 6-7 de Mayo, 1999, Seville, Spain. Third European Conference on Electronic Health Care Records, Proceedings Book, pp 111-115. Seville 1999.
58. Micali, S., Sidney, R : A Simple Method for Gererating and Sharing Pseudo-Random Functions, with Applications to Clipper-like Key Escrow Systems, pp 185-196. Crypto '95, Proceedings, LNCS 963, Springer-Verlag, Berlin 1995.
59. Neuman, B.C., Ts, T.: Kerberos: An authentication service for Computer Networks, IEEE Communications Magazine, v.23, n.9, Sep 1994, pp. 33-38.
60. Molva, R, Tsudik, G, Herreweghen, E.v., Zatti, S. (1992) "KryptoKnight Authentication and Key Distribution System", Proceedings of European Symposium on Research in Computer Security, Toulouse, France, Nov. 1992.
61. Specification for the Data Encryption Standard. Federal Information Processing Standards Publication 46 (FIPS PUB 46), January 15, 1977
62. SEMPER (Secure Electronic Marketplace for Europe), Public Deliverable D03, AC026/SMP/CT2/DS/P/002/bl, 'Basic Services, Architecture and Design', Sept 96. http ://www. semper, org/
63. Lee, P. A., Anderson, T.: Fault Tolerance-Principles and Practice, 2nd rev. ed., Dependable Computing and Fault-Tolerant Systems Vol 3, Springer-Verlag, Wien 1990.
64. Baum-Waidner, B.: Adaptive Byzantine Agreement in 0(t) Phases. In: M. Dal Cin, W. Hohl (ed.): Fault-Tolerant Computing Systems-Tests, Diagnosis, Fault Treatment, pp 112-123. Proceedings/5th International GI/ITG/GMA Conference, Nurnberg, September 1991; IFB 283, Springer, Berlin 1991.
65. Baum-Waidner, B.: Byzantine Agreement with a Minimum Number of Messages Both in the Faultless and Worst Case. 23rd Int. Symp. on Fault-Tolerant Computing (FTCS) 1993, IEEE Computer Society Press, Los Alamitos 1993.s
66. Blobel, B.: An Object-Oriented Security Approach Involving HL7, CORBA & DHE Standards. In: CP Waegemann (Edr.): Proceedings Manual Toward An Electronic Patient Record '97, Volume Two, pp 54-66. Medical Record Institute, Newton 1997.
67. Schadow, G., Tucker, M, Rishel, W.: Secure HL7 Transactions using Internet Mail (draft-ietf-ediint-hl7), Internet Draft (EDIINT Working Group), July 21, 1998. http ://www. ietf. org/internet-drafts.
68. Blobel, B., Spiegel, V., Krohn, R, Pharow, P., Engel, K.: Standard Guide for EDI (HL7) Communication Security. ISIS MEDSEC Project, Deliverable 30, August 1998.
69. Blobel, B., Spiegel, V., Krohn, R, Pharow, P., Engel, K. : Standard Guide for Implementing EDI (HL7) Communication Security. ISIS MEDSEC Project, Deliverable 31, August 1998.
70. Varadharajan, V., Hardjono, T.: Security Model for Distributed Object Framework and its Applicability to CORBA in Information Systems Security (eds. Katsikas, S.K., and Gritzalis, D.), pp. 452-463, Chapman & Hall, London 1996.
71. Blobel, B., Pharow, P.: Security Infrastructure of an Oncological Network Using Health Professional Cards. In: L. van den Broek, A J Sikkel (Edrs.): Health Cards '97, pp 323-334. Series in Health Technology and Informatics Vol. 49. IOS Press, Amsterdam 1997.