Secure provision of patient-centered health information technology services in public networks-leveraging security and privacy features provided by the german nationwide health information technology infrastructure

Electronic Markets

Volumn 24, Issue 2, 2014, Pages 89-99

  Dehling, Tobias ^a   Sunyaev, Ali ^a  

^a UNIVERSITY OF COLOGNE   (Germany)

Author keywords

EHealth; Health information technology; Infrastructure; Patient centered; Privacy; Security

Indexed keywords

EID: 84904546940     PISSN: 10196781     EISSN: 14228890     Source Type: Journal    
DOI: 10.1007/s12525-013-0150-6     Document Type: Article

References (56)

1. Abraham, C., Nishihara, E., & Akiyama, M. (2011). Transforming healthcare with information technology in Japan: a review of policy, people, and progress. International Journal of Medical Informatics, 80(3), 157-170.
2. Ahern, D. K.,Woods, S. S., Lightowler,M. C., Finley, S.W., & Houston, T. K. (2011). Promise of and potential for patient-facing technologies to enable meaningful use. American Journal of Preventive Medicine, 40(5 Suppl 2), 162-172. doi:10.1016/j.amepre.2011.01. 005.
3. Appari, A., & Johnson,M. E. (2010). Information security and privacy in healthcare: current state of research. International Journal of Internet and Enterprise Management, 6(4), 279-314. doi:10.1504/IJIEM.2010.035624.
4. Appelbaum, P. S. (2002). Privacy in psychiatric treatment: threats and responses. The American Journal of Psychiatry, 159(11), 1809-1818. (Pubitemid 35283243)
5. Barrows, R. C., & Clayton, P. D. (1996). Privacy, confidentiality, and electronic medical records. Journal of the American Medical Informatics Associations, 3(2), 139-148. (Pubitemid 126445018)
6. Bélanger, F., & Crossler, R. E. (2011). Privacy in the digital age: a review of information privacy research in information systems. MIS Quarterly, 35(4), 1017-A36.
7. Blechman, E. A., Raich, P., Raghupathi,W., & Blass, S. (2012). Strategic value of an unbound, interoperable PHR platform for rightsmanaged care coordination. Communications of the Association for Information Systems, 30(1). Article 6.
8. Calvillo, J., Román, I., & Roa, L. M. (2013). Empowering citizens with access control mechanisms to their personal health resources. International Journal of Medical Informatics, 82(1), 58-72. doi: 10.1016/j.ijmedinf.2012.02.006.
9. Carrión, I., Aleman, J. L. F., & Toval, A. (2012). Personal health records: new means to safely handle health data? Computer, 45(11), 27-33. doi:10.1109/MC.2012.285.
10. Chan, A. T. S., Cao, J., Chan, H., & Young, G. (2001). A web-enabled framework for smart card applications in health services. Communications of the ACM, 44(9), 76-82. doi:10.1145/383694. 383710.
11. D' Heureuse, N., Huici, F., Arumaithurai,M., Ahmed,M., Papagiannaki, K., & Niccolini, S. (2012).What's App?: a wide-scale measurement study of smart phone markets. SIGMOBILE Mobile Computing and Communications Review, 16(2), 16-27. doi:10.1145/2396756. 2396759.
12. Dehling, T., & Sunyaev, A. (2012a). Architecture and design of a patientfriendly eHealth web application: patient information leaflets and supplementary services. Proceedings of the 18th Americas Conference on Information Systems (paper 5). Seattle, WA: AIS.
13. Dehling, T., & Sunyaev, A. (2012b). Information security of patientcentred services utilising the German nationwide health information technology infrastructure. Proceedings of the 3rdUSENIXWorkshop on Health Security and Privacy (paper 6-6). Bellevue, WA: USENIX.
14. Dehling, T., & Sunyaev, A. (2013). Improved medication compliance through health IT: design and mixed methods evaluation of the ePill application. Proceedings of the 34th International Conference on Information Systems (paper 6). Milan: AIS.
15. Dehling, T., & Sunyaev, A. (2014). Information security and privacy of patient-centered health IT services: What needs to be done? Proceedings of the 47th Hawaii International Conference on System Sciences. Big Island, HI: IEEE.
16. Delgado, M. (2011). The evolution of health care IT: are current U.S. privacy policies ready for the clouds? 2011 IEEE.World Congress on Services (pp. 371-378). Washington, DC.
17. Dünnebeil, S., Köbler, F., Koene, P., Leimeister, J. M., & Krcmar, H. (2011). Encrypted NFC emergency tags based on the German telematics infrastructure. Proceedings of the 2011 Third International Workshop on Near Field Communication (pp. 50- 55). Hagenberg: IEEE.
18. Ekonomou, E., Fan, L., Buchanan, W., & Thüemmler, C. (2011). An integrated cloud-based healthcare infrastructure. Proceedings of the 3rd IEEE International Conference on Cloud Computing Technology and Science (pp. 532-536). Athens: IEEE.
19. Fan, L., Buchanan,W., Thümmler, C., Lo, O., Khedim, A., Uthmani, O., Lawson, A., et al. (2011). DACAR platform for eHealth services cloud. Proceedings of the 2011 IEEE. 4th International Conference on Cloud Computing (pp. 219-226). Washington, DC: IEEE.
20. Forkner-Dunn, J. (2003). Internet-based patient self-care: the next generation of health care delivery. Journal of Medical Internet Research, 5(2), e8
21. Garber, L. (2012). The challenges of securing the virtualized environment. Computer, 45(1), 17-20.
22. Gritzalis, D. A. (1998). Enhancing security and improving interoperability in healthcare information systems. Informatics for Health and Social Care, 23(4), 309-323. doi:10.3109/14639239809025367. (Pubitemid 29027662)
23. Istepanian, R. S. H., Jovanov, E., & Zhang, Y. T. (2004). Guest editorial introduction to the special section on M-Health: beyond seamless mobility and global wireless health-care connectivity. IEEE Transactions on Information Technology in Biomedicine, 8(4), 405-414.
24. Johnson, M. E. (2009). Data hemorrhages in the health-care sector. In R. Dingledine & P. Golle (Eds.), Financial cryptography and data security, LNCS 5628 (pp. 71-89). Berlin: Springer-Verlag.
25. Kaletsch, A., & Sunyaev, A. (2011). Privacy engineering: personal health records in cloud computing environments. Proceedings of the 32nd International Conference on Information Systems (paper 2). Shanghai: AIS.
26. Kotz, D. (2011). A threat taxonomy for mHealth privacy. Proceedings of the Third International Conference on Communication Systems and Networks (pp. 1-6). Bangalore: IEEE.
27. Landry, J. P., Pardue, J. H., Johnsten, T., Campbell, M., & Patidar, P. (2011). A threat tree for health information security and privacy. In V. Sambamurthy & M. Tanniru (Eds.), Proceedings of the 17th Americas Conference on Information Systems. Detroit: AIS.
28. Lansing, J., Schneider, S., & Sunyaev, A. (2013). Cloud service certifications: measuring consumers' preferences for assurances. Proceedings of the 27th European Conference on Information Systems (paper 181). Utrecht, Netherlands.
29. Lunshof, J. E., Chadwick, R., Vorhaus, D. B., & Church, G. M. (2008). From genetic privacy to open consent. Nature Reviews Genetics, 9(5), 406-411. (Pubitemid 351556065)
30. Mandl, K. D.,Mandel, J. C.,Murphy, S. N., Bernstam, E. V., Ramoni, R. L., Kreda, D.A.,McCoy, J.M., et al. (2012). The SMART platform: early experience enabling substitutable applications for electronic health records. Journal of the American Medical Informatics Association, 19(4), 597-603.
31. Mell, P., & Grance, T. (2011). The NIST definition of cloud computing. Retrieved August 22, 2012, from csrc.nist.gov/publications/nistpubs/ 800-145/SP800-145.pdf.
32. Nuseibeh, B., & Easterbrook, S. (2000). Requirements engineering: a roadmap. Proceedings of the Conference on The Future of Software Engineering (pp. 35-46). New York, NY: ACM. doi:10.1145/336512.336523.
33. Ozdemir, Z., Barron, J., & Bandyopadhyay, S. (2011). An analysis of the adoption of digital health records under switching costs. Information Systems Research, 22(3), 491-503.
34. Pagliari, C. (2007). Design and evaluation in eHealth: challenges and implications for an interdisciplinary field. Journal of Medical Internet Research, 9(2), e15. doi:10.2196/jmir.9.2.e15. (Pubitemid 47450399)
35. Pyper, C., Amery, J., Watson, M., & Crook, C. (2004). Access to electronic health records in primary care - a survey of patients' views. Medical Science Monitor, 10(11), SR17-SR22. (Pubitemid 39546046)
36. Raymond, E. S. (2003). The art of UNIX programming (1st ed.). Boston: Addison-Wesley.
37. Rindfleisch, T. C. (1997). Privacy, information technology, and health care. Communications of the ACM, 40(8), 92-100.
38. Rohm, A. J.,& Milne, G. R. (2004). Just what the doctor ordered: the role of information sensitivity and trust in reducing medical information privacy concern. Managing the Future of Health Care Delivery, 57(9), 1000-1011. doi:10.1016/S0148-2963(02)00345-4. (Pubitemid 39072429)
39. Rothstein, M. A., & Talbott, M. K. (2007). Compelled authorizations for disclosure of health records: magnitude and implications. The American Journal of Bioethics, 7 (3), 38-45. doi:10.1080/15265160601171887. (Pubitemid 46417424)
40. Shahri, A. B., & Ismail, Z. (2012). A tree model for identification of threats as the first stage of risk assessment in HIS. Journal of Information Security, 3(2), 169-176.
41. Shea, S. (1994). Security versus access: trade-offs are only part of the story. Journal of the American Medical Informatics Association, 1(4), 314-315.
42. Simon, S. R., Evans, J. S., Benjamin, A., Delano, D., & Bates, D. W. (2009). Patients' attitudes toward electronic health information exchange: qualitative study. Journal of Medical Internet Research, 11(9), e30.
43. Slamanig, D., & Stingl, C. (2008). Privacy aspects of eHealth. Proceedings of the 2008 Third International Conference on Availability, Reliability and Security (pp. 1226-1233). Washington, DC: IEEE. doi:10.1109/ARES.2008.115.
44. Song, D., Shi, E., & Fischer, I. (2012). Cloud data protection for the masses. Computer, 45(1), 39-45.
45. Subashini, S.,& Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), 1-11. doi:10.1016/j.jnca.2010.07. 006.
46. Sunyaev, A., & Chornyi, D. (2012). Supporting chronic disease care quality: design and implementation of a health service and its integration with electronic health records. ACM Journal of Data and Information Quality, 3(2), 3:1-3:21.
47. Sunyaev, A., & Schneider, S. (2013). Cloud services certification. Communications of the ACM, 56(2), 33-36. doi:10.1145/2408776. 2408789.
48. Sunyaev, A., Chornyi, D., Mauro, C., & Krcmar, H. (2010). Evaluation framework for personal health records: Microsoft health vault vs. Google health. Proceedings of the Hawaii International Conference on System Sciences. Kauai, HI: IEEE.
49. Sunyaev, A., Leimeister, J. M., & Krcmar, H. (2010). Open security issues in German healthcare telematics. Proceedings of the 3rd International Conference on Health Informatics (pp. 187-194). Valencia, Spain.
50. Tuffs, A. (2010). Germany puts universal health e-card on hold. British Medical Journal, 340(1), c171.
51. van der Linden, H., Kalra, D., Hasman, A., & Talmon, J. (2009). Interorganizational future proof EHR systems: a review of the security and privacy related issues. International Journal of Medical Informatics, 78(3), 141-160. doi:10.1016/j.ijmedinf.2008.06.013.
52. Wainer, J., Campos, C. J. R., Salinas, M. D. U., & Sigulem, D. (2008). Security requirements for a lifelong electronic health record system: an opinion. Open Medical Informatics Journal, 2, 160-165.
53. Wilson, E. V. (2009). In E. V. Wilson (Ed.), Patient-centered E-health. Hershey, PA: IGI Publications.
54. Yau, S. S., & An, H. G. (2011). Software engineering meets services and cloud computing. Computer, 44(10), 47-53.
55. Zhang, R., & Liu, L. (2010). Security models and requirements for healthcare application clouds. Proceedings of the 2010 IEEE. 3rd International Conference on Cloud Computing (pp. 268-275). Miami, FL: IEEE.
56. Zhang, L., Gupta, D., & Mohapatra, P. (2012). How expensive are free Smartphone Apps? SIGMOBILE Mobile Computing and Communications Review, 16(3), 21-32. doi:10.1145/2412096. 2412100.