International journal of bio-medical computing最新文献

No computer system or computer network can today be operated without the necessary security measures to secure and protect the electronic assets stored, processed and transmitted using such systems and networks. Very often the effort in managing such security and protection measures are totally underestimated. This paper provides an overview of the security management needed to secure and protect a typical IT system and network. Special reference is made to this management effort in healthcare systems, and the role of the information security officer is also highlighted.

In 1993 the first national health information service went live in New Zealand, using commercial network services for all communications. This system provides a point of connection for all health personnel, and for those with a legitimate interest in health care information (e.g. insurers): it also provides access to a number of information resources managed on behalf of the government of New Zealand (e.g. index of health care users), as well as to those developed by individual network service providers. Much of the data exchanged across this network is personalised. Since the recipient may not be known personally to the sender, it is vital that the sender has confidence that the recipient will treat personal information according to agreed criteria for privacy. A Code of Practice covering health information was developed under the New Zealand Privacy Act to ensure that the confidence to share confidential data was supported. For large organisations such as hospitals to function efficiently, they need the flexibility to be able quickly to assign user privileges to selected staff without the need for extra paperwork seeking approval from the centre. But the audit trail requires unique identification of the individual undertaking each transaction. This requirement has been addressed. Some of the data moved across the network relates to life-critical issues, e.g. clinical warnings about allergies or serious medical conditions. A failure of communications causing this vital information to be improperly represented in some way on the receivers system could have disastrous consequences. To ensure the integrity of data transfers, user installations have to be certified compliant with standard test scripts before they are authorised for access to these resources.

The electronic health record offers all advantages of computer based memories. It is accessible over networks, highly structured and allows exchange of information both within the institution and across its borders. However, it has potential disadvantages among which a great risk for confidentiality, integrity and availability of information about identifiable patients exists. The present paper discusses advantages and disadvantages of the electronic health record as well as methods in order to control and use appropriately identifiable patient data. Personal data protection requires a legislation, a code of conduct, information contracts, an organisation under the responsibility of a physician, technical tools for health security, risk analysis methods, standards for development and implementation of computer systems as well as training and teaching sessions.

Medical database security plays an important role in the overall security of medical information systems. The development of appropriate secure database design and operation methodologies is an important problem in the area and a necessary prerequisite for the successful development of such systems. The general framework for medical database security and a number of parameters of the secure medical database design and operation problem are presented and discussed. A secure medical database development methodology is also presented which could help overcome some of the problems currently encountered.

The purpose of the paper was to find and discuss methods for teaching secure communication. A survey to a sample of nursing schools was executed. The teachers were asked to define ‘secure communication’ and to relate teaching methods used. Theories supporting the proposed methods were discussed. Conclusively it was found that a joint task force including IMIA WG4 and the IMIA and EFMI nursing groups for selecting an educational strategy in teaching ‘secure communication’ is highly recommended.

The legal position of confidentiality and the safe transmission of medical information is examined in the context of the EU Directive and the technical mechanisms available for addressing these problems.

Information security is a must in health care as is commonly know. This paper describes the conflict between the strategic goals of an organisation and organising information security and confidentiality. Because of local strategies and the organisational effect on the need for information, it is necessary to describe the main features of the Finnish Health care system and Helsinki City Health Department.

Securing health information is an application domain which can learn more from other environments like airlines and banking than from military formalism or academic freedom. The techniques of the 80s using clear separation between public and private areas have to be upgraded. Propositions are made. Costs are evaluated.