International journal of bio-medical computing最新文献

The maintenance of patient confidentiality is of utmost importance in the doctor patient relationship. With the advent of networks such as the National Health Service Wide Area Network in the UK, the potential to transmit identifiable clinical data will become greater. Links between general practitioners (GPs) and hospitals will allow the rapid transmission of data which if intercepted could be potentially embarrassing to the patient concerned. In 1994 the British Medical Association launched a draft bill on privacy and confidentiality and in association with this bill it is pushing for encryption of all clinical data across electronic networks. The manager's role within an acute hospital, community units and general practice, is to ensure that all employees are aware of the principles of data protection, security of hospital computer systems and that no obvious breaches of security can occur at publicly accessible terminals. Managers must be kept up to date with the latest developments in computer security such as digital signatures and be prepared to instigate these developments where practically possible. Managers must also take responsibility for the monitoring of access to terminals and be prepared to deal severely with staff who breach the code of confidentiality. Each manager must be kept informed of employees status with regard to their ‘need to know’ clearance level and also to promote confidentiality of patient details throughout the hospital. All of the management team must be prepared to train new staff in the principles of data security as they join the organisation and recognise their accountability if the programme fails. Data security and patient confidentiality is a broad responsibility in any healthcare organisation, with the Chief Executive accountable. In family practice, the partners are responsible and accountable. The British Medical Association believes as a matter of policy, that allowing access to personal health data without the patients consent, except in a legally allowable situation, should be a statutory offence.

Medical, legal, and economic reasons inevitably force health care establishments to apply more and more open distributed IT systems rather than the less flexible and more expensive mainframes. Managing, for example, electronic patient records by various users at different locations by means of large scale client-server systems requires new security provisions for storing, archiving and communicating those data. Using an analogy, data processing is being changed from railroads to highways. Formerly, only one engine-driver was responsible for the security of a whole train, whereas now the car-drivers themselves are responsible each for his own car. Unless the cars are equipped with suitable security mechanisms like breaks and safety belts this change endangers individuals within and outside the cars. Cryptography provides many of the relevant security mechanisms for open distributed health care IT systems. Indeed, suitable cost effective cryptographic products are available but are rarely found in health care IT systems. The reason is more political than economic: diverging national security interests in the EU have prevented strong security in public telecommunication infrastructures arguing that, e.g. criminals would profit, too. The resulting uncertainty of investments delays the development, standardisation and installation of cryptographic solutions.

With the increasing costs of medical care many countries are seeking ways of controlling costs. Two approaches are discussed; the accounting control of costs and the medicalised control of costs. The former provides a very blunt and insensitive instrument while the latter can support best practice and reduce unnecesssary examinations. However, the medicalised approach requires limited access to the patients' medical files thus breaching the medical secret. The paper discusses the strict controls necessary to make this approach work in an acceptable fashion.

This paper focuses on the organisational, technical and ethical aspects related to the use of person identifiable health information for various health care management, administration, finance, research and educational purposes. It is based on the ethical standpoint that to the individuals in question, the identifiable health information represents the uttermost sensitive and critical information. In addition, nobody, possibly apart from the patients themselves, may claim ownership of such information. Thus identifiable health information should be (per individual) kept as collected and protected as possible, within the scope of the patient provider relationship. Identifiable health information should, whenever possible and reasonable, be restricted to the health care professionals providing the treatment and care to the patient, and only be made available to others, e.g. for management, research or educational purposes, either in anonymous or pseudonymous form. Secure information management (SIM) is presented as the socio-technical means to facilitate our ethical standpoint in a practical health care environment.

This paper deals with the impact of information technology used in nursing with special regard to confidentiality, integrity and availability. A brief overview is given of the current value and usage of information systems by nurses. This is followed by recommendations for the increase of awareness regarding proper use of IT systems in (A) the direct environment of patients, and (B) the secure communication between health professionals and institutions.

The development of uniform, ethical and internationally enforceable standards for handling computerised electronic patient records is a major requirement for the implementation of the next generation of health information systems. This paper develops a model code of ethics to address this issue.

Health care providers, purchasers, and insurers try to manage the costs while maintaining the quality of the care. In the Hospital District of Central Finland we based our plans on the following values: life worth living, justice, truth, responsibility, equality, relationship, and commitment. Most of these values mean responsibility for the patient. At the same time they tell of the ethical basis of our regional networking between hospitals and health centres.

This paper presents some of the difficulties inherent in understanding IT security as a context oriented area when it comes to practicalities. Such attributes have to be included in education and training; here presented through demands put forward by some official international bodies. A short state-of-the-art report is given and an approach to meet stated demands is presented including evaluations performed. Finally there are remarks on future work needed.

It proves difficult to achieve a good measure of security in medical informatics applications. A number of reasons for this are analyzed. It is argued, that standardisation will help in solving this problem to a certain extent, but a more complete solution is possible when this is used in close conjunction with legal instruments (e.g. EU directives) and advice of a less strict nature, like guidelines. On the whole, a pragmatic step-by-step approach is needed, although there are signs that the general environment for these developments is improving.