Search and Find
Service
Acknowledgements
7
Preface
8
Contents
10
List of Figures
15
List of Tables
17
LIST OF CONTRIBUTORS AND ORGANISATIONS
18
Chapter 1 Introduction to e-Healthcare Information Security
19
1.1 Introduction
19
1.2 The e-Healthcare Information: Nature and Trends
19
1.3 Security Impact of Trends in e-Healthcare Information Management
21
1.4 Trends in e-Healthcare Environment
22
1.4.1 Case Study: Canada
23
1.4.2 Case Study: IZIP and General Health Insurance Company of the Czech Republic
26
1.4.3 Case Study: Danish Health Data Network (DHDN)
27
1.4.4 Case Study: The Norwegian Healthcare System
31
1.4.5 Case Study: Sweden
33
1.4.6 Case Study: UK NHS Direct Online (NHSDO) Information Service
35
1.5 Securing e-Healthcare Information: Signi.cance and Challenges
37
1.6 Concepts of e-Healthcare Information Security
38
1.7 Frameworks and Approaches
39
1.8 Issues in e-Healthcare Information Security
41
1.9 Summary
43
References
43
Chapter 2 Securing e-Healthcare Information
46
2.1 Introduction
46
2.2 Breaches of Privacy and Con.dentiality in e-Healthcare
47
2.2.1 Accidental Privacy and Condentiality Breaches
47
2.2.2 Ethically Questionable Conduct
48
2.2.3 Breaches Due to Illegal Actions
49
2.2.4 Laxity in Security for Sensitive e-Healthcare Information
49
2.3 The IT Security Challenge for Securing e-Healthcare Information
49
2.4 The Privacy and Con.dentiality Challenge
50
2.5 Utilisation Challenges
52
2.6 Legal Protection Challenges
53
2.7 The Nature of Secure e-Healthcare Information
53
2.8 The Principles for Securing e-Healthcare Information
55
2.9 Combining Security with Privacy and Con.dentiality
57
2.10 Identi.ability in Securing e-Healthcare Information
59
2.11 Anonymisation and Pseudonymisation
60
2.12 Technological Frameworks in Securing e-Healthcare Information
62
2.13 Engineering of Secure e-Healthcare Information
64
2.13.1 Methodologies for Engineering Secure e-Healthcare Information Systems
64
2.13.2 Measures and Security Metrics for Securing e-Healthcare Information
66
2.13.3 Evaluation of Secure e-Healthcare Information
67
2.14 Discussion and Summary of Issues in Securing e-Healthcare Information
67
References
68
Chapter 3 Laws and Standards for Secure e-Healthcare Information
75
3.1 Introduction
75
3.2 The Rationale for Laws and Standards in Securing e-Healthcare Information
76
3.3 Laws and Standards: Relationships, Roles and Interactions
77
3.4 Legal Protection of Privacy in e-Healthcare Information Management
78
3.4.1 International and EU Law on Protection of e-Healthcare Information
78
3.4.2 Irish Law on Protection of e-Healthcare Information
80
3.4.3 UK Law on Protection of e-Healthcare Information
82
3.4.4 Australian Law on Protection of e-Healthcare Information
82
3.4.5 New Zealand Law on Protection of e-Healthcare Information
82
3.4.6 Japanese Law on Protection of e-Healthcare Information
83
3.4.7 US Law on Protection of e-Healthcare Information
83
3.4.7.1 Health Insurance Portability and Accountability Act (HIPAA) in 1996
84
3.4.7.2 HIPAA Rules
84
3.4.7.3 HIPAA Privacy and Security Rules
85
3.4.7.4 The Impact of HIPAA 1996
86
3.4.7.5 Merits and De-Merits of HIPAA Approach
86
3.4.8 Canadian Law on Protection of e-Healthcare Information
87
3.5 Standards for Secure e-Healthcare Information
88
3.5.1 Health Level 7 (HL7) Standardisation
88
3.5.2 Committee for European Normalisation (CEN) Technical Committee (TC) 251 Standardisation
90
3.5.3 The openEHR Specication Standard
91
3.5.4 International Standards Organisation Technical Committee (ISO/TC) 215 Healthcare Informatics Standardisation
94
3.5.5 ASTM Committee E31 on Healthcare Informatics Standardisation
95
3.5.5.1 ASTM Committee E31 Standards for Security and Privacy inHealthcare Informatics
95
3.5.5.2 ASTM E31 Security Model for e-Healthcare Information
99
3.5.6 Generic IT Security within e-Healthcare Information Management
100
3.5.6.1 Authentication and Authorisation in e-Healthcare
100
3.5.6.2 Identity and the Unique Position of Biometric Methods forAuthentication
101
3.5.6.3 Authentication and Authorisation in Emerging Technologies fore-Healthcare InformationManagement
101
3.5.6.4 Data Integrity and Non-repudiation
103
3.5.6.5 Dominant Encryption Standards for Protecting Confidentiality
104
3.5.6.6 Encryption for Protecting Confidentiality in e-Healthcare
105
3.5.6.7 Security Certification
107
3.5.6.8 Security in Web-based Contexts
108
3.5.6.9 Conclusion
109
3.6 Discussion and Summary of the Legal and Standardisation Challenges
109
3.7 Summary
111
References
112
Chapter 4 Secure e-Healthcare Information Systems
117
4.1 Introduction
117
4.2 The elements of Security and Privacy in e-Healthcare Information Systems
118
4.3 Security and Privacy Provisions in EHR Systems
120
4.3.1 The Canadian Health Infoway
121
4.3.2 Security and Privacy Provisions in the UK NHS Care Records
122
4.3.3 Security and Privacy Provisions in the WorldVistA EHR System
124
4.4 Security and Privacy Provisions in Electronic Personal Healthcare Records
125
4.4.1 Google Health e-PHR
126
4.4.2 The Microsoft e-PHR service: The HealthVault
127
4.4.3 The Indivo Open Source e-PHR system
128
4.4.4 Summary of Concerns and Issues with e-PHR systems and Services
128
4.5 Security and Privacy in Clinical Decision Support Systems
130
4.6 The Challenges from Security and Privacy for e-Healthcare Information Security
133
4.7 Future e-Healthcare Information Management: Towards the EHR/PEHR Hybridisation
134
4.8 Summary
136
References
137
Chapter 5 Towards a Comprehensive Framework for Secure e-Healthcare Information
138
5.1 Introduction
138
5.2 The Problem of Securing e-Healthcare Information
139
5.3 The Context and Concepts for Securing e-Healthcare Information
140
5.4 Towards Future-Enabled Requirements for Securing e-Healthcare Information
143
5.4.1 The Security and Privacy Impact of the Evolution of the Control of e-Healthcare Information in Context of the Patient-Centred Paradigm
144
5.4.2 The nature, security and privacy implications of the EHR/PEHR hybrid
147
5.4.3 The Role of Security Metrics
149
5.4.4 Summary of Security and Privacy Requirements for Future-Enabled e-Healthcare Information
150
5.5 The Approach to Securing e-Healthcare Information
150
5.6 The Framework for Securing e-Healthcare Information Security and Privacy
152
5.6.1 The Key Drivers to the Security and Privacy of e-Healthcare Information Security
153
5.6.2 The Model for the e-Healthcare Information Control and Security and Privacy Risk Level Over Time
155
5.6.2.1 Period 1: The immediate past - absolute control by the clinician orhealthcare organisation
156
5.6.2.2 Period 2 and 3A: The present - transition to patient control
156
5.6.2.3 Periods 3B and 4: The immediate future- Balancing professionalrequirements with patient privacy
157
5.6.3 The Conceptual Framework for Secure e-Health Information
159
5.7 The Conceptual Architecture
161
5.8 Discussion and Summary
163
References
165
Chapter 6 Towards a Uni.ed Security Evaluation Framework for e-Healthcare Information Systems
166
6.1 Introduction
166
6.2 Evaluating Privacy and Security in e-Healthcare
166
6.3 Approaches to Evaluation of e-Healthcare Information Security and Privacy
168
6.3.1 Standards-Based Security and Privacy Evaluation
168
6.3.2 Privacy Policy Evaluation
168
6.3.3 Ontology-Based Privacy Evaluation
169
6.3.4 Security and Privacy Metrics
169
6.3.4.1 Policy-Based SecurityMetrics
170
6.3.4.2 Risk Security Metrics
170
6.3.4.3 Attack Graph-Based Security Metrics
170
6.3.4.4 Arguments Against Security and PrivacyMetrics
171
6.3.4.5 The Qualities of a Good Security or PrivacyMetric
172
6.3.5 Model-Based Approach to Security and Privacy Evaluation
175
6.4 Frameworks for e-Healthcare Information Privacy and Security Evaluation
175
6.4.1 Information Security Management Model-Based Evaluation Frameworks
175
6.4.2 Security Metric-Based Evaluation Frameworks
176
6.4.3 Security and Privacy Policy-Based Evaluation Frameworks
176
6.5 Towards a Uni.ed Privacy and Security Evaluation Framework for e-Healthcare Information
177
6.5.1 The Security and Privacy Evaluation Challenges for e-Healthcare Information
177
6.5.2 Towards a Unied Framework for Evaluating Privacy and Security of e-Healthcare Information
178
6.6 Human Factors in Evaluating e-Healthcare Information Security and Privacy
182
6.6.1 Impact of Technological Human Factors
182
6.7 Summary
183
References
184
Chapter 7 Discussions
188
7.1 Introduction
188
7.2 Securing Personal e-Healthcare
189
7.3 Proliferation of New Technologies
191
7.4 Health Identifier
193
7.5 Problem of Securing e-Healthcare Information
194
7.6 Contribution to Knowledge
196
7.7 Conclusion
197
7.8 Future Work and Research Directions
197
References
198
Appendix A International Standards Organisational Technical Committee (ISO/TX) 215 Healthcare Informatics Standardisation
199
Index
202
All prices incl. VAT