Search and Find

Book Title

Author/Publisher

Table of Contents

Show eBooks for my device only:

 

Electronic Healthcare Information Security

Electronic Healthcare Information Security

of: Charles A. Shoniregun, Kudakwashe Dube, Fredrick Mtenzi

Springer-Verlag, 2010

ISBN: 9780387849195 , 190 Pages

2. Edition

Format: PDF, Read online

Copy protection: DRM

Windows PC,Mac OSX Apple iPad, Android Tablet PC's Read Online for: Windows PC,Mac OSX,Linux

Price: 117,69 EUR



More of the content

Electronic Healthcare Information Security


 

Acknowledgements

7

Preface

8

Contents

10

List of Figures

15

List of Tables

17

LIST OF CONTRIBUTORS AND ORGANISATIONS

18

Chapter 1 Introduction to e-Healthcare Information Security

19

1.1 Introduction

19

1.2 The e-Healthcare Information: Nature and Trends

19

1.3 Security Impact of Trends in e-Healthcare Information Management

21

1.4 Trends in e-Healthcare Environment

22

1.4.1 Case Study: Canada

23

1.4.2 Case Study: IZIP and General Health Insurance Company of the Czech Republic

26

1.4.3 Case Study: Danish Health Data Network (DHDN)

27

1.4.4 Case Study: The Norwegian Healthcare System

31

1.4.5 Case Study: Sweden

33

1.4.6 Case Study: UK NHS Direct Online (NHSDO) Information Service

35

1.5 Securing e-Healthcare Information: Signi.cance and Challenges

37

1.6 Concepts of e-Healthcare Information Security

38

1.7 Frameworks and Approaches

39

1.8 Issues in e-Healthcare Information Security

41

1.9 Summary

43

References

43

Chapter 2 Securing e-Healthcare Information

46

2.1 Introduction

46

2.2 Breaches of Privacy and Con.dentiality in e-Healthcare

47

2.2.1 Accidental Privacy and Condentiality Breaches

47

2.2.2 Ethically Questionable Conduct

48

2.2.3 Breaches Due to Illegal Actions

49

2.2.4 Laxity in Security for Sensitive e-Healthcare Information

49

2.3 The IT Security Challenge for Securing e-Healthcare Information

49

2.4 The Privacy and Con.dentiality Challenge

50

2.5 Utilisation Challenges

52

2.6 Legal Protection Challenges

53

2.7 The Nature of Secure e-Healthcare Information

53

2.8 The Principles for Securing e-Healthcare Information

55

2.9 Combining Security with Privacy and Con.dentiality

57

2.10 Identi.ability in Securing e-Healthcare Information

59

2.11 Anonymisation and Pseudonymisation

60

2.12 Technological Frameworks in Securing e-Healthcare Information

62

2.13 Engineering of Secure e-Healthcare Information

64

2.13.1 Methodologies for Engineering Secure e-Healthcare Information Systems

64

2.13.2 Measures and Security Metrics for Securing e-Healthcare Information

66

2.13.3 Evaluation of Secure e-Healthcare Information

67

2.14 Discussion and Summary of Issues in Securing e-Healthcare Information

67

References

68

Chapter 3 Laws and Standards for Secure e-Healthcare Information

75

3.1 Introduction

75

3.2 The Rationale for Laws and Standards in Securing e-Healthcare Information

76

3.3 Laws and Standards: Relationships, Roles and Interactions

77

3.4 Legal Protection of Privacy in e-Healthcare Information Management

78

3.4.1 International and EU Law on Protection of e-Healthcare Information

78

3.4.2 Irish Law on Protection of e-Healthcare Information

80

3.4.3 UK Law on Protection of e-Healthcare Information

82

3.4.4 Australian Law on Protection of e-Healthcare Information

82

3.4.5 New Zealand Law on Protection of e-Healthcare Information

82

3.4.6 Japanese Law on Protection of e-Healthcare Information

83

3.4.7 US Law on Protection of e-Healthcare Information

83

3.4.7.1 Health Insurance Portability and Accountability Act (HIPAA) in 1996

84

3.4.7.2 HIPAA Rules

84

3.4.7.3 HIPAA Privacy and Security Rules

85

3.4.7.4 The Impact of HIPAA 1996

86

3.4.7.5 Merits and De-Merits of HIPAA Approach

86

3.4.8 Canadian Law on Protection of e-Healthcare Information

87

3.5 Standards for Secure e-Healthcare Information

88

3.5.1 Health Level 7 (HL7) Standardisation

88

3.5.2 Committee for European Normalisation (CEN) Technical Committee (TC) 251 Standardisation

90

3.5.3 The openEHR Specication Standard

91

3.5.4 International Standards Organisation Technical Committee (ISO/TC) 215 Healthcare Informatics Standardisation

94

3.5.5 ASTM Committee E31 on Healthcare Informatics Standardisation

95

3.5.5.1 ASTM Committee E31 Standards for Security and Privacy inHealthcare Informatics

95

3.5.5.2 ASTM E31 Security Model for e-Healthcare Information

99

3.5.6 Generic IT Security within e-Healthcare Information Management

100

3.5.6.1 Authentication and Authorisation in e-Healthcare

100

3.5.6.2 Identity and the Unique Position of Biometric Methods forAuthentication

101

3.5.6.3 Authentication and Authorisation in Emerging Technologies fore-Healthcare InformationManagement

101

3.5.6.4 Data Integrity and Non-repudiation

103

3.5.6.5 Dominant Encryption Standards for Protecting Confidentiality

104

3.5.6.6 Encryption for Protecting Confidentiality in e-Healthcare

105

3.5.6.7 Security Certification

107

3.5.6.8 Security in Web-based Contexts

108

3.5.6.9 Conclusion

109

3.6 Discussion and Summary of the Legal and Standardisation Challenges

109

3.7 Summary

111

References

112

Chapter 4 Secure e-Healthcare Information Systems

117

4.1 Introduction

117

4.2 The elements of Security and Privacy in e-Healthcare Information Systems

118

4.3 Security and Privacy Provisions in EHR Systems

120

4.3.1 The Canadian Health Infoway

121

4.3.2 Security and Privacy Provisions in the UK NHS Care Records

122

4.3.3 Security and Privacy Provisions in the WorldVistA EHR System

124

4.4 Security and Privacy Provisions in Electronic Personal Healthcare Records

125

4.4.1 Google Health e-PHR

126

4.4.2 The Microsoft e-PHR service: The HealthVault

127

4.4.3 The Indivo Open Source e-PHR system

128

4.4.4 Summary of Concerns and Issues with e-PHR systems and Services

128

4.5 Security and Privacy in Clinical Decision Support Systems

130

4.6 The Challenges from Security and Privacy for e-Healthcare Information Security

133

4.7 Future e-Healthcare Information Management: Towards the EHR/PEHR Hybridisation

134

4.8 Summary

136

References

137

Chapter 5 Towards a Comprehensive Framework for Secure e-Healthcare Information

138

5.1 Introduction

138

5.2 The Problem of Securing e-Healthcare Information

139

5.3 The Context and Concepts for Securing e-Healthcare Information

140

5.4 Towards Future-Enabled Requirements for Securing e-Healthcare Information

143

5.4.1 The Security and Privacy Impact of the Evolution of the Control of e-Healthcare Information in Context of the Patient-Centred Paradigm

144

5.4.2 The nature, security and privacy implications of the EHR/PEHR hybrid

147

5.4.3 The Role of Security Metrics

149

5.4.4 Summary of Security and Privacy Requirements for Future-Enabled e-Healthcare Information

150

5.5 The Approach to Securing e-Healthcare Information

150

5.6 The Framework for Securing e-Healthcare Information Security and Privacy

152

5.6.1 The Key Drivers to the Security and Privacy of e-Healthcare Information Security

153

5.6.2 The Model for the e-Healthcare Information Control and Security and Privacy Risk Level Over Time

155

5.6.2.1 Period 1: The immediate past - absolute control by the clinician orhealthcare organisation

156

5.6.2.2 Period 2 and 3A: The present - transition to patient control

156

5.6.2.3 Periods 3B and 4: The immediate future- Balancing professionalrequirements with patient privacy

157

5.6.3 The Conceptual Framework for Secure e-Health Information

159

5.7 The Conceptual Architecture

161

5.8 Discussion and Summary

163

References

165

Chapter 6 Towards a Uni.ed Security Evaluation Framework for e-Healthcare Information Systems

166

6.1 Introduction

166

6.2 Evaluating Privacy and Security in e-Healthcare

166

6.3 Approaches to Evaluation of e-Healthcare Information Security and Privacy

168

6.3.1 Standards-Based Security and Privacy Evaluation

168

6.3.2 Privacy Policy Evaluation

168

6.3.3 Ontology-Based Privacy Evaluation

169

6.3.4 Security and Privacy Metrics

169

6.3.4.1 Policy-Based SecurityMetrics

170

6.3.4.2 Risk Security Metrics

170

6.3.4.3 Attack Graph-Based Security Metrics

170

6.3.4.4 Arguments Against Security and PrivacyMetrics

171

6.3.4.5 The Qualities of a Good Security or PrivacyMetric

172

6.3.5 Model-Based Approach to Security and Privacy Evaluation

175

6.4 Frameworks for e-Healthcare Information Privacy and Security Evaluation

175

6.4.1 Information Security Management Model-Based Evaluation Frameworks

175

6.4.2 Security Metric-Based Evaluation Frameworks

176

6.4.3 Security and Privacy Policy-Based Evaluation Frameworks

176

6.5 Towards a Uni.ed Privacy and Security Evaluation Framework for e-Healthcare Information

177

6.5.1 The Security and Privacy Evaluation Challenges for e-Healthcare Information

177

6.5.2 Towards a Unied Framework for Evaluating Privacy and Security of e-Healthcare Information

178

6.6 Human Factors in Evaluating e-Healthcare Information Security and Privacy

182

6.6.1 Impact of Technological Human Factors

182

6.7 Summary

183

References

184

Chapter 7 Discussions

188

7.1 Introduction

188

7.2 Securing Personal e-Healthcare

189

7.3 Proliferation of New Technologies

191

7.4 Health Identifier

193

7.5 Problem of Securing e-Healthcare Information

194

7.6 Contribution to Knowledge

196

7.7 Conclusion

197

7.8 Future Work and Research Directions

197

References

198

Appendix A International Standards Organisational Technical Committee (ISO/TX) 215 Healthcare Informatics Standardisation

199

Index

202