Ensuring the security and privacy of information in mobile health-care communication systems
Keywords:
electronic patient records, digital watermarking, steganography, mobile devices, security, health care
Abstract
The sensitivity of health-care information and its accessibility via the Internet and mobile technology systems is a cause for concern in these modern times. The privacy, integrity and confidentiality of a patient’s data are key factors to be considered in the transmission of medical information for use by authorised health-care personnel. Mobile communication has enabled medical consultancy, treatment, drug administration and the provision of laboratory results to take place outside the hospital. With the implementation of electronic patient records and the Internet and Intranets, medical information sharing amongst relevant health-care providers was made possible. But the vital issue in this method of information sharing is security: the patient’s privacy, as well as the confidentiality and integrity of the health-care information system, should not be compromised. We examine various ways of ensuring the security and privacy of a patient’s electronic medical information in order to ensure the integrity and confidentiality of the information.References
1. Meingast M, Roosta T, Sastry S. Security and privacy issues with health care information technology. Paper presented at: IEEE EMBS 2006. Proceedings of the 28th IEEE EMBS Annual International Conference; 2006 Aug 30 – Sep 03; New York, USA.
2. My health at Vanderbilt [homepage on the Internet]. No date [cited 2011 June 30]. Available from: www.MyHealthAtVanderbilt.com
3. Wilson B, Athanasiou J, McDonnell M. White Paper – Mobile point-of-care value model: Building a business case for clinical workflow improvements enabled by mobile technologies [document on the Internet]. No date [cited 2011 June 30]. Available from: http://www.intel.com/Assets/PDF/whitepaper/Intel_MPOC_Value_Model_Whitepaper.pdf
4. South African Law Reform Commission. Privacy and data protection. Discussion paper 109 Project 124. Pretoria: South African Law Reform Commission; 2005.
5. The Constitution Act 108 of 1996, South Africa.
6. Burchell J. The legal protection of privacy in South Africa: A transplantable hybrid. Electron J Comp Law; 2009;13:1.
7. Raghupathi W. Health care information systems. Commun ACM. 1997;40(8):81–82. doi:10.1145/257874.257894
8. Luft HS, Miller RH. FHF research studies results presented in Boston: The role of information in the changing models of managed care. Federation of Health Funds Newsletter; 1996.
9. Blobel B. Security requirements and solutions in distributed electronic health records. Paper presented at: IFIP TC 11. Proceedings of the IFIP TC 11 Thirteenth International Conference on Information Security; 1997 May 14–16; Copenhagen, Denmark. London: Chapman and Hall; 1997. p. 337–389.
10. De Klerk A. The right of patients to have access to their medical records: The position in South African law. Med Law. 1993;12:77–83. PMid:8377624
11. Making and keeping medical records. MPS Casebook 13 (International). 2000(July):6–8.
12. Kohn P. Computer-based patient record systems: The future of health care is in digital technology. Inform. 1995:38–46.
13. James MW, Pascale C. Health IT systems: From tasks to processes – the case for changing health information technology to improve health care. Health Aff. 2009;28:2467–2477.
14. Wikipedia. Electronic medical record [homepage on the Internet]. No date [cited 2011 June 30]. Available from: http://en.wikipedia.org/wiki/Electronic_medical_record
15. Eysenbach G. What is eHealth? J Med Internet Res. 2001;3:20. doi:10.2196/jmir.3.2.e20, PMid: 11720962 , PMid: 1761894
16. Agbele KK, Nyongesa HO, Adesina AO. ICT and information security perspectives in e-health systems. J Mobile Commun. 2010;1(4):17–22.
17. Blake G. What is eHealth?: A systematic review of published definitions. J Med Internet Res. 2001;7:1.
18. Vital Wave Consulting.mHealth for Development: The opportunity of mobile technology for healthcare in the developing world. Washington D.C. and Newbury: UN Foundation–Vodafone Foundation Partnership; 2009.
19. Vensa Health. About TXT2Remind [homepage on the Internet]. No date [cited 2011 June 30]. Available from: http://hp.vensahealth.com/SolutionsServices/Txt2Remind/AboutTxt2Remind.aspx
20. Curioso WH. New technologies and public health in developing countries: The cell PREVEN project. In: Murero M, Rice RE, editors. The internet and health care: Theory research and practice. Mahwah: Lawrence Erlbaum Associates, 2006; p. 375–393.
21. Curioso WH, Mechael PN. Enhancing “M-Health†with south-to-south collaborations. Health Aff. 2010;29(2):264–267. doi:10.1377/hlthaff.2009.1057, PMid: 20348071
22. Tahir MN. A secure online medical information system in a distributed and heterogenous computing environment. Inf Secur. 2004;15(2):211–215.
23. Smith E, Eloff JHP. Security in health-care information systems – current trends. Int J Med Inform. 1999;54:39–54. doi:10.1016/S1386-5056(98)00168-3
24. Calcote S. Developing a secure health-care information network on the internet. Healthc Financ Manage. 1997;51(1):68.
25. Patel A, Kantzavelou I. Implementing network security guidelines in health-care information systems. Paper presented at: MEDINFO 1995. Proceedings of the Eighth World Congress on Medical Informatics; 1995 July 23–27; Vancouver, Canada. Alberta: Healthcare Computing & Communications Canada Inc; 1995. p. 671–674.
26. Grant K, Lewis M, Nongogo N, Strode A. HIV/AIDS and the law: A trainer’s manual. Cape Town: The Learning Network; 2005.
27. Yasser S, Mohamed A, Othman OK, Zaidan AA, Zaidan BB. A review on multimedia communications cryptography. Res J Inf Technol. doi: 10.3923/rjit., 2011.
28. Health Professions Council of South Africa. Guidelines: The management of patients with HIV infection or AIDS. Pretoria: Health Professions Council of South Africa; 2001.
29. Carter G, Clark A, Dawson E, Nielsen L. Analysis of DES double key mode. Paper presented at: IFIP TC 11. Proceedings of the IFIP TC 11 Eleventh International Conference on Information Security; 1995 May 08–12; Cape Town, South Africa. London: Chapman and Hall; 1995. p. 13–127.
30. Pfleeger CP. Security in computing. 2nd ed. Upper Saddle River: Prentice-Hall; 1997.
31. Chang-Tsun L, Yue L, Chia-Hung W. Protection of digital mammograms on PACSs using data hiding techniques. Int J Digital Crime Forensics. 2009;1(1):75–88. doi:10.4018/jdcf.2009010105
32. Cachin C. Digital steganography: A survey prepared for the Encyclopedia of Cryptography and Security. Zurich: IBM Research; 2005.
33. Desoky A. Listega: List B management based steganography methodology. Int J Inf Secur. 2009;8:247–261. doi:10.1007/s10207-009-0079-0
34. Clifton C, Marks D. Security and privacy implications of data mining. Workshop presented at: ACM SIGMOD Workshop on Data Mining and Knowledge Discovery; 1996 June 2; Montreal, Canada.
35. Stachour PD, Thuraisingham BM. Design of LDV: A multilevel secure relational database management system. IEEE Trans Knowl Data Eng. 1990;2(2):190–209. doi:10.1109/69.54719
36. Motro A, Marks DG, Jajodia S. Aggregation in relational databases: Controlled disclosure of sensitive information. Proceedings of the European Symposium on Research in Computer Security; 1994 November 07–09; Brighton, United Kingdom. Berlin: Springer-Verlag; 1994.
37. Vaudenay S. A classical introduction to cryptography: Applications for communications security. Berlin: Springer; 2006.
2. My health at Vanderbilt [homepage on the Internet]. No date [cited 2011 June 30]. Available from: www.MyHealthAtVanderbilt.com
3. Wilson B, Athanasiou J, McDonnell M. White Paper – Mobile point-of-care value model: Building a business case for clinical workflow improvements enabled by mobile technologies [document on the Internet]. No date [cited 2011 June 30]. Available from: http://www.intel.com/Assets/PDF/whitepaper/Intel_MPOC_Value_Model_Whitepaper.pdf
4. South African Law Reform Commission. Privacy and data protection. Discussion paper 109 Project 124. Pretoria: South African Law Reform Commission; 2005.
5. The Constitution Act 108 of 1996, South Africa.
6. Burchell J. The legal protection of privacy in South Africa: A transplantable hybrid. Electron J Comp Law; 2009;13:1.
7. Raghupathi W. Health care information systems. Commun ACM. 1997;40(8):81–82. doi:10.1145/257874.257894
8. Luft HS, Miller RH. FHF research studies results presented in Boston: The role of information in the changing models of managed care. Federation of Health Funds Newsletter; 1996.
9. Blobel B. Security requirements and solutions in distributed electronic health records. Paper presented at: IFIP TC 11. Proceedings of the IFIP TC 11 Thirteenth International Conference on Information Security; 1997 May 14–16; Copenhagen, Denmark. London: Chapman and Hall; 1997. p. 337–389.
10. De Klerk A. The right of patients to have access to their medical records: The position in South African law. Med Law. 1993;12:77–83. PMid:8377624
11. Making and keeping medical records. MPS Casebook 13 (International). 2000(July):6–8.
12. Kohn P. Computer-based patient record systems: The future of health care is in digital technology. Inform. 1995:38–46.
13. James MW, Pascale C. Health IT systems: From tasks to processes – the case for changing health information technology to improve health care. Health Aff. 2009;28:2467–2477.
14. Wikipedia. Electronic medical record [homepage on the Internet]. No date [cited 2011 June 30]. Available from: http://en.wikipedia.org/wiki/Electronic_medical_record
15. Eysenbach G. What is eHealth? J Med Internet Res. 2001;3:20. doi:10.2196/jmir.3.2.e20, PMid: 11720962 , PMid: 1761894
16. Agbele KK, Nyongesa HO, Adesina AO. ICT and information security perspectives in e-health systems. J Mobile Commun. 2010;1(4):17–22.
17. Blake G. What is eHealth?: A systematic review of published definitions. J Med Internet Res. 2001;7:1.
18. Vital Wave Consulting.mHealth for Development: The opportunity of mobile technology for healthcare in the developing world. Washington D.C. and Newbury: UN Foundation–Vodafone Foundation Partnership; 2009.
19. Vensa Health. About TXT2Remind [homepage on the Internet]. No date [cited 2011 June 30]. Available from: http://hp.vensahealth.com/SolutionsServices/Txt2Remind/AboutTxt2Remind.aspx
20. Curioso WH. New technologies and public health in developing countries: The cell PREVEN project. In: Murero M, Rice RE, editors. The internet and health care: Theory research and practice. Mahwah: Lawrence Erlbaum Associates, 2006; p. 375–393.
21. Curioso WH, Mechael PN. Enhancing “M-Health†with south-to-south collaborations. Health Aff. 2010;29(2):264–267. doi:10.1377/hlthaff.2009.1057, PMid: 20348071
22. Tahir MN. A secure online medical information system in a distributed and heterogenous computing environment. Inf Secur. 2004;15(2):211–215.
23. Smith E, Eloff JHP. Security in health-care information systems – current trends. Int J Med Inform. 1999;54:39–54. doi:10.1016/S1386-5056(98)00168-3
24. Calcote S. Developing a secure health-care information network on the internet. Healthc Financ Manage. 1997;51(1):68.
25. Patel A, Kantzavelou I. Implementing network security guidelines in health-care information systems. Paper presented at: MEDINFO 1995. Proceedings of the Eighth World Congress on Medical Informatics; 1995 July 23–27; Vancouver, Canada. Alberta: Healthcare Computing & Communications Canada Inc; 1995. p. 671–674.
26. Grant K, Lewis M, Nongogo N, Strode A. HIV/AIDS and the law: A trainer’s manual. Cape Town: The Learning Network; 2005.
27. Yasser S, Mohamed A, Othman OK, Zaidan AA, Zaidan BB. A review on multimedia communications cryptography. Res J Inf Technol. doi: 10.3923/rjit., 2011.
28. Health Professions Council of South Africa. Guidelines: The management of patients with HIV infection or AIDS. Pretoria: Health Professions Council of South Africa; 2001.
29. Carter G, Clark A, Dawson E, Nielsen L. Analysis of DES double key mode. Paper presented at: IFIP TC 11. Proceedings of the IFIP TC 11 Eleventh International Conference on Information Security; 1995 May 08–12; Cape Town, South Africa. London: Chapman and Hall; 1995. p. 13–127.
30. Pfleeger CP. Security in computing. 2nd ed. Upper Saddle River: Prentice-Hall; 1997.
31. Chang-Tsun L, Yue L, Chia-Hung W. Protection of digital mammograms on PACSs using data hiding techniques. Int J Digital Crime Forensics. 2009;1(1):75–88. doi:10.4018/jdcf.2009010105
32. Cachin C. Digital steganography: A survey prepared for the Encyclopedia of Cryptography and Security. Zurich: IBM Research; 2005.
33. Desoky A. Listega: List B management based steganography methodology. Int J Inf Secur. 2009;8:247–261. doi:10.1007/s10207-009-0079-0
34. Clifton C, Marks D. Security and privacy implications of data mining. Workshop presented at: ACM SIGMOD Workshop on Data Mining and Knowledge Discovery; 1996 June 2; Montreal, Canada.
35. Stachour PD, Thuraisingham BM. Design of LDV: A multilevel secure relational database management system. IEEE Trans Knowl Data Eng. 1990;2(2):190–209. doi:10.1109/69.54719
36. Motro A, Marks DG, Jajodia S. Aggregation in relational databases: Controlled disclosure of sensitive information. Proceedings of the European Symposium on Research in Computer Security; 1994 November 07–09; Brighton, United Kingdom. Berlin: Springer-Verlag; 1994.
37. Vaudenay S. A classical introduction to cryptography: Applications for communications security. Berlin: Springer; 2006.
Published
2011-09-02
Section
Research Articles