The SIREN project was established by the Health Telematics Programme of the European Commission to assist health care provider groups in establishing necessary security services. It concerned primarily the regional health care network projects within the EU programme but also targeted other regional and national user groups operating or planning for health care networks. The project has collected experiences from major regional health care networks throughout Europe with regard to security problems. Using these experiences and security expertise, particularly from the TrustHealth project of the programme, SIREN is disseminating information on 'best practices' to the user groups. The first chapter provides an introduction to the problem area of secure communication in large health telematics networks. Chapter 2 describes the challenges with regard to legal requirements on digital data, particularly with regard to issues of proving authenticity. Chapter 3 provides an overview of typical healthcare applications and highlights some of the different security requirements posed. The major part of this book provides reports from security analyses and selected solutions from a number of different environments, mainly taken from European projects with participants in many different countries.
When information Systems and networks are replacing traditional document procedures, archiving and postal services in the healthcare sector, insecure routines may be avoided by elaborating appropriate procedures and technical protection measures.
These routines need to be supported by the legal system to create public confidence in digital documents with digital signatures and related services. Instead of a completely new legal framework, at the risk of forgetting certain issues or having to invent the wheel again, existing legal principles should be utilised and — when necessary — adapted to new pattems of action. Such a starting point may create a base for legally unified regulations of paper-based and electronic routines, with security maintained. By adapting the definition of document and the well known procedures regarding e.g. archiving and postal services to the electronic environment it will become natural for the solution of various legal questions to be taken from those rules which are already established for paper documents.
This chapter focuses on the legal requirements on electronic document management including the possibility of using them as evidence. It does not go into detail on the equally important but more well-known requirements for confidentiality based on special healthcare legislation and protection of the rights of the data subject as provided for in the “Data Protection Directive” 95/46/EC.
This chapter describes the approach and contents of the regional EDI security guidelines developed in the CoCo project. The chapter also presents some Norwegian experiences in view of the guidelines making use also of the TmstHealth 1 recommendations.
The security guide provides a framework for regional projects, with a main objective to indicate how and to which extent, existing and standardised (EDI message) security techniques, security infrastmcture (in terms of Trusted Third Parties), Codes of Connections, common Security Polices and Codes of Conduct for the individual, collectively can facilitate the pursuing of the principles of the (1995) EU Directive on the protection of individuals, in health care telematics projects.
This chapter provides an introduction to the Star project with a description of the project’s objectives and an explanation of the continuity link through to the Intercare project. It then outlines the security service architecture developed in the Star project along with some conclusions about the common services which have been identified as needed for a regional healthcare network project.
The Danderyd Hospital has implemented the use of a security system using smart cards held by all 4500 users of the extensive information Systems used for administrative tasks as well as medical records. The system is using RSA based public key encryption and separate security servers for authorisation control. An analysis of costs and benefits is provided in this chapter.
This chapter looks at the security infrastmcture around a regional electronic medical record. It considers first the generic security model and then the specific case study of the Regional Cancer Register in Magdeburg/Saxony Anhalt which was part of the TrustHealth 1 project.
This chapter looks at the project TIDDM and its experience in the area of security. It consists of an introduction to the project and an explanation of its context with Telemedicine. The chapter then describes the support architecture, the servers, protocol and the development environment. It identifies the TIDDM needs in the security area and provides an overview of security and cryptography solutions leading to an explanation of the Implementation in TIDDM.
The integration and evolution of existing Systems represents one of the most urgent priorities of health care information Systems in order to allow the whole organisation to meet the increasing clinical organisational and managerial needs. The ENV 12967-1 ‘Healthcare Information Systems Architecture’ standard defines an architectural approach based on a middleware of business-specific common services, enabling all parts of the local and geographical system to rely on a common information heritage of patient, clinical, administrative and managerial data.
Thanks to the availability of industrial products conforming to the standard, the effectiveness and the validity of this approach is now extensively used in the production and commercial environment. Industrial collaborations have been also established, based on the development and distribution of integratable and complementary components of a common, open healthcare-information system, based on the common DHE middleware.
After an overview on the key aspects of the HISA architecture, this paper discusses the positioning of the authorisation and security aspects in the overall architectural framework and presents the specific features implemented in the industrial DHE middleware.
This chapter describes a specific case study which was looking at an alternative approach using a commercially available mail client software to securely transfer health insurance claims from UK doctors to private health insurers. The chapter outlines the background to the search for an alternative approach, the methods used, some summary feedback from the exprience and some conclusions to be drawn. This chapter highlights the importance of sharing experiences on as wide a scale as possible both within health and without in such a complex field.
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
Tel.: +1 703 830 6300
Fax: +1 703 830 2300 firstname.lastname@example.org
(Corporate matters and books only) IOS Press c/o Accucoms US, Inc.
For North America Sales and Customer Service
West Point Commons
Lansdale PA 19446
Tel.: +1 866 855 8967
Fax: +1 215 660 5042 email@example.com