Between 1988 and 1990, a research and development program known as the Advancement of Information in Medicine (AIM) Exploratory Action was initiated by the Commission of the European Community to investigate the application of information technologies and telecommunications (IT&T) in medicine and healthcare. The goal of the program was to ensure that healthcare could ultimately benefit from the developments in informatics and communication technology which were already beginning to revolutionize other sectors such as transport, banking and distribution.
This book presents the proceedings of an AIM working conference entitled Data Protection and Confidentiality in Health Informatics, held in Brussels, Belgium, in March 1990, The issues examined include data protection, confidentiality and information security with regard to health informatics in Europe. The contents are divided into six sections: executive summary; introduction; health professional issues; legal issues; technical issues; and management, staff and implementation issues.
The book represents an important historical record of the origins of what came to be known as the AIM community, and will be of interest to anyone involved in the field of health informatics.
The AIM Exploratory Action was performed from July 1988 to July 1990. It was a pre-normative Community research and development programme conducted from DG XIII/F of the Commission of the European Communities.
The objective of the AIM Programme is to develop telematics tools for the health care sector. By doing so it is believed that the health care delivery will be more cost-efficient and more evenly spread in the Community and that the competitiveness of the information technology and telecommunication industry in the Community will be improved.
Issues like data protection, confidentiality and information security are important parts of health informatics.
This report contains the outcome of an AIM working conference held in March 1990 on these subjects. The first part of the book contains the conclusions of the actual work done during the conference. The second part contains the lectures given in the plenary sessions.
It should be noted that the views expressed in this report are those of the participants in the conference and not necessarily those of the Commission of the European Communities.
The challenge for Europe in the field of information and communication technologies applied to health care is that of “integration, modularity and security” of health information systems in order to obtain greater efficiency of health care, to assure quality of care and to promote industrial competitiveness.
In this paper first the effect of new hardware and software technologies on threats to data integrity and usage integrity is considered. Next the potential is considered of new technical facilities for improving the protection. It is concluded that the increasing risks for data and usage integrity are not counter balanced at present by new protection measures. A concerted action is proposed to face this problem. Especially action is proposed to develop methods for quality assurance of software, for access control in networks and to improve data/usage integrity around PC's.
Health Data are sensitive to loss, manipulation and breach of confidentiality. Systems handling health data must be especially secure. Anyone accessing health data - be they stored in data banks or in personalised chipcards - must be specifically authorised to do so and must be strongly authenticated before access is granted.
Authorisation is normally restricted to certain data or facilities; it is granted and controlled by the owner of the data.
Authentication of users must precede authorisation, as it should also precede any act of communication between users, allowing them to corroborate that the partner is indeed the one he pretends to be.
Data integrity must be provided and protected against manipulation and replacement of data, deceptive delay of transmission and other attacks.
Data confidentiality must be provided to let only those have the information who are entitled to it.
This protects the data and their owners from misuse by malicious third parties. It does not completely protect a service provider from a malicious regular user and vice versa. For example, a sender of a message can repudiate its integrity/authenticity as presented by its receiver, although both he and the receiver may know that repudiation is not justified; yet none of both can prove the truth to a judge. There need to be a witnessing trusted third party. A communication system providing non-repudiation service must employ such trusted third parties or trust centres (as also specified by CCITT X.400 “Message Handling I Information Processing Systems - Text Communication - MOTIS” and CCITT X.500 “Directory”). Some trust centres are listed in the following:
Naming authorities provide their clients with distinguished names. They must be trusted to the extent that they will carefully check the identity of an applicant and give him a unique and authentic distinguished name. This name must be protected against manipulation by anybody, including its bearer.
Certification authorities issue certificates, i.e. they certify a person's distinguished name together with a public key for use by his partners to recognise the person's authentic digital signature.
Key distribution centres may be needed to generate cryptographic keys for any pair of users who want to communicate confidentially. Key distribution centres must be trusted by the users. The general public may want to trust them in a sense that they will not permit subversive use of their services.
Directories will store and grant access to information on users that is primarily needed to promote communication. They must be trusted by the general public that they will not grant unauthorised access for any misuse of information.
TeleTrusT seeks international consensus on mechanisms and services to provide for general compatibilities and for input to standardisation bodies.
Medical network as connecting Hospital Information Systems are needed in order to exchange, compare and make accessible data. The use of OSI standard communication protocols (open-network environment) will allow to interconnect multiple vendor systems and to accommodate a wide range of underlaying of communication technologies.
The security of information on a given host may become dependent of the security measures employed by the network and by other hosts. Computer viruses modifies the executable code and thrive in network environment filled with personal computers and third-party software. Most networks and computers, permit users to share files; this, let the viruses to bypass the security mechanisms of almost every commercial operating system. However, computer viruses ares not the only threat to the information in a network environment. Other as deliberate (passive attacks -wire-tapping-) and accidental threat (unauthorized access to the information) are potential risks to the security information. Cryptographic techniques that now are widely used can resolve the external security problems of the network and improve the internal security ones.
This paper begins describing the threats to security that arise in an open-network environment, and goes to establish the security requirements of medical communication networks. This is followed by a description of security services as: confidentiality, integrity, authentication, access control, etc., that will be provided to include security mechanisms in such network. The integration of these security mechanisms into the communication protocols allows to implement secure communication systems that not only must provide the adequate security, but also must minimize the impact of security on other features as for example the efficiency.
The remainder of the paper describes how the security mechanisms are formed using current cryptographic facilities as algorithms, one-way functions, cryptographic systems (symmetric and asymmetric), etc. Emphasis is placed on the method to obtain these mechanisms. We will obtain several mechanisms of varying strength for the provision of each security service. Finally, the security mechanisms are structured into several mutually related areas of network security and are presented in a formal form.
Looking at practical applications of health care information systems, we must conclude that in the field of data protection there still is too large a gap between what is feasible and necessary on one hand, and what is achieved in actual realizations on the other.
To illustrate this point, we sketch the actual data protection measures in a large hospital information system, and describe the effects of changes affecting the system, such as increasing use of personal computers, and growing intensity of use of the system. Trends in the development of new and additional systems are indicated, and a summary of possible weak points and gaps in the security is given, some suggestions for improvement are made.
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
Tel.: +1 703 830 6300
Fax: +1 703 830 2300 firstname.lastname@example.org
(Corporate matters and books only) IOS Press c/o Accucoms US, Inc.
For North America Sales and Customer Service
West Point Commons
Lansdale PA 19446
Tel.: +1 866 855 8967
Fax: +1 215 660 5042 email@example.com