Ebook: Towards Security in Medical Telematics

The issues presented at the workshop and this book are critical because telematics technology is now being used throughout the health care system for dealing with very sensitive data. More and more computers and systems are interconnected, they operate around the clock, they are increasingly interoperable, data are portable, and yet the primary demands are that they are correct, not corrupted, relevant, complete, and accessible only to authorised persons; data and systems must be secure. This raises technological and legal, regulatory, and ethical issues that are dealt within a national context, but also at the Community level in the form of proposals for EU directives on data protection and concerning the protection of personal data and privacy in the context of digital telecommunications networks. However, in most instances, the regulations are of a general nature and not specifically directed at health care.

During the AIM programme within the 3rd Framework workplan, the SEISMED project has been totally devoted to the subject of today, whereas a number of other projects, (NUCLEUS, TANIT, TRILOGY; SAPIENS from ENS, THIS from INFOSEC) also present at the meeting, have incorporated security and legal aspects into their work to get close to a real life situation. At the same time, the proper authorities have dealt with the policy issues and a neighbour programme, INFOSEC, has taken a lead in the necessary developments. I am glad most categories were present at the workshop and represented in this book. Naturally the on-going projects need to share experiences and debate the lessons learnt. It is even more important, though, that out of this meeting, and the project work, guidance will emerge for proposers to the next programme and criteria for those who shall select projects among the proposals. Basically we need to have a handbook to guide all those involved in their various capacities in developing and using telematics systems in healthcare. I very much hope that you will contribute to its creation. The TELEMATICS programme for the next 4 years has already been initiated. It will be user driven with an emphasis on the integration and the validation of systems and services in real user environments. Projects for the future need your work today. Add to that, the EU Council of Ministers meeting in Corfu, 1994, took a very positive stand on the creation of the European Information Society as described by the high level group under the leadership of Commissioner Bangemann. The group supported and elaborated on the Commission’s previous White Paper on European competitiveness, economic growth and employment suggesting a common physical infrastructures (Transeuropean Networks), common generic services and implementation of a number of applications including health care, but also speeding up the legal harmonisation process and assure legal security in a Union-wide approach.

Thus, with regard to work in Member States, in the Community, in local projects and in the coming European programme on TELEMATICS, we are right on time and contributing to the development of our joint future.

The efficiency of modern health care relies more and more upon a computerised infrastructure. Open distributed IT-systems have started to bring professionals together from all over the world. On the one hand easy processing and communication of images, sounds, and texts will help to represent and treat illnesses and diseases efficiently, on the other hand they may threaten the privacy of patients, and the accountability and professional secrecy of health care professionals. The European Union has initiated a multi disciplinary project to come up with practical guidelines how to achieve a Secure Environment for Information Systems in MEDicine (SEISMED). This project has taken into account the traditional and proven principles of health care data processing, the various data protection legislations within the EU, the enormous and subtle risks of health care information systems, and the cost of changing existing technology. Four Reference Centres in Europe have validated most of the guidelines.

Many challenges face developers of secure computerised clinical systems but the technical problems are overshadowed by procedural, professional and ethical issues. The development and use of computerised systems must be controlled through compliance with standards and procedures for information security, enforced through national legislation and professional codes of conduct, if serious abuse of the data is to be avoided. Health care professionals cannot be expected to acquire working knowledge of how information systems are made secure since this is a technical and highly complex subject. However, it is essential that health care professionals understand why it is important to maintain a secure environment for the records they keep about patients and their care and how this can be organised. This is best achieved through a well structured educational programme involving all trainee and qualified health care staff, a task which should be coordinated by the national professional bodies. A management structure is needed within health care facilities that recognises the responsibility of health care professionals to keep the health care data relating to their patients secure. An arrangement is proposed that gives the most senior clinician in a health care facility the ultimate responsibility for security of health care data held in the organisation. Where appropriate, this would be delegated to a senior clinician with training and experience in information systems and their security. This ‘information doctor’ would, with the assistance of computer experts and health care managers, implement and monitor the organisation's information security strategy. Contracts should be developed between health care facilities and their patients, defining the limits to the use and disclosure of personal health data. Similar contracts with external agencies should also stipulate the minimum level of security to be applied to health records shared between the organisations.

In year 1 of the SEISMED project, the Katholieke Universiteit Leuven coordinated the inventory and analysis of medical personal data protection legislation in Europe. A report on legal issues of medical data protection legislation in Europe was written by the Vrije Universiteit Amsterdam, the Centre National pour la Recherche Scientifique (Paris) and the University College Dublin. This report served as a basis for a second important legal deliverable, i.e. the Health Informatics Deontology Code. In this third and final report, we take into account the results of the other two legal reports and we formulate recommendations for the national and European legislator. This report analyses critically the upcoming privacy directive. We propose several recommendations which should be taken into account by the European and national legislator. We focused quite extensively on the use of medical data for research purposes. We had several reasons to do this. One of them is the fact that the use of medical data for research purposes is very popular, in particular now the health care sector is becoming more and more ‘standardized’ by using computers, networksystems and telematics. Legislation is therefore needed. Moreover, the use of medical data for research purposes involves the transfer of data from one Member State to another. Therefore, a harmonized legislation is really needed. We hope that the recommendations we propose, will be taken into consideration by the European legislator.

The present paper is the result of a study investigating the legal issues, problems and obstacles which have arisen as a result of the R&D projects financed by the AIM Program 1991-94. Two parallel lines of investigation were adopted in this study. First of all, a questionnaire was sent to all project partners listed in the AIM 93 Report, with the objective of collecting information on the legal questions with which the individual projects were confronted in the course of their R&D work. This allowed for an initial mapping out of the legal aspects relevant in the field of medical informatics. Secondly, the actual projects were studied as to their legal content and in particular those which included a legal workpackage. This allowed for an assessment of further legal questions, some of which had as yet perhaps not been perceived as such. The present paper deals with five key aspects, describing the nature of the issues and the relevant law and case law or legal vacuum as it may be. It must be emphasised that, as pointed out in the title, this study offers an overview of the legal issues debate in medical informatics and is somewhat exploratory in nature. It is not intended to offer a critical analysis of existing pieces of legislation or case law. This would call for more fundamental legal research. Instead the study restricts itself to a general description of existing legal principles and their relevance in the health care sector. As the reader will gather from this paper, legally speaking information technology is still a relatively new entity in the health care sector, which means that legal research and any resulting recommendations may have a real impact on the future course of the law in this field.

The proliferation of the use of automated Health Information Systems in the everyday practice of health professionals has brought a number of issues related to the security of health information to a critical point. The preservation of security of health-related information can only be achieved through a concerted approach, comprising legal, organisational, technical and educational actions. These classes of actions constitute a complete “security framework”, a key aspect of which is the set of rules, laws and regulations that govern the usage of information within a Health Care Establishment. This set is commonly referred to as “Security Policy”. In this paper, the SEISMED High Level Security Policy for Health Care Establishments is presented.

It is argued, that to assure security, we need to make use of all three vehicles mentioned in the title, provided we select carefully which type to use in what circumstances. Many useful activities in these areas are under way. There is an important danger, however: if we do not take into account the needs of practical applicability, the net result of all efforts might be an increase of the gap between theory and practice, and thus a contrary effect of the intended one.

The increasing use of and reliance upon information technology within modern healthcare establishments underlines a need for adequate security controls to protect the confidentiality, integrity and availability of systems and data. Whilst the consideration of security is now generally accepted as part of the design and implementation of new systems, many systems are already in operation in which these needs have not been adequately addressed. This paper presents a summary of the recommendations arising from the AIM SEISMED (Secure Environment for Information Systems in MEDicine) project relating to the addition and enhancement of security in existing healthcare systems. The paper is based upon material originally presented at the SEISMED Workshop “Security and Legal Aspects of Advanced Health Telematics”, Brussels, 11 July 1994. The content has been revised in light of the workshop discussion and the further development of the guidelines since that time.

The paper gives a brief summary of the SEISMED project and the particular role played by the Reference Centres. Details are given of the hardware and application systems in use in the Royal Hospitals (NHS) Trust (RHT), one of the SEISMED Reference Centres. It proposes, without verification, a definition of a “Security Culture based on three criteria. These are suggested to be the “Awareness” the “Acceptance” and the “Actions” of the management and staff to improve Information Systems Security throughout the RHT. The way that “Awareness” was increased is shown by the specific initiatives commenced as a result of a CRAMM Risk Analysis and the management and staff training programmes. The specific initiatives mentioned include, an Information Systems Security Policy, a contingency and disaster recovery plan, improvements in the physical protection of equipment and changes to the method of access control. The “Acceptance” by the staff of theses measures is considered and the success or failure of “Developing A Security Culture” examined. The role of SEISMED in this process is assessed.

The word “TANIT” means “Telematics for ANaesthesia and Intensive Therapy”. The objective of the TANIT project is to develop information and telematic systems in critical care environments that are integrated in the hospital information space. The goal is to produce an integrated European reference computer for Critical Care Environments (CCE). For this purpose, TANIT is developing methods and guidelines for the design, implementation, introduction and evaluation of systems, successful patient data management, medical/nursing activities, clinical audit, and departmental management for Anaesthesia and Intensive Care. In this context, the task of Workpackage PROTEC -Data Protection, Security and Confidentiality- was to develop confidentiality rules for personal and management data which arise in a CCE context, and at the same time to establish procedures that will allow medical personnel all data access needed for successful treatment of their patients. Furthermore, PROTEC proposed technical methods to protect sensitive data in the computerized records.

The realization of the German law for a new structure of health care delivery by the ensurance of efficient structures and processes in hospitals calls for an optimal design of informational processes. To realize applications near to the users and just in time as well as to build up the complex functional relationships between departments and subsystems in big hospitals, a new design for Hospital Information Systems (HIS) is necessary. The features of modern HIS outlined in the paper can only be established by open systems, which guarantee portability, scalability and interoperability. This is also true in regionally distributed systems like the tumour register at Cancer Centres. In the paper the necessity and possibilities of open systems and different levels of application integration are discussed. The general statements are illustrated by practical realizations in the HIS of the Magdeburg University Hospital as well as in the tumour register at the Cancer Centre of Magdeburg/Sachsen-Anhalt. The creation of integrated structures for communications makes great demands on the ensurance of data security and data protection, especially for the inclusion of external partners from the region. In the context of high sensitive data of cancer patients data protection is of top priority. The legal problems of data collection, data storage and exchange in medicine are discussed first. The paper presents some aspects of the concept for data security and data protection in the Magdeburg University HIS and of the related concept for data protection in the tumour register of the Cancer Centre Magdeburg/Sachsen-Anhalt. Appropriate steps of realization are demonstrated. The application of hardware based modem access control systems with integrated encryption of data follows. The statements are extended to the planned installation of hardware based network access control systems with integrated encryption of data in the LAN.

In this paper the present state of development of the guidelines for both secure system development and secure implementation, as being drafted within the scope of the SEISMED project, are briefly described. For system development there is a lot of literature how to cope with security requirements. For secure implementation of systems within an organization hardly any literature was found. By consequence there is a significant difference in maturity of the two sets of guidelines.

This paper discusses some of the similarities and differences between the attributes of safety and security. It places these attributes within the broader topic of dependability and tries to identify what aspects of safety and security are unique and which aspects maybe viewed within the attributes of reliability and availability. The paper then suggests that, rather than analyse systems from the single perspective of safety or security, they should be analysed from the broader perspective of dependability.

This paper provides a summary of the approach adopted by EDITH for the definition and management of the security aspects within a generic healthcare information system, organised according to a common architecture based on characteristics of modularity, openness and federation of the individual healthcare organisations and healthcare information systems. The specification and actual development of the Authorisation Server, shortly described in this paper, is the result of the joining of the activities carried out by GESI in the frame of the NUCLEUS (AIM 2025) and EDITH-Italy (ESPRIT 7058) projects.