Determination of user requirements for the secure communication of electronic medical record information
Section snippets
Privacy of patient data
Several national and international bodies address privacy problems and provide legal instruments in terms of guidelines and recommendations. Few of these have legal enforcing capacity. The European Union Directive 95/46/EC [1]‘on the protection of individuals with regard to the processing of personal data and on the free movement of such data’, has however, legal enforcing capacity for the European member states and is therefore an important reference with regard to the privacy of electronic
Trustworthiness
Health care telematics systems are based on hardware and software components whose goal is to manipulate the content, appearance, flow and availability of electronic documents in a controlled way. The trust in a technical solution depends on:
- •
Design of the system: both of the intrinsic quality of the components and of the overall system. This also includes the interface with the user. Not only the core functionality of a system should be considered but also other elements such as the management
The SEMRIC project
The objective of the SEMRIC project is to design a methodology for secure communication of health care record information as a pre-standardisation activity [5]. The SEMRIC project is community funded in the context of the Information Society initiatives for standardisation of DGIII. (Council decision 87/95/EEC of 1986-12-22). The project analyses the core security requirements for the communication of health care record information through messages.
The use of scenarios in determining security requirements
In determining the user requirements for the
Conclusions
Secure electronic health care record communication can be split in clearly distinguishable sub-processes. The user requirements have to take into account both the legal requirements (privacy and accountability) and the technical feasibility. Building blocks are available for constructing most of the sub-processes (encryption, signature and timestamping), though interoperability suffers from a lack of international standards.
The most challenging security aspect of electronic health care record
References (5)
- European Union Directive 95/46/EC: On the protection of individuals with regard to the processing of personal data and...
- Trusthealth I project (DGXIII project # HC1051), deliverable D6.2: Overview of legal issues, Trusthealth consortium,...
Cited by (23)
A data-hiding technique with authentication, integration, and confidentiality for electronic patient records
2002, IEEE Transactions on Information Technology in BiomedicineApplying DEMATEL to assess TRIZ's inventive principles for resolving contradictions in the long-term care cloud system
2017, Industrial Management and Data SystemsAdoption Factors of Electronic Health Record Systems
2016, Innovation, Technology and Knowledge ManagementImproving the effectiveness of electronic health record-based referral processes
2015, SAFER Electronic Health Records: Safety Assurance Factors for EHR ResilienceMeeting the Security Requirements of Electronic Medical Records in the ERA of High-Speed Computing
2015, Journal of Medical Systems