Securing Mobile Healthcare Systems Based on Information Classification: DITIS Case Study

Eliana Stavrou, Andreas Pitsillides

2006

Abstract

Healthcare applications require special attention regarding security issues since healthcare is associated with mission critical services that are connected with the well being of life. Security raises special considerations when mobility is introduced in the healthcare environment. This research work proposes a security framework for mobile healthcare systems based on information classification into security levels. By categorizing the information used in mobile healthcare systems and linking it with the security objectives and security technologies, we aim in balancing the trade-off between security complexity and performance. Furthermore, this paper discusses a number of issues that are raised in the healthcare environment: privacy, confidentiality, integrity, legal and ethical considerations.

References

  1. Boran, S. (2003), IT Security Cookbook, Chapter 4: Information Classification
  2. CSTB - Computer Science and Telecommunications Board Commission on Physical Sciences, Committee on Maintaining Privacy and Security in Health Care application (1997), For the Record: Protecting Electronic Health Information, National Academy Press, pg. 94- 96
  3. ISO17799 Security Standard, Section 5: Asset Classification and Control
  4. Krutz, R. et al. (2001), The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, Wiley, pg. 5-10
  5. Markovic, M., Savic, Z. and Kovacevic, B. (2004), Secure mobile health systems: Principles and solutions, Book Chapter in M-Health: Emerging Mobile Health Systems, Kluwer Academic/Plenum Publishers
  6. Bourka, A., Kaliontzoglou, A., Polemi, D., Georgoulas, A. and Sklavos, P. (2003) PKIbased security of electronic healthcare documents, SSGRR 2003 International Conference on Advances in Infrastructure for Electronic Business, Science, Education, Medicine, and Mobile Technologies.
  7. Spinellis, D., Gritzalis, S., Iliadis, J., Gritzalis, D., and Katsikas, S. (1999) Trusted third party services for deploying secure telemedical applications over the WWW, Computers and Security, 18(7):627-639
  8. Misra, S., Wickramasinghe, N., and Goldberg, S., (2003) Security Challenge in a mobile healthcare setting http://www.itacontario.com/policy/wireless/WES-v4-conf.pdf
  9. Pitsillides, A., Pitsillides, B., Samaras, G., Dikaiakos, M., Christodoulou, E., Andeou, P. and Georgiades, D. (2005) DITIS: A Collaborative Virtual Medical Team for the Home Healthcare of Cancer Patients, Book Chapter in M-Health: Emerging Mobile Health, Kluwer Academic/Plenum Publishers.
  10. Pitsillides, B., Pitsillides, A., Samaras G. and Nicolaou, M. (2004) DITIS: Virtual collaborative teams for improved home healthcare, Book Chapter in 'Virtual Teams: Concepts and Applications', ICFAI University Press.
  11. Alberts C, Dorofee A. “Managing Information Security Risks: The OCTAVE approach”, Addison Wesley Publisher 2002
  12. European Union Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
  13. Council of Europe (1997), Recommendation R(97)5, On the Protection of Medical Data
  14. Digital Signature Trust, PKI basics: Digital Signatures and Public Key Infrastructure http://www.digsigtrust.com/support/pki_basics.html
  15. Microsoft, (2000) Virtual Private Networking in Windows 2000 http://www.microsoft.com/windows2000/docs/VPNoverview.doc
  16. Reid, P. (2003) Biometrics for Network Security, Prentice Hall
  17. European Union Directive 1999/93/EC on e-Signatures
  18. NHS Code of Practice (2003) Confidentiality http://www.dh.gov.uk/assetRoot/ 04/06/92/54/04069254.pdf
  19. NIST Handbook (1996): An Introduction to Computer Security, Chapter 15: Physical and Environmental Security
Download


Paper Citation


in Harvard Style

Stavrou E. and Pitsillides A. (2006). Securing Mobile Healthcare Systems Based on Information Classification: DITIS Case Study . In Proceedings of the 4th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2006) ISBN 978-972-8865-52-8, pages 67-79. DOI: 10.5220/0002478100670079


in Bibtex Style

@conference{wosis06,
author={Eliana Stavrou and Andreas Pitsillides},
title={Securing Mobile Healthcare Systems Based on Information Classification: DITIS Case Study},
booktitle={Proceedings of the 4th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2006)},
year={2006},
pages={67-79},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002478100670079},
isbn={978-972-8865-52-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 4th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2006)
TI - Securing Mobile Healthcare Systems Based on Information Classification: DITIS Case Study
SN - 978-972-8865-52-8
AU - Stavrou E.
AU - Pitsillides A.
PY - 2006
SP - 67
EP - 79
DO - 10.5220/0002478100670079