SECURING A WEB-BASED EPR - An approach to secure a centralized EPR within a hospital

Ferreira A, Correia R, Costa-Pereira A

Abstract

The introduction of new technologies such as the EPR stresses the importance of healthcare information security. The Biostatistics and Medical Informatics Department of Porto’s Faculty of Medicine is developing a centralized Electronic Patient Record at Hospital S. João, in Portugal, the HSJ.ICU. The main objective is to electronically integrate heterogeneous departmental information in a secure way, using Internet technology. The methodology used takes into consideration user-driven security issues in terms of confidentiality, integrity and availability of information. This was achieved using CEN/TC251 prestandards, Internet security protocols (e.g. TLS) and digital signature protocols. Having in mind the CIA (Confidentiality, Integrity and Availability) structure helps organizing and in a way, separating concepts that can be assessed in a more direct and efficient way. Security issues are already rooted and constitute a good basis for any enhancements that will be made in the future.

References

  1. Barrows, C., 1996. Barrows C, Clayton P. Privacy, Confidentiality and electronic medical records. JAMIA. 3:139-148.
  2. Bemmel, V., 1997. Handbook of Medical Informatics. M. A. Musen Editors. Springer.
  3. Benson, T., 2002. Why general practitioners use computers and hospital doctors do not-Part2: scalability. BMJ. 325:1090-1093.
  4. CEN/TC251, 2000. ENV 12251: Health Informatics - Secure user identification for health care management and security of authentication by passwords.
  5. Correia, R., 2001. Acquisition, processing and storage of vital signals in an electronic patient record system. Presented at Mednet 2001.
  6. Ferreira, A., 2002. Electronic Patient Record Security. Msc in Information Security. Information Security Group. Royal Holloway, University of London.
Download


Paper Citation


in Harvard Style

A F., R C. and A C. (2004). SECURING A WEB-BASED EPR - An approach to secure a centralized EPR within a hospital . In Proceedings of the Sixth International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 972-8865-00-7, pages 54-59. DOI: 10.5220/0002655000540059


in Bibtex Style

@conference{iceis04,
author={Ferreira A and Correia R and Costa-Pereira A},
title={SECURING A WEB-BASED EPR - An approach to secure a centralized EPR within a hospital},
booktitle={Proceedings of the Sixth International Conference on Enterprise Information Systems - Volume 3: ICEIS,},
year={2004},
pages={54-59},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002655000540059},
isbn={972-8865-00-7},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Sixth International Conference on Enterprise Information Systems - Volume 3: ICEIS,
TI - SECURING A WEB-BASED EPR - An approach to secure a centralized EPR within a hospital
SN - 972-8865-00-7
AU - A F.
AU - R C.
AU - A C.
PY - 2004
SP - 54
EP - 59
DO - 10.5220/0002655000540059