Implementation of Data Security Requirements in a Web-based Application for Interactive Medical Documentation

Anja Perlich, Andrey Sapegin, Christoph Meinel

2015

Abstract

Keeping data confidential is a deeply rooted requirement in medical documentation. However, there are increasing calls for patient transparency in medical record documentation. With Tele-Board MED, an interactive system for joint documentation of doctor and patient is developed. This web-based application designed for digital whiteboards will be tested in treatment sessions with psychotherapy patients and therapists. In order to ensure the security of patient data, security measures were implemented and they are illustrated in this paper. We followed the major information security objectives: confidentiality, integrity, availability and accountability. Next to technical aspects, such as data encryption, access restriction through firewall and password, and measures for remote maintenance, we address issues at organizational and infrastructural levels as well (e.g., patients’ access to notes). With this paper we want to increase the awareness of information security, and promote a security conception from the beginning of health software research projects. The measures described in this paper can serve as an example for other health software applications dealing with sensitive patient data, from early user testing phases on.

References

  1. Curtin, C. M. and Ayres, L. T. (2008). Using Science to Combat Data Loss: Analyzing Breaches by Type and Industry. I/S: A Journal of Law and Policy for the Information Society, 4:566-598.
  2. European Parliament and the Council of the European Union (1995). Directive 95/46/EC of the european parliament and of the council of 24 october 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Union, L281:0031-0050.
  3. Fernández-Alemán, J. L., Sen˜or, I. C., Lozoya, P. Í . O., and Toval, A. (2013). Security and privacy in electronic health records: A systematic literature review. Journal of Biomedical Informatics, 46(3):541-562.
  4. German Medical Association (2008). Empfehlungen zur ärztlichen Schweigepflicht, Datenschutz und Datenverarbeitung in der Arztpraxis - Technische Anlage. http://www.bundesaerztekammer.de/downloads/ Schweigepflicht Tech Anlage 2008.pdf.
  5. Gumienny, R., Gericke, L., Quasthoff, M., Willems, C., and Meinel, C. (2011). Tele-Board: Enabling efficient collaboration in digital design spaces. Proceedings of the International Conference on Computer Supported Cooperative Work in Design (CSCWD), pages 47-54.
  6. Gumienny, R., Gericke, L., Wenzel, M., and Meinel, C. (2013). Supporting creative collaboration in globally distributed companies. CSCW 7813, pages 995-1007. ACM.
  7. Josephsen, D. (2007). Building a Monitoring Infrastructure with Nagios. Prentice Hall PTR, Upper Saddle River, NJ, USA.
  8. Lambert, M. J. (2013). Bergin and Garfield's Handbook of Psychotherapy and Behavior Change. John Wiley & Sons.
  9. Leiner, F., Gaus, W., Haux, R., Knaup-Gregori, P., and Pfeiffer, K.-P. (2009). Medizinische Dokumentation: Grundlagen einer qualitätsgesicherten integrierten Krankenversorgung ; Lehrbuch und Leitfaden. Schattauer.
  10. Pelnekar, C. (2011). Planning for and Implementing ISO 27001. ISACA Journal, 4:28-35.
  11. Roehrig, S. and Knorr, K. (2000). Towards a Secure Web Based Health Care Application. Proceedings of the European Conference on Information Systems (ECIS), pages 1323-1330.
  12. van der Linden, H., Kalra, D., Hasman, A., and Talmon, J. (2009). Inter-organizational future proof EHR systems. A review of the security and privacy related issues. International journal of medical informatics, 78(3):141-60.
  13. von Thienen, J. P. A., Perlich, A., and Meinel, C. (2015). Design Thinking Research. Building Innovators, chapter Tele-Board MED: Supporting TwentyFirst Century Medicine for Mutual Benefit. Springer.
Download


Paper Citation


in Harvard Style

Perlich A., Sapegin A. and Meinel C. (2015). Implementation of Data Security Requirements in a Web-based Application for Interactive Medical Documentation . In Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2015) ISBN 978-989-758-068-0, pages 352-359. DOI: 10.5220/0005204503520359


in Bibtex Style

@conference{healthinf15,
author={Anja Perlich and Andrey Sapegin and Christoph Meinel},
title={Implementation of Data Security Requirements in a Web-based Application for Interactive Medical Documentation},
booktitle={Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2015)},
year={2015},
pages={352-359},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005204503520359},
isbn={978-989-758-068-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2015)
TI - Implementation of Data Security Requirements in a Web-based Application for Interactive Medical Documentation
SN - 978-989-758-068-0
AU - Perlich A.
AU - Sapegin A.
AU - Meinel C.
PY - 2015
SP - 352
EP - 359
DO - 10.5220/0005204503520359