Abstract
The legal developments in healthcare have been driven by the public concern for personal privacy and confidentiality within the context of an increasingly connected world centred on the Internet. The developments in standardisation within e-Healthcare have been influenced by the two key paradigms of patient-centred and managed care that necessitated demands for lowering costs and increasing quality of patient care. The technical challenge of these paradigm shifts is inter-operability for supporting the delivery of care at multiple locations by multiple carers who need to share the patient health record.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Agrawal R, Johnson C (2007) Securing electronic health records without impeding the flow of information. International Journal of Medical Informatics 76:471–479, DOI 10.1016/j.ijmedinf.2006.09.015
ALRC (2007) (australian law reform commission), lrc discussion paper 72 - review of australian privacy law, vol. 1-2. Tech. rep., Commonwealth of Australia, URL www.austlii.edu.au/au/other/alrc/publications/dp/72/
ALRC (2008) (australian law reform commission), australian privacy law and practice report, vol. 1-3. Tech. Rep. 1, Commonwealth of Australia
Armitage J, Souhami R, Friedman L, Hilbrich L, Holland J, Muhlbaier LH, Shannon J, Nie AV (2008) The impact of privacy and confidentiality laws on the conduct of clinical trials. Clinical Trials (London, England) 5(1):70–4, DOI 5/1/70, pMID: 18283083
Baker D, Masys D (1999) Pcasso: a design for secure communication of personal health information via the internet. Int J Med Inform 54(2):97–104, URL www.ncbi.nlm.nih.gov/pubmed/10219949
Bales S (2005) [the introduction of the electronic health card in germany]. Bundesgesundheitsblatt, Gesundheitsforschung, Gesundheitsschutz 48(7):727–31, DOI 10.1007/s00103-005-1080-z, URL www.ncbi.nlm.nih.gov/pubmed/16003565, pMID: 16003565
Barlette Y, Fomin VV (2008) Exploring the suitability of is security management standards for smes. hicss 0:308, DOI doi.ieeecomputersociety.org/10.1109/HICSS.2008.167
Berman JJ (2004) Zero-check: a zero-knowledge protocol for reconciling patient identities across institutions. Archives of Pathology & Laboratory 128(3):344–6, DOI 14987147, URL www.ncbi.nlm.nih.gov/pubmed/14987147 , pMID: 14987147
Bicakci K, Baykal N (2003) Survivable authentication for health information systems. AMIA Annual Symposium Proceedings / AMIA Symposium AMIA Symposium p 791, DOI 14728296, URL www.ncbi.nlm.nih.gov/pubmed/14728296, pMID: 14728296
Blobel B (2001) Trustworthiness in distributed electronic healthcare records-basis for shared care. In: ACSAC, pp 433–441, DOI doi.ieeecomputersociety.org/10.1109/ACSAC.2001.991560, URL doi.ieeecomputersociety.org/10.1109/ACSAC.2001.991560
Blobel B (2004) Authorisation and access control for electronic health record systems. International Journal of Medical Informatics 73:251257
Blobel B, Pharow P, Spiegel V, Engel K, Engelbrecht R (2001) Securing interoperability between chip card based medical information systems and health networks. International Journal of Medical Informatics 64(2-3):401–15, DOI 11734401, URL www.ncbi.nlm.nih.gov/pubmed/11734401, pMID: 11734401
Bomba B, Cooper J, Miller M (1995) Working towards a national health information system in australia. Medinfo 1995 8:Pt 2:1633, DOI www.ncbi.nlm.nih.gov/pubmed/8591519
Broek LVD, Sikkel AJ (eds) (1997) Health Cards ’97. IOS Press
Brous EA (2007) Hipaa vs. law enforcement. a nurses’ guide to managing conflicting responsibilities. The American Journal of Nursing 107:60–3, DOI 10.1097/ 01.NAJ.0000282298.26312.3c, pMID: 17667394
den Bumen T SI (2007) Human genetic data from a data protection law perspective, [article in german].BundesgesundheitsblattGesundheitsforschungGesundheitsschutz 50(2):200–8, URL www.ncbi.nlm.nih.gov/pubmed/17238055
Calcutt D (1990) Report of the committee on privacy and related matters, cm 1 102 (london, hmso, 1990)
Chen X, Zhang J, Wu D, Han R (2005) Hippa’s compliant auditing system for medical imaging system. Conference Proceedings: Annual International Conference of the IEEE Engineering in Medicine and Biology Society IEEE Engineering in Medicine and Biology Society Conference 1:562–3, DOI 17282242, pMID: 17282242
Courtois N, Bard GV (2007) Algebraic cryptanalysis of the data encryption standard. In: 11-th IMA Conference, Cirencester, UK, URL eprint.iacr.org/2006/402
Daemen J, Rijmen V (2002) The Design of Rijndael. Springer, ISBN 3-540-42580-2
Damiani E, Vimercati SDC, Jajodia S, Paraboschi S, Samarati P (2003) Balancing confidentiality and efficiency in untrusted relational dbmss. ACM, Washington D.C., USA, pp 93–102, DOI 10.1145/948109.948124,URL portal.acm.org/citation.cfm?id=948109.948124
Davis D, Having K (2006) Compliance with hipaa security standards in u.s. hospitals. Journal of Healthcare Information Management: JHIM 20(2):108–15, DOI 16669594, pMID: 16669594 References 97
Edlin M, Johns S (2006) High standards. a decade after the law went into effect, there is still debate about the pros and cons of the hipaa privacy and electronic transaction regulations. AHIP Coverage 47(6):26–9, DOI AHIP Coverage, pMID: 17175737
Falcao-Reis F, Costa-Pereira A, Correia ME (2008) Access and privacy rights using web security standards to increase patient empowerment. Studies in Health Technology and Informatics 137:275–85, DOI 18560089, pMID: 18560089
FederalRegister (2004) Hipaa administrative simplification: standard unique health identifier for health care providers. final rule. Federal Register 69(15):3433–68, DOI 14968800, pMID: 14968800
Fisher B, Fitton R, Poirier C, Stables D (2006) Patient record access–the time has come. Studies in Health Technology and Informatics 121:162–7, DOI 17095813, pMID: 17095813
Garon G, Outerbridge R (1991) Des watch: an examination of the sufficiency of the data encryption standard for financial institution information security in the 1990s. SIGSAC Rev 9:29–45, DOI 10.1145/126569.127016, URL portal.acm.org/citation.cfm?id=126569.127016
Garson K, Adams C (2008) Security and privacy system architecture for an ehospital environment. ACM, Gaithersburg, Maryland, pp 122–130,DOI 10.1145/ 1373290.1373306, URL portal.acm.org/citation.cfm?id=1373290.1373306
Gritzalis D, Lambrinoudakis C (2004) A security architecture for interconnecting health information systems. International Journal of Medical Informatics 73(3):305–9, DOI 15066563, pMID: 15066563
Halamka J, Juels A, Stubblefield A, Westhues J (2006) The security implications of verichip cloning. Journal of the American Medical Informatics Association: JAMIA 13(6):601–7, DOI M2143, pMID: 16929037
Hale M, RunningtonC (1820) The History of the Common Lawof England:And An Analysis of the Civil Part of the Law. H. Butterworth, URL books.google.ie/books/pdf/
Hashiyada M (2004) Development of biometric dna ink for authentication security. The Tohoku Journal of Experimental Medicine 204(2):109–17, DOI 15383691, pMID: 15383691
Hassinen M, Laitinen P (2005) End-to-end encryption for sms messages in the health care domain. Studies in Health Technology and Informatics 116:316–21, DOI 16160278, pMID: 16160278
Honan B (2008) Data on over 170,000 irish blood donors and patients lost; security watch, bh consultings security watch blog, february 20th, 2008, bhconsulting.ie/securitywatch/?p=207; accessed: 2008-07-17. Online, URL bhconsulting.ie/securitywatch/?p=207
Hughes G, Dawson S, Brookes T (2008) Considering new privacy laws in australia. Security & Privacy, IEEE 6(3):57–59, DOI 10.1109/MSP.2008.60
Istepanian RSH, Laxminarayan S, Pattichis CS (eds) (2006) M-Health: Emerging Mobile Health Systems. Topics in Biomedical Engineering (Int. Book Series), Springer 98 3 Laws and Standards for Secure e-Healthcare Information
Kalra D (2006) Electronic health record standards. Yearbook of Medical Informatics pp 136–44, DOI me06010136, pMID: 17051307
Karygiannis T, Eydt B, Barber G, Bunn L, Phillips T (2007) Guidelines for securing radio frequency identification (rfid) systems: Recommendations of the national institute of standards and technology. Tech. rep., National Institute of Standards and Technology (NIST), Depatment of Commerce, USA Government, URL csrc.nist.gov/publications/nistpubs/800-98/SP800-98, nIST Special Publication 800-98
Kleinebreil L, Saba R, Razafindramanana N (2003) Health cards as a part of french health telematics. Studies in Health Technology and Informatics 96:224–8, DOI 15061549, URL www.ncbi.nlm.nih.gov/pubmed/15061549, pMID: 15061549
Kohler CO, Rienhoff O, Schaefer OP (1996) Health Cards ’95: Proceedings of the Health Cards ’95 Conference, Frankfurt, Germany, 23-26 October 1995. IOS Press
Lennon P (2005) Protecting PersonalHealth Information in Ireland: Law & Practice. Oak Tree Press
Levine C (2006) Hipaa and talking with family caregivers: what does the law really say? The American Journal of Nursing 106:51–3, DOI 00000446-200608000-00022, pMID: 16905933
LRC TLRC (1998) Report on privacy: Surveillance and the interception of communications (lrc 571998). Tech. rep., The Law Reform Commission, IRELAND, URL www.lawreform.ie/publications/data/lrc99/
Luna J, Dikaiakos MD, Kyprianou T, Bilas A, Marazakis M (2008) Data privacy considerations in intensive care grids. Studies in Health Technology and Informatics 138:178–87, DOI 18560120, pMID: 18560120
McMahon BME, Binchy W (2000) Irish Law of Torts, 3rd edn. BUTTERWORTHS/Tottel Publishing
Moore C (2004) The growing trend of government involvement in it security. In: InfoSecCD ’04: Proceedings of the 1st annual conference on Information security curriculum development, ACM, New York, NY, USA, pp 119–123, DOI doi.acm.org/10.1145/1059524.1059551
Mordini E, Ottolini C (2007) Body identification, biometrics and medicine: ethical and social considerations. Annali dell’Istituto Superiore Di Sanit 43(1):51–60, DOI 17536154, pMID: 17536154
Morimoto S, Shigematsu S, Goto Y, Cheng J (2006) A security specification verification technique based on the international standard iso/iec 15408. ACM, Dijon, France, pp 1802–1803, DOI 10.1145/1141277.1141701, URL portal.acm.org/citation.cfm?id=1141277.1141701
NIST (2001) Fips-197: Advanced encryption standard, national institute of standards and technology (nist). NIST Website, csrc.nist.gov/publications/fips/fips197/fips-197.pdf, accessed 20 August 2008, URL csrc.nist.gov/publications/fips/fips197/fips-197.pdf References 99 100 3 Laws and Standards for Secure e-Healthcare Information
Okamoto E (2004) [encryption technique for linkable anonymizing]. Nippon Ksh Eisei Zasshi] Japanese Journal of Public Health 51(6):445–51, DOI 15296025, pMID: 15296025
openEHR F (2007) openehr architecture - architecture overview, revision 1.1, pages: 87. Specification Release,, URL www.openehr.org/releases/1.0.1/html/architecture/overview/Output/security.html\#1121809
Orfanidis L, Bamidis PD, Eaglestone B (2007) A simulation-based performance analysis of a national electronic health record system. Medinfo MEDINFO 12:302–6, DOI 17911727, pMID: 17911727
Pharow P, Blobel B (2006) Benefits and weaknesses of health cards used in health information systems. Studies in Health Technology and Informatics 124:320–5, DOI 17108543, pMID: 17108543
Posthumus L (2004) Use of the iso/iec 17799 framework in healthcare information security management. Studies in Health Technology and Informatics 103:447–52, DOI 15747954, pMID: 15747954
Riedl B, Grascher V, Neubauer T (2007) Applying a threshold scheme to the pseudonymization of health data. In: PRDC, pp 397–400, URL doi.ieeecomputersociety.org/10.1109/PRDC.2007.24
Ruotsalainen P, Manning B (2007) A notary archive model for secure preservation and distribution of electrically signed patient documents. International Journal of Medical Informatics 76(5-6):449–53, DOI S1386-5056(06)00216-4, pMID: 17118701
Sax U, Kohane I, Mandl KD (2005) Wireless technology infrastructures for authentication of patients: Pki that rings. Journal of the American Medical Informatics Association: JAMIA 12(3):263–8, DOI M1681, pMID: 15684133
Schütze B, Kämmerer M, Klos G, Mildenberger P (2006) The public-keyinfrastructure of the radiological society of germany. European Journal of Radiology 57(3):323–8, DOI S0720-048X(05)00342-6, pMID: 16324813
Torres E, de Alfonso C, Blanquer I, Hernndez V (2006) Privacy protection in healthgrid: distributing encryption management over the vo. Studies in Health Technology and Informatics 120:131–41, DOI 16823130, pMID: 16823130
Urien P, Pujolle G (2008) Security and privacy for the next wireless generation. Int J Netw Manag 18:129–145,URL portal.acm.org/citation.cfm?id=1362791.1362795
Warren SD, Brandeis LD (1890-91) Right to privacy. Harvard Law Review IV(5):193–220, URL www.lawrence.edu/fast/boardmaw/
Weaver AC, III SJD, Snyder AM, Dyke JV, Hu J, Chen X, Mulholland T, Marshall A (2003) Federated, secure trust networks for distributed healthcare it services. Industrial Informatics, 2003 INDIN 2003 Proceedings IEEE International Conference on pp 162–169
Weerasinghe D, Elmufti K, Rajarajan M, Rakocevic V (2007) Securing electronic health records with novel mobile encryption schemes. International Journal of Electronic Healthcare 3(4):395–416, DOI 83M62814353865H8, pMID: 18048274
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Shoniregun, C.A., Dube, K., Mtenzi, F. (2010). Laws and Standards for Secure e-Healthcare Information. In: Electronic Healthcare Information Security. Advances in Information Security, vol 53. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-84919-5_3
Download citation
DOI: https://doi.org/10.1007/978-0-387-84919-5_3
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-84817-4
Online ISBN: 978-0-387-84919-5
eBook Packages: Computer ScienceComputer Science (R0)