An Approach towards the Fulfilment of Security Requirements for Decision Support Systems in the Field of Evidence-Based Healthcare WIT Institute of Software.

Slides:



Advertisements
Similar presentations
Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.
Advertisements

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
Governance and quality Ian Sharp November 2006 Aims of the presentation To highlight the importance of quality management and quality assurance in the.
Faculty of Computer Science © 2006 CMPUT 605February 11, 2008 A Data Warehouse Architecture for Clinical Data Warehousing Tony R. Sahama and Peter R. Croll.
Security Controls – What Works
EUropean Best Information through Regional Outcomes in Diabetes Privacy and Disease Registries Technical Aspects Peter Beck JOANNEUM RESEARCH, Austria.
2 The Use of Health Information Technology in Physician Practices.
FIT3105 Smart card based authentication and identity management Lecture 4.
The Role of Information Technology For A Private Medical Practice Noel Chua Rosalinda Raymundo.
Documentation for Acute Care
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Copyright 2011 Health Administration Press
Introduction to evidence based medicine
LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.
BioMedical Computing and Standards. BioMedical Computing Medical Equipment Cellular and system simulation Data mining for medical correlations Determining.
“Put the Power of Predictive Analytics in the Hands of Clinical Researchers” Filippos Katsampouris Marketing Manager Healthcare & Pharmaceutical Accounts.
S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.
Document information 3.02 Understand Health Informatics
The Use of Health Information Technology in Physician Practices
Module 3. Session DCST Clinical governance
The Audit Process Tahera Chaudry March Clinical audit A quality improvement process that seeks to improve patient care and outcomes through systematic.
1 MÉNARD, MARTIN, AVOCATS THE RIGHT TO SAFE CARE LEGAL ISSUES By: Mtre. Jean-Pierre Ménard, Ad. E.
Confidentiality and Security Issues in ART & MTCT Clinical Monitoring Systems Meade Morgan and Xen Santas Informatics Team Surveillance and Infrastructure.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
By: Dr Alireza Kazemi.  Computer science, the study of complex systems, information and computation using applied mathematics, electrical engineering.
Electronic Health Records: Healthcare System’s Common Trends Based on Cloud Computing Group 2: OU Jin FANG Ting
Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.
Legal & Ethical Issues. Objectives At the completion of this session the participant will be able to: ◦ Describe the ethical principles associated with.
Eliza de Guzman HTM 520 Health Information Exchange.
JOINING UP GOVERNMENTS EUROPEAN COMMISSION Establishing a European Union Location Framework.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
Standard 15. Resource Utilization The registered nurse utilizes appropriate resources to plan and provide nursing services that are safe, effective and.
Unit 3.02 Understanding Health Informatics.  Health Informatics professionals treat technology as a tool that helps patients and healthcare professionals.
Integrating a Federated Healthcare Data Query Platform With Electronic IRB Information Systems Shan He IPHIE 2010.
© 2010 Health Information Management: Concepts, Principles, and Practice Chapter 5: Data and Information Management.
Health Insurance portability and Accountability Act (HIPAA)‏
Chapter 19 Manager of Information Systems. Defining Informatics Process of using cognitive skills and computers to manage information.
Unit 6a: Clinical Decision Support System (CDSS) basics Decision Support for Quality Improvement This material was developed by Johns Hopkins University,
PRESENTATION TO PORTFOLIO COMMITTEE ON WATER AFFAIRS AND FORESTRY Cindy Damons 28 May 2008 The role of municipalities in managing and giving effect to.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Business Engagement Program for SMEs Javier Jiménez Business Development.
Health Informatics Health Informatics professionals treat technology as a tool that helps patients and healthcare professionals Understand health.
CBI Incident Reporting System Caroline Gill PT MHM Betty Wills RN PhD CHCA 2014.
1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.
Information Security and Privacy in HRIS
Health Informatics Career Responsibilities Communicate information File records Use technology Schedule appointments Complete medical records forms Maintain.
3.02 Understand Health Informatics
3.02 Understand Health Informatics
ACOEM Council on Education and Academic Affairs
Electronic Health Records (EHR)
USING NATIONAL GUIDELINES FOR SCREENING, TREATMENT, AND FOLLOW-UP
1st International Online BioMedical Conference (IOBMC 2015)
3.02 Understand Health Informatics
1.04 Patient Rights Legislation
3.02 Understand Health Informatics
3.02 Understand Health Informatics
3.02 Understand Health Informatics
World Health Organization
Prior authorization and patient cost-sharing are least likely to be seen as effective in reducing unnecessary care. “How effective do you think each of.
3.02 Understand Health Informatics
HIPAA Overview.
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
HIPAA Privacy and Security Update - 5 Years After Implementation
3.02 Understand Health Informatics
3.02 Understand Health Informatics
3.02 Understand Health Informatics
1.04 Patient Rights Legislation
Presentation transcript:

An Approach towards the Fulfilment of Security Requirements for Decision Support Systems in the Field of Evidence-Based Healthcare WIT Institute of Software Technology and Interactive Systems Vienna University of Technology Vienna, Austria Institute of Software Technology and Interactive Systems Vienna University of Technology Vienna, Austria Nevena StolbaA Min Tjoa

2 Motivation Evidence-based medicine (EBM) is a new healthcare scientific paradigm aiming at the prevention, diagnosis and treatment of diseases using medical evidence. Integration of external evidence-based data sources into the existing clinical information system and finding of appropriate therapy alternatives for a given patient and a given disease is a major research challenge. Defining of explicit common security regulations and standards is a process, where both the patient’s individual rights (patient’s privacy and data protection) and the collective, societal demands (scientific progress and development of new technologies) need to be considered. We show the need of a high-secure decision support system in order to facilitate the practical use of evidence-based medicine with respect to the privacy regulations

3 Outline Decision support systems (DSS) Evidence-based medicine (EBM) Data Warehouse (DWH) facilitating evidence-based medicine Security concept for healthcare decision support systems  Depersonalisation  Pseudonymisation  Role-based access Conclusion

4 Data Warehouse Inmon: A Data Warehouse is a subject-oriented, integrated, time-variant and non-volatile collection of data in support of management's decision making process. DWH integrates data from diverse internal and external data sources to support: Reporting Analysis Track business trends Improve strategic decisions Enhance forcasting

5 Evidence-Based Medicine (1/2)

6 Evidence-Based Medicine (2/2) Sackett et al., 1996 : Evidence based medicine is the conscientious, explicit, and judicious use of current best evidence in making decisions about the care of individual patients.

7 Data Warehouse facilitating EBM (1/3) Health care institutions are deploying data warehouse applications and decision support tools on top of them for their strategic decision making processes. The main role of the clinical decision support systems is: To reduce medical errors To increase operating efficiency To reduce treatment costs To give advice about staffing plans etc.

8 Data Warehouse facilitating EBM (2/3) Examples of DWH applications in the area of EBM: 1. Generation of evidence-based guidelines Discover unknown data patterns Identify trends Recognize best practices for different desease treatments 2. Support of decision making processes of clinical management, human resources and clinical administration Creation of business strategies Treatment scheduling Staffing plans

9 Data Warehouse facilitating EBM (3/3) Support of clinicians at the point of care

10 Security Concept for Healthcare DSS Healthcare decision support systems comprise large volumes of sensitive data and therefore must guaranty a high degree of data protection. Security measures, which need to be considered to protect data privacy in DSS in order to facilitate evidence based medicine: Password identification for the healthcare DSS – users Any data modification must bear a digital signature Tracking of data manipulation through log files Confidential health data should only be stored in a coded or encrypted form on a mobile medium Public Key Infrastructure for transportation security Data used for EBM purposes must be depersonalised and pseudonymised A role-based access model has to be implemented

11 Depersonalisation and Pseudonymisation The Health Insurance Portability and Accountability Act (HIPAA) and the European Commission's Directive on Data Protection have created a great impact on the sharpness of security regulations. The goal of evidence-based medicine (to recognise the symptoms, best treatments and prevention patterns for a given disease) can solely be accomplished by analyzing unidentifiable patient data. Depersonalization and pseudonymisation procedures are used to prevent re-identification of personal data

12 Depersonalisation (1/1) Taweel et al., 2004: Depersonalisation is removal of any residual information that might risk identification – e.g. names of relatives, nick names, place names, unusual occupations, etc. Stolba, Banek and Tjoa, 2005: depersonalisation may be done by:  Grouping data – protecting sensitive data through grouping (i.e.: patient’s age is shown in the age areas of 0-5, 5-10, 10-15, 15-20,…).  Hiding data – all data interesting for detailed data mining (occupation, hobbies) are concealed  Removing data – key identifying data unnecessary for the research (e.g. name, exact birth day, precise address, nick names, name of relatives etc) are removed.

13 Depersonalisation (2/2) Administrative users (most often: clinical management) specify sensitive data and its sensitivity levels

14 Pseudonymisation (1/2) Pseudonymity is a state of disguised identity resulting from the use of a pseudonym. The pseudonym identifies a holder, that is, one or more human beings who possess but do not disclose their true names (legal identities) Pseudonymisation is especially suitable for the requirements of EBM because it enables a consolidation of different patients’ data without revealing patient identities. Depending on the requirements, two kinds of pseudonymisation can be used:  one-way pseudonymisation  reversible pseudonymisation

15 Pseudonymisation (2/2) Privacy preserving measures during query processing in the data warehouse supporting evidence-based medicine: SSN - Social Security Nr. PD - Personal Data HCD - Health Care Data

16 Role-Based Access The role based access model is used for decision support systems in order to ensure that in EBM-users can only access those data, which is granted to the role they have. Role is a job description regardless of the actor performing it. Roles should exactly be assigned with those authorisations that are needed to fulfil the duties of the job. Each user in the DWH should be assigned to at least one role, though multiple roles are allowed. A user can play only one role at the time.

17 Conclusion Not enough attention is paid to the protection of high sensitive patient data. Main reasons for the security threats:  System complexity  High amount of users  Great data volumes residing in a medical DSS The proposed security approach ensures that patient privacy and confidentiality are preserved while delivering a rich medical repository for the research purposes, leading to the scientific progress in EBM.

18 Thank You!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.