Presentation is loading. Please wait.

Presentation is loading. Please wait.

Professor of Information Systems Security

Published byKatja Neumann Modified over 6 years ago

Similar presentations

Presentation on theme: "Professor of Information Systems Security"— Presentation transcript:

1 Professor of Information Systems Security
Session 5 Patient data, ethical, legal and security issues Conclusions & Recommendations David W Chadwick Professor of Information Systems Security University of Salford 11/20/2018

2 Presentations in Session
Security needs for Telemedicine; Mr Ph. Feuerstein, Radiologie, CH de Mulhouse The use of X.509 in E-Healthcare; Mr D. Chadwick, Contributor to Q 9/17 on directory services & systems, ITU-T Study Group 17 Security standards for health communication from ISO and CEN: Mr G. Klein, Convenor of ISO/TC 215/WG 4, and chairman of CEN/TC 251 E-health legal issues; Mr B. Stanberry, EHTEL (NO SHOW) Standards for Confidentiality and Security in Health Care: Mr P. Waegemann, CEO, Medical Records Institute, Chair, ASTM Standards Committee E31 on Health Informatics; Chair, US TAG to ISO TC 215 on Health Informatics; Vice-Chair, Mobile Healthcare Alliance (MoHCA) 11/20/2018

3 Highlights from Presentation 1 “Security needs for Telemedicine”
Expressed security requirements from a user’s point of view, overviewing: confidentiality, authenticity, integrity, availability, auditability, anonymity and copyright protection Never underestimate the need for standardizing “manware” (by which the speaker meant user aspects of the system) as well as hardware and software Speaker would like a data transfer auto-destruction mechanism if someone attempts un-authorized access to data 11/20/2018

4 Highlights from Presentation 2 “The Use of X.509 in E-Healthcare”
Speaker looked at how X.509 can be used for both strong authentication and strong authorisation It is still an issue how we authenticate patients electronically in a user acceptable manner, and how we allow an authorized relative to pick up an electronic prescription 11/20/2018

5 Highlights from Presentation 3 “Security standards for health communication from ISO and CEN”
Gave an overview of health informatics standards, which are often based on technology standards from ITU-T, ISO and IETF, but.. We don’t only need standards for technologies, but also for trusted third party services, national and international agreements, and responsible users etc. A lot of standardisation work is needed in these softer areas, e.g. defining roles, security management procedures, policies for TTPs etc. 11/20/2018

6 Highlights from Presentation 4 “E-health legal issues”
Original speaker did not show Substitute Martin Denz gave a short talk about EHTEL and EHTEL T6 working group for legal, security and privacy issues EHTEL objective is to promote the widespread use of telematics in E-health. Additional material can be obtained from (see written contributions on the final edition CDROM) 11/20/2018

7 Highlights from Presentation 5 “Standards for Confidentiality and Security in Health Care”
A view from the US E-health is different from e-commerce - Bilateral agreements are not acceptable in e-health care More than 200 general electronic security standards, but none apply specifically to e-health Trust in e-healthcare data is an issue – at least 5% of health data on the Internet is wrong Mobile security is needed for palm devices Speaker presented seven levels of electronic signature – lowest is self generated, and strongest is PKI generated 11/20/2018

8 Overview of issues in the session
Users and patients requirements are important, and should not be overlooked or under-estimated e.g. in the US a top down approach to providing mobile access to EHR failed for years, but now doctors are demanding patient records be downloadable to their palm pilots. How do we authenticate professionals and patients in a way they can easily use and accept? Is PKI too difficult? How do we allow patients to authorize others to access their medical data and prescriptions How can patients know they can trust health information on the Internet How can unauthorized users be prevented from access? 11/20/2018

9 Recommendations We need health specific security standards (which are usually built on existing technology standards such as SSL, X.509 etc.) We need softer standards as well as technology ones, for topics such as: security procedures, trusted third parties, defined roles (privilege attributes), international agreements, long term archiving etc. 11/20/2018

10 Follow-up actions Action Item Lead Other players Prio
Privilege Management and Access Control ITU-T SG 17 ISO TC 215 WG4 CEN TC 251 OASIS High Access Control Policies OASIS IETF GGF Med Standards for Privilege Attributes Internet2 Privilege Allocation Policies ETSI GGF Global Grid Forum  11/20/2018

11 Conclusion There is still plenty of scope for international standardisation effort related to trust and security, not only in health specific technology related topics, but more importantly in the softer topics related to security management and international agreements 11/20/2018

Download ppt "Professor of Information Systems Security"

Similar presentations

1 HL7 Educational Session – eHealth Week Budapest 2011 © 2002-2011 Health Level Seven International, Inc. All Rights Reserved. HL7 and Health Level Seven.

1 HL7 Educational Session – eHealth Week Budapest 2011 © Health Level Seven International, Inc. All Rights Reserved. HL7 and Health Level Seven.
U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG

U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG
International Telecommunication Union Workshop on Standardization in E-health Geneva, 23-25 May 2003 The Use of X.509 in E-Healthcare Professor David W.

International Telecommunication Union Workshop on Standardization in E-health Geneva, May 2003 The Use of X.509 in E-Healthcare Professor David W.
Security standardization for Health Informatics ITU-T eHealth conference Geneva 2003-05-23 Dr Gunnar O. Klein convenor of ISO/TC 215/WG 4 Security Karolinska.

Security standardization for Health Informatics ITU-T eHealth conference Geneva Dr Gunnar O. Klein convenor of ISO/TC 215/WG 4 Security Karolinska.
International Telecommunication Union Workshop on Standardization in E-health Geneva, 23-25 May 2003 Security needs in telemedicine Philippe Feuerstein,

International Telecommunication Union Workshop on Standardization in E-health Geneva, May 2003 Security needs in telemedicine Philippe Feuerstein,
Electronic Health Record Systems: What are They, Why have They Failed for so Long, and What Progress is Being Made Now? C. Peter Waegemann CEO, Medical.

Electronic Health Record Systems: What are They, Why have They Failed for so Long, and What Progress is Being Made Now? C. Peter Waegemann CEO, Medical.
Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.

Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.
Open Workshop on e-Infrastructures, Helsinki October 4 – 5, 2006 Roadmap Parallel Session on last chapter of e-IRG Roadmap: Crossing the Boundaries of.

Open Workshop on e-Infrastructures, Helsinki October 4 – 5, 2006 Roadmap Parallel Session on last chapter of e-IRG Roadmap: Crossing the Boundaries of.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
© 2009 Cengage Learning. All Rights Reserved. Electronic Health Records.

© 2009 Cengage Learning. All Rights Reserved. Electronic Health Records.
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
5 TH National HIPAA Summit HIPAA Vendor Readiness SIEMENS/HDX Presentation 1 November 2002 Don Bechtel HDX Compliance Officer Co-chair WEDI SNIP Transactions.

5 TH National HIPAA Summit HIPAA Vendor Readiness SIEMENS/HDX Presentation 1 November 2002 Don Bechtel HDX Compliance Officer Co-chair WEDI SNIP Transactions.
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Healthcare smart cards - at last? LifeHouse Mike McCurry Smart Cards Project Manager SCNF 5 November 2002.

Healthcare smart cards - at last? LifeHouse Mike McCurry Smart Cards Project Manager SCNF 5 November 2002.
Electronic Health Records 3.3 Health. Definition “An electronic health record (EHR) (also electronic patient record/computerised patient record/electronic.

Electronic Health Records 3.3 Health. Definition “An electronic health record (EHR) (also electronic patient record/computerised patient record/electronic.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Standard of Electronic Health Record

Standard of Electronic Health Record
Mapping standardization with IST research (Deliverable D18 on ‘reverse mapping’) COPRAS Annual Review 15 March 2006 Prof. Tatiana Kovacikova, on behalf.

Mapping standardization with IST research (Deliverable D18 on ‘reverse mapping’) COPRAS Annual Review 15 March 2006 Prof. Tatiana Kovacikova, on behalf.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.

Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.

Similar presentations

Ads by Google