Skip to main content
Key Specialties
Cardiology Diabetology Endocrinology Gastroenterology Geriatrics and Gerontology Gynecology and Obstetrics Hematology Infectious Disease Internal Medicine Nephrology Neurology Oncology Pediatrics Respiratory Medicine Rheumatology Surgery
Congress Coverage
2024 ACC Congress 2023 ESMO Congress 2023 EASD Congress 2023 ERS Congress 2023 ESC Congress
Clinical Collections
Advances in Alzheimer’s

At a glance: The STEP trials

A round-up of the STEP phase 3 clinical trials evaluating semaglutide for weight loss in people with overweight or obesity.
ADVANCED SEARCH
Log in
Top
Journal of Medical Systems
Published in: Journal of Medical Systems 5/2015

01-05-2015 | Systems-Level Quality Improvement

A Security Framework for Nationwide Health Information Exchange based on Telehealth Strategy

Authors: B. B. Zaidan, Ahmed Haiqi, A. A. Zaidan, Mohamed Abdulnabi, M. L. Mat Kiah, Hussaen Muzamel

Published in: Journal of Medical Systems | Issue 5/2015

Login to get access

Abstract

This study focuses on the situation of health information exchange (HIE) in the context of a nationwide network. It aims to create a security framework that can be implemented to ensure the safe transmission of health information across the boundaries of care providers in Malaysia and other countries. First, a critique of the major elements of nationwide health information networks is presented from the perspective of security, along with such topics as the importance of HIE, issues, and main approaches. Second, a systematic evaluation is conducted on the security solutions that can be utilized in the proposed nationwide network. Finally, a secure framework for health information transmission is proposed within a central cloud-based model, which is compatible with the Malaysian telehealth strategy. The outcome of this analysis indicates that a complete security framework for a global structure of HIE is yet to be defined and implemented. Our proposed framework represents such an endeavor and suggests specific techniques to achieve this goal.
Literature
1.
Kellermann, A. L., and Jones, S. S., What it will take to achieve the as-yet-unfulfilled promises of health information technology. Health Aff. 32:63–68, 2013.CrossRef
2.
Brailer, D. J., Interoperability: the key to the future health care system. Health Aff.-Millwood VA Bethesda MA 24:W5, 2005.
3.
Kuperman, G. J., Blair, J. S., Franck, R. A., Devaraj, S., Low, A. F., et al., Developing data content specifications for the nationwide health information network trial implementations. J. Am. Med. Inform. Assoc. 17:6–12, 2010.CrossRef
4.
Walker, J., Pan, E., Johnston, D., Adler-Milstein, J., Bates, D. W., and Middleton, B., The value of health care information exchange and interoperability. Health Aff.-Millwood VA Bethesda MA 24:W5, 2005.
5.
Kuperman, G. J., Health-information exchange: why are we doing it, and what are we doing? J. Am. Med. Inform. Assoc. 18:678–682, 2011.CrossRef
6.
Garets, D., and Davis, M., Electronic medical records vs. electronic health records: yes, there is a difference, Policy white paper. Chicago, HIMSS Analytics, 2006.
7.
Benli, S., Yaylacicegi, U., Vetter, R., Reinicke, B., and Mitchell, S., Information security blueprint for national health information network. Ann. Master Sci. Comput. Sci. Inf. Syst. UNC Wilmington 6, 2012.
8.
Shapiro, J. S., Kannry, J., Lipton, M., Goldberg, E., Conocenti, P., Stuard, S., Wyatt, B. M., and Kuperman, G., Approaches to patient health information exchange and their impact on emergency medicine. Ann. Emerg. Med. 48:426–432, 2006.CrossRef
9.
Liu, W., Park, E., and Krieger, U., eHealth interconnection infrastructure challenges and solutions overview. e-Health Networking, Applications and Services (Healthcom), 2012 I.E. 14th International Conference on, IEEE, 2012, pp. 255–260.
10.
Payne, T. H., Detmer, D. E., Wyatt, J. C., and Buchan, I. E., National-scale clinical information exchange in the United Kingdom: lessons for the United States. J. Am. Med. Inform. Assoc. 18:91–98, 2011.CrossRef
11.
Kaelber, D. C., and Bates, D. W., Health information exchange and patient safety. J. Biomed. Inform. 40:S40–S45, 2007.CrossRef
12.
Zaidan, A. A., Zaidan, B. B., Kadhem, Z., Larbani, M., Lakulu, M. B., and Hashim, M., Challenges, alternatives, and paths to sustainability: better public health promotion using social networking pages as key tools. J. Med. Syst. 39(2):1–14, 2015.CrossRef
13.
Bailey, J. E., Pope, R. A., Elliott, E. C., Wan, J. Y., Waters, T. M., and Frisse, M. E., Health information exchange reduces repeated diagnostic imaging for back pain. Ann. Emerg. Med. 45:3, 2013.
14.
Iezzoni, L. I., Assessing quality using administrative data. Ann. Intern. Med. 127:666–674, 1997.CrossRef
15.
Safran, C., Bloomrosen, M., Hammond, W. E., Labkoff, S., Markel-Fox, S., Tang, P. C., and Detmer, D. E., Toward a national framework for the secondary use of health data: an American Medical Informatics Association white paper. J. Am. Med. Inform. Assoc. 14:1–9, 2007.CrossRef
16.
Roelofs, E., Persoon, L., Nijsten, S., Wiessler, W., Dekker, A., and Lambin, P., Benefits of a clinical data warehouse with data mining tools to collect data for a radiotherapy trial. Radiother. Oncol., 2013.
17.
Song, M., Liu, K., Abromitis, R., and Schleyer, T. L., Reusing electronic patient data for dental clinical research: a review of current status. J. Dent., 2013.
18.
Wasserman, R. C., Electronic medical records (EMRs), epidemiology, and epistemology: reflections on EMRs and future pediatric clinical research. Acad. Pediatr. 11:280–287, 2011.CrossRef
19.
Kiah, M. L. M., Haiqi, A., Zaidan, B. B., and Zaidan, A. A., Open source EMR software: profiling, insights and hands-on analysis. Comput. Methods Prog. Biomed. 117(2):360–382, 2014.CrossRef
20.
Cios, K. J., and William Moore, G., Uniqueness of medical data mining. Artif. Intell. Med. 26:1–24, 2002.CrossRef
21.
Regidor, E., The use of personal data from medical records and biological materials: ethical perspectives and the basis for legal restrictions in health research. Soc. Sci. Med. 59:1975–1984, 2004.CrossRef
22.
Vest, J. R., Health information exchange: national and international approaches. Adv. Health Care Manag. 12:3–24, 2012.CrossRef
23.
Park, H., Lee, S., Kim, Y., Heo, E.-Y., Lee, J., Park, J. H., and Ha, K., Patients’ perceptions of a health information exchange: a pilot program in South Korea. Int. J. Med. Inform. 82:98–107, 2013.CrossRef
24.
Gritzalis, D., and Lambrinoudakis, C., A security architecture for interconnecting health information systems. Int. J. Med. Inform. 73:305–309, 2004.CrossRef
25.
Flores, A., Secure exchange of information in electronic health records, 2010.
26.
van der Linden, H., Kalra, D., Hasman, A., and Talmon, J., Inter-organizational future proof EHR systems: a review of the security and privacy related issues. Int. J. Med. Inform. 78:141–160, 2009.CrossRef
27.
Sucurovic, S., Implementing security in a distributed web-based EHCR. Int. J. Med. Inform. 76:491–496, 2007.CrossRef
28.
Xiao, L., Vicente, J., Sáez, C., Peet, A., Gibb, A., Lewis, P., Dasmahapatra, S., Croitoru, M., González-Vélez, H., Ariet, M. L., et al., A security model and its application to a distributed decision support system for healthcare. Availability, Reliability and Security, 2008. ARES 08. Third International Conference on, IEEE, 2008, pp. 578–585.
29.
“Nationwide Health Information Network (NwHIN).”
30.
Lenert, L., Sundwall, D., and Lenert, M. E., Shifts in the architecture of the nationwide health information network. J. Am. Med. Inform. Assoc. 19:498–502, 2012.CrossRef
31.
32.
Coiera, E., Building a national health IT system from the middle out. J. Am. Med. Inform. Assoc. 16:271–273, 2009.CrossRef
33.
M. Ministry of Health (MOH), Malaysia’s telemedicine blueprint: leading healthcare into the information age, 1997.
34.
Ghani, M. K. A., An integrated and distributed framework for a Malaysian Telemedicine System (MyTEL), 2008.
35.
Som, M. M., Norali, A., and Ali, M. M., Telehealth in Malaysia—An overview, Industrial Electronics & Applications (ISIEA), 2010 I.E. Symposium on, IEEE, 2010, pp. 660–664.
36.
Alaudin, D. F. S., AeHIN General Meeting 2013: eHealth Updates Malaysia, 2013.
37.
Hisan, D. A., Malaysian Health Information Exchange (MyHIX), 2012.
38.
M. Malaysia, “IHE CONNECTATHON - MSC Malaysia.”
39.
M. newsletter, MIMOS collaborates with Health Ministry to develop Healthcare IT, 2013.
40.
Wei, J., Hu, X., and Liu, W., An improved authentication scheme for Telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.CrossRef
41.
Wu, Z. Y., Lee, Y.-C., Lai, F., Lee, H.-C., and Chung, Y.-F., A secure authentication scheme for Telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.CrossRef
42.
Kiah, M. L. M., Al-Bakri, S. H., Zaidan, A. A., Zaidan, B. B., and Hussain, M., Design and develop a video conferencing framework for real-time telemedicine applications using secure group-based communication architecture. J. Med. Syst. 38(10):1–11, 2014.
43.
Alanazi, H. O., Zaidan, A. A., Zaidan, B. B., Kiah, M. L., and Al-Bakri, S. H., Meeting the security requirements of electronic medical records in the ERA of high-speed computing. J. Med. Syst. 39(1):1–13, 2015.CrossRef
44.
He, D., Chen, J., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.CrossRef
45.
Das, A. K., and Goswami, A., A secure and efficient uniquenessand-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3):1–16, 2013.CrossRef
46.
Chang, Y.-F., Yu, S.-H., and Shiao, D.-R., An uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9902, 2013.CrossRef
47.
48.
Zaidan, B. B., Zaidan, A. A., and Mat Kiah, M. L., Impact of data privacy and confidentiality on developing telemedicine applications: a review participates opinion and expert concerns. Int. J. Pharmacol. 7(3):382–387, 2011.CrossRef
49.
Kiah, M. L., Nabi, M. S., Zaidan, B. B., and Zaidan, A. A., An enhanced security solution for electronic medical records based on AES hybrid technique with SOAP/XML and SHA-1. J. Med. Syst. 37(5):1–18, 2013.CrossRef
50.
Li, Y.-C., Hung, M.-C., Hsiao, S.-J., Tsai, K.-D., Chang, M.-M., An assessment of patient safety in acupuncture process under EMR support. J. Med. Syst. 35(6):1447–1453, 2011.1,789 KB).
51.
Ullah, S., and Alamri, A., A secure RFID-based WBAN for healthcare applications. J. Med. Syst. 37(5):1–9, 2013.CrossRef
52.
Yan, X., Li, W., Li, P., Wang, J., Hao, X., and Gong, P., A secure biometrics-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(2):1–6, 2013.MATH
53.
Hamdan, O., Alanazi, H. A., Jalab, G. M., Alam, B. B., and Zaidan, A. A., Securing electronic medical records transmissions over unsecured communications: an overview for better medical governance. J. Med. Plant Res. 4(19):2059–2074, 2010.
54.
Hsu, C.-L., Lee, M.-R., and Su, C.-H., The role of privacy protection in healthcare information systems adoption. J. Med. Syst. 37:9966, 2013.CrossRef
55.
Rivest, R. L., Shamir, A., and Adleman, L., A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21:120–126, 1978.CrossRefMATHMathSciNet
56.
Boneh, D., Rivest, R., Shamir, A., Adleman, L., et al., Twenty years of attacks on the RSA cryptosystem. Not. AMS 46:203–213, 1999.MATH
57.
Salah, I. K., Darwish, A., and Oqeili, S., Mathematical attacks on RSA cryptosystem. J. Comput. Sci. 2:665, 2006.CrossRef
58.
Kocher, P. C., Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems, Advances in Cryptology—CRYPTO’96, Springer, 1996, pp. 104–113.
59.
Boneh, D., Joux, A., and Nguyen, P.Q., Why textbook ElGamal and RSA encryption are insecure, Advances in Cryptology—ASIACRYPT 2000, Springer, 2000, pp. 30–43.
60.
Diffie, W., The first ten years of public-key cryptography. Proc. IEEE 76:560–577, 1988.CrossRef
61.
62.
Gupta, V., Gupta, S., Chang, S., and Stebila, D., Performance analysis of elliptic curve cryptography for SSL, Proceedings of the 1st ACM Workshop on Wireless Security, ACM, 2002, pp. 87–94.
63.
Jurišic, A., and Menezes, A., Elliptic curves and cryptography. Dr. Dobb’s J., 1997, pp. 26–36.
64.
Kapoor, V., Abraham, V. S., and Singh, R., Elliptic curve cryptography. ACM Ubiquit. 9:20–26, 2008.
65.
Hoffstein, J., Pipher, J., and Silverman, J. H., NTRU: a ring-based public key cryptosystem. Algorithmic Number Theory, Springer, 1998, pp. 267–288.
66.
Hermans, J., Vercauteren, F., and Preneel, B., Speed records for NTRU. Topics in Cryptology-CT-RSA 2010, Springer, 2010, pp. 73–88.
67.
Perlner, R. A., and Cooper, D. A., Quantum resistant public key cryptography: a survey. Proceedings of the 8th Symposium on Identity and Trust on the Internet, ACM, 2009, pp. 85–93.
68.
Daemen, J., and Rijmen, V., AES proposal: Rijndael. First Advanced Encryption Standard (AES) Conference, 1998.
69.
Standard, N.-F., Announcing the Advanced Encryption Standard (AES). Fed. Inf. Process. Stand. Publ. 197, 2001.
70.
Biryukov, A., Dunkelman, O., Keller, N., Khovratovich, D., and Shamir, A., Key recovery attacks of practical complexity on AES-256 variants with up to 10 rounds. Advances in Cryptology–EUROCRYPT 2010, Springer, 2010, pp. 299–319.
71.
Schneier, B., Kelsey, J., Whiting, D., Wagner, D., Hall, C., and Ferguson, N., Performance comparison of the AES submissions, 1999.
72.
Schneier, B., The Blowfish encryption algorithm. Dr Dobb’s J.-Softw. Tools Prof. Program. 19:38–43, 1994.
73.
Schneier, B., Description of a new variable-length key, 64-bit block cipher (Blowfish). Fast Software Encryption, Springer, 1994, pp. 191–204.
74.
Gonzalez, T., A Reflection attack on blowfish. J Latex Files 6, 2007.
75.
Rivest, R. L., Robshaw, M. J., Sidney, R., and Yin, Y. L., The RC6 block cipher. In First Advanced Encryption Standard (AES) Conference, Citeseer, 1998.
76.
Rivest, R. L., The RC5 encryption algorithm. Fast Software Encryption, Springer, 1995, pp. 86–96.
77.
78.
PUB, F., Secure hash standard. Public Law 100:235, 1995.
79.
Wang, X., Yin, Y. L., and Yu, H., Finding collisions in the full SHA-1. Advances in Cryptology–CRYPTO 2005, Springer, 2005, pp. 17–36.
80.
81.
Naedele, M., Standards for XML and Web services security. Computer 36:96–98, 2003.CrossRef
82.
Chester, T. M., Cross-platform integration with XML and SOAP. IT Prof. 3:26–34, 2001.CrossRef
83.
Achard, F., Vaysseix, G., and Barillot, E., XML, bioinformatics and data integration. Bioinformatics 17:115–125, 2001.CrossRef
84.
Gudgin, M., Hadley, M., Mendelsohn, N., Moreau, J.-J., Nielsen, H. F. , Karmarkar, A., and Lafon, Y., Simple object access protocol (SOAP) 1.2. World Wide Web Consortium, 2003.
85.
86.
Nabi, M. S. A., Mat Kiah, M. L., Zaidan, B. B., Zaidan, A. A., and Alam, G. M., Suitability of using SOAP protocol to secure electronic medical record databases transmission. Int. J. Pharmacol. 6(6):959–964, 2010.CrossRef
87.
Adams, C., and Lloyd, S., Understanding the Public-Key Infrastructure: Concepts, Standards and Deployment Considerations. Sams Publishing, 1999.
88.
Ford, W., Hallam-Baker, P., Fox, B., Dillaway, B., LaMacchia, B., Epstein, J., and Lapp, J., Xml key management specification (xkms). W3C note, March, 2001.
89.
Metadata
Title
A Security Framework for Nationwide Health Information Exchange based on Telehealth Strategy
Authors
B. B. Zaidan
Ahmed Haiqi
A. A. Zaidan
Mohamed Abdulnabi
M. L. Mat Kiah
Hussaen Muzamel
Publication date
01-05-2015
Publisher
Springer US
Published in
Journal of Medical Systems / Issue 5/2015
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-015-0235-1

Other articles of this Issue 5/2015

Journal of Medical Systems 5/2015 Go to the issue

Education & Training

Mutual Information Analysis of Sleep EEG in Detecting Psycho-Physiological Insomnia

Patient Facing Systems

An Obstructive Sleep Apnea Detection Approach Using Kernel Density Classification Based on Single-Lead Electrocardiogram

Transactional Processing Systems

The Application of Data Mining Techniques to Oral Cancer Prognosis

Patient Facing Systems

A Privacy Preserving Secure and Efficient Authentication Scheme for Telecare Medical Information Systems

Transactional Processing Systems

Overview of Recent Trans-Institutional Health Network Projects in Japan and Germany

Transactional Processing Systems

An Electronic Medical Record System with Treatment Recommendations Based on Patient Similarity