Skip to main content
Key Specialties
Cardiology Diabetology Endocrinology Gastroenterology Geriatrics and Gerontology Gynecology and Obstetrics Hematology Infectious Disease Internal Medicine Nephrology Neurology Oncology Pediatrics Respiratory Medicine Rheumatology Surgery
Congress Coverage
2024 ACC Congress 2023 ESMO Congress 2023 EASD Congress 2023 ERS Congress 2023 ESC Congress
Clinical Collections
Advances in Alzheimer’s

Keynote webinar | Spotlight on medication adherence

LIVE: Thursday 27th June 2024, 18:00-19:30 (CEST)
Join our expert panel to discover why you need to understand the drivers of non-adherence in your patients, and how you can optimize medication adherence in your clinics to drastically improve patient outcomes.
ADVANCED SEARCH
Log in
Top
Journal of Medical Systems
Published in: Journal of Medical Systems 4/2006

01-08-2006 | Original Article

Personal Health Record Systems and Their Security Protection

Authors: Khin Than Win, Willy Susilo, Yi Mu

Published in: Journal of Medical Systems | Issue 4/2006

Login to get access

Abstract

The objective of this study is to analyze the security protection of personal health record systems. To achieve this we have investigated different personal health record systems, their security functions, and security issues. We have noted that current security mechanisms are not adequate and we have proposed some security mechanisms to tackle these problems.
Literature
1.
Eysenbach, G., Consumer health informatics: Recent advances Br. Med. J. 320:1713–1716, 2000.CrossRef
2.
Gritzalis, D., and Lambrinoudakis, C., A security architecture for interconnecting health information systems. Int. J. Med. Inf. 73:305–309, 2004.CrossRef
3.
Lemos, R. 2000, Medical Privacy Gets CPR, December. Available at http://​www.​zdnet.​com/​zdnn/​stories/​news/​0,4586, 2667243,00.html accessed May 17, 2001.
4.
Win, K. T., A review of security of electronic health records. Health Inf. Manage. J. 34(1):13–18, 2005.
5.
Stallings, W., Cryptography and Network Security: Principle and Practices, 4th edn., Prentice-Hall, Englewood Cliffs, NJ, 2006.
6.
Varadharajan, V., and Mu, Y., Design of secure end-to-end protocols for mobile systems. In Encarnacao, J. L., and Rabaey, K. M. (eds.), Mobile Communications, Chapman and Hall, London, pp. 258–266, 1996.
7.
Waegemann, C. P., Status Report 2002: Electronic Health Records, Medical Records Institute, available at www.medrecinst.com/, 2002.
8.
Committee on Data Standards for Patient Safety, Key Capabilities of an Electronic Health Record System, Institute of Medicine, The National Academies, Washington, DC, 2003.
9.
NSW Ministerial Advisory Committee on Privacy and Health Information, ANACEA OR PLACEBO? Linked Electronic Health Records and Improvements in Health Outcomes, December, 2000.
10.
Australian Medical Council 2003, Legal, ethical and organisational aspects of the practice of medicine. In Marshall, V. C. et al. (ed.), Anthology of Medical Conditions, Australian Medical Council, Inc., Barton, ACT, Australia.
11.
Ross, S., and Chen, T. L., The effects of promoting patient access to medical records. J. Am. Med. Inf. Assoc. 10:129–138, 2003.CrossRef
12.
Sittig, D. F., Middleton, B., and Hazlehurst, L. B., Personalized Health Care Record Information on the Web, Proceedings of the Quality Healthcare Information on the “Net'99 Conference, October 13, 1999 in New York. Available at: http://​www.​informatics-review.​com/​thoughts/​personal.​htm, 1999.
13.
Treseder, P., Keeping Your Health on Record, ISO/TC 215, Health Informatics. Available at; http://​www.​iso.​ch/​iso/​en/​commcentre/​pdf/​Health0011.​pdf, (Accessed: February 2, 2004), 2000.
14.
Cimino, J. J., Patel, V. L., and Kushniruk, A. W., The patient clinical information system (PatCIS): Technical solutions for and experience with giving patients access to their electronic medical records. Int. J. Med. Inf. 68:113–127, 2002.CrossRef
15.
Win, K. T., Web-based personal health record systems evaluation, Int. J. Healthc. Technol. Manage. 7(3/4):208–217, 2006.
16.
Galvanon, News and Events: GE Healthcare's Health Kiosks Enable Easy “ATM style” Access to Electronic Medical Records [Online]. Available URL: http://​www.​galvanon.​com/​healthcare/​whitepapers/​ge_​kiosks.​htm, [Accessed 25 May 2005], 2005.
17.
Nicholas, D., Huntington, P., and Williams, P., An evaluation of the use of NHS touch-screen health kiosks: A national study, Aslib Proc. 54(6):372–384, 2002.CrossRef
18.
Briggs, B., Patients Step Up to Kiosks—Warily. Health Data Manage. 13(6):88–90, 2005.
19.
Schattner, P., and Plteshner, C., The GPCG Computer Security Project: Final Report. Monash University, The Department of General Practice in Affiliation with the Dept of Rural Health, The University of Melbourne, Monash Division of General Practice, 2004.
20.
Benoit, A., and Hamel, G., Adoption of Smart Cards in the Medical Sector: The Canadian Experience. Soc. Sci. Med. 53(7):879–894, 2001.CrossRef
21.
Smart Card Alliance, The Taiwan Health Care Smart Card Project [Online]. Available URL: http://​www.​smartcardallianc​e.​org/​pdf/​about_​alliance/​user_​profiles/​Taiwan_​Health_​Card_​Profile.​pdf [Accessed 24 March 2005], 2005a.
22.
Chan, A., Cao, J., Chan, H., and Young, G., A web-enabled framework for smart card application in health services. Commun. ACM 44(9):77–82, 2001.CrossRef
23.
PAERS, Patient Access to Electronic Medical Record and Automatic Arrival System [Online]. Available URL: http://​www.​bromba.​com/​download/​PAERSsystem_​detailed.​pdf, [Accessed 5 October 2005], 2004.
24.
Kim, M., and Johnson, K., Personal health records: Evaluation of functionality and utility. J. Am. Med. Inf. Assoc. 9(2):171–180, 2002.CrossRef
25.
Tobacman, J. K., Kissinger, P., Wells, M., Prokuski, J., Hoyer, M., McPherson, P., Wheeler, J., Kron-Chalupa, J., Parsons, C., Weller, P., and Zimmerman, B., Implementation of personal health records by case managers in a VAMC general medicine clinic. Patient Educ. Couns. 54:27–33.
26.
Fowles, J. B., Kind, A. C., Craft, C., Kind, E. A., Mandel, J. L., and Adlis, S., Patient’ interest in reading their medical record: Relation with clinical and sociodemographic characteristics and patients’ approach to health care. Arch. Intern. Med. 164:793–780, 2004.CrossRef
27.
Songini, M. C., and Dash, J., Hospital confirms hacker stole 5,000 patient files: Attack points to need for standards for patient records. Comput. World 34(51):7, 2000.
28.
Chin, T., Security breach: Hacker gets medical records. Am. Med. News 44:18–19, 2001.
29.
Chadwick, D. 2003, Patient privacy in electronic prescription transfer, IEEE Secur. Priv. 1(2):77–80.CrossRef
30.
American Society for Testing and Materials, E1714-00: Standard Guide for Properties of a Universal Healthcare Identifier, Available at: http://​www.​astm.​org/​cgibin/​SoftCart.​exe/​index.​shtml?​E+mystore>, (n.d.).
31.
Allaert, F. A., Le Teuff, G., Quantin, C., and Barber, B., The legal knowledge of the electronic signature: A key for a secure direct access of patients to their computerised medical record, Int. J. Med. Inf. 73:239–242, 2004.CrossRef
32.
Horst, H., How to Tamper with Electronic Health Records. Available at: <http://​www.​gnumed.​net/​gnotary/​tampering.​html> (accessed May 2004), 2001.
33.
Schattner, P., and Plteshner, C., The GPCG Computer Security Project: Final Report, Monash University, The Department of General Practice in Affiliation with the Department of Rural Health, The University of Melbourne, Monash Division of General Practice, 2004.
34.
Bilykh, I., Bychkov, Y., Jahnke, J. H., McCallum, G., Obry, C., Onabajo, A., and Kuziemsky, C., Can GRID Services Provide Answers to the Challenges of National Health Information Sharing? Proceedings of the 2003 Conference of the Centre for Advanced Studies Conference, IBM, Canada, pp. 39–53, 2003.
35.
Sax, U., Kohane, I., and Mandl, K. D., Wireless technology infrastructures for authentication of patients: PKI that rings. J. Am. Med. Inf. Assoc. 12(3):263–268, 2005.CrossRef
36.
Fried, B. M., and Pittman, S., Protecting medical privacy in a digital age: Beyond policies and procedures. A critical role for technology. California, Surf Control Inc. Available at:<http://​itpapers.​news.​com>, 2001.
37.
Gao, Y., Mu, Y., and Susilo, W., A New Client Puzzle Scheme Against DoS/DDoS Attacks. International Journal of Computer Science and Network Security (IJCSNS), Vol. 5 No. 10, pp.189–200, 2005.
38.
Gao, Y., Mu, Y., and Susilo, W., Preventing DoS Attacks with A New Client Puzzle Scheme. The AUUG’2005 Annual Conference, pp. 3–16, 2005.
39.
Huang, J., Susilo, W., and Seberry, J., Observations on the Message Integrity Code in IEEE 802.11 Wireless LANs. The 3rd Workshop on the Internet, Telecommunications and Signal Processing (WITSP 2004), pp. 328–332, 2004.
40.
Huang, J., Seberry, J., Susilo, W., and Bunder, M., Security Analysis of Michael: The IEEE 802.11i Message Integrity Code. Second International Symposium on Ubiquitous Intelligence and Smart Worlds (UISW2005), Lecture Notes in Computer Science 3823, pp. 423–432, Springer-Verlag, Berlin, 2005.
Metadata
Title
Personal Health Record Systems and Their Security Protection
Authors
Khin Than Win
Willy Susilo
Yi Mu
Publication date
01-08-2006
Publisher
Springer US
Published in
Journal of Medical Systems / Issue 4/2006
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-006-9019-y

Other articles of this Issue 4/2006

Journal of Medical Systems 4/2006 Go to the issue

Case Report

Comparison of Computing Capability and Information System Abilities of State Hospitals Owned by Ministry of Labor and Social Security and Ministry of Health

Original Paper

Incorporating an EPR system with a Universal Patient Record

Original Paper

Assessing Health Consumerism on the Web: A Demographic Profile of Information-Seeking Behaviors

Original Paper

Nullification of Electromagnetic Radiation: 50 Hz Artifact During Electroencephalogram Recording

OriginalPaper

Investigating Response Bias in an Information Technology Survey of Physicians

Original Paper

Racial disparities in health information access: resilience of the digital divide