Advertisement

Interoperabilität

Bedrohungen, Risiken und Lösungen für Datensicherheit in “Shared Care”-Informationssystemen
  • B. Blobel
  • P. Pharow
  • K. Engel
  • V. Spiegel
Part of the DuD-Fachbeiträge book series (DUD)

Zusammenfassung

Um das “Shared Care”-Paradigma zur Sicherung einer effizienten und qualitativ hochwertigen Gesundheitsversorgung zu unterstützen, müssen Gesundheitsinformationssysteme der Herausforderung von enger Kommunikation und Kooperation zwischen verteilten medizinischen Anwendungen entsprechen. Verteilte Gesundheitsinformationssysteme und medizinische Netzwerke — zunehmend auf der Basis des Internet — stellen hohe Anforderungen an die Gewährleistung von Datenschutz und Datensicherheit im Sinne der Sicherung der Integrität, der Vertraulichkeit, der Verbindlichkeit sowie der Verfügbarkeit der Informationen. Das trifft insbesondere für die Kommunikation und Kooperation auf der Grundlage personenbezogener medizinischer Daten zu. Das Domänenkonzept ausgebauter kommunizierender und kooperierender Systeme über Unternehmens-, Organisations-, regionale, Landes-oder sogar Staatsgrenzen hinweg wird detaillierter vorgestellt, Security Policy und Policy Bridging einschließend. Basierend auf einem allgemeinen Sicherheits-Schichtenmodell werden die Prinzipien der Integration interner und externer Sicherheitsservices betrachtet. Die Magdeburger Abteilung für Medizinische Informatik ist in verschiedene, von der Europäischen Kommission geförderte Projekte wie ISHTAR, TRUSTHEALTH und EUROMED eingebunden. Als Ergebnisse dieser Projekte wurden Sicherheitslösungen für interoperable Gesundheitsinformationssysteme und-netze entwickelt und in Pilotvorhaben implementiert, die in diesem sowie einem weiteren Beitrag dieser Tagung vorgestellt werden. Dazu gehören die sichere EDI-Kommunikation ebenso wie der Einsatz von Health Professional Cards und einer entsprechenden Sicherheitsinfrastruktur von Trusted Third Party Services.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Literatur

  1. [Barb96]
    Barber B, Treacher A, and Louwerse K (eds.): Towards Security in Medical Telematics. Series in Health Technology and Informatics Vol. 27. IOS Press, Amsterdam 1996.Google Scholar
  2. [Blob96a]
    Blobel, B.: Clinical Record Systems in Oncology. Experiences and Developments on Cancer Registries in Eastern Germany, in Preproceedings of the International Workshop “Personal Information — Security, Engineering and Ethics” pp 37–54, Cambridge, 21–22 June, 1996, also published in Personal Medical Information — Security, Engineering, and Ethics (edr. R. Anderson), pp 39-56. Spinger, Berlin, New York 1997.Google Scholar
  3. [Blob97a]
    Blobel B.: Security requirements and solutions in distributed Electronic Health Records, in Information Security in Research and Business (eds. L. Yngström, and J. Carlsen), pp. 377–390. Chapman & Hall, London 1997.Google Scholar
  4. [Blob97b]
    Blobel B, Bleumer G, Müller A, Flikkenschild E, and Ottes F.: Current Security Issues Faced by Health Care Establishments. Deliverable of the HC1028 Telematics Project ISHTAR, February 1997.Google Scholar
  5. [Blob97c]
    Blobel, B., Holena, M.: Comparing middleware concepts for advanced healthcare system architectures. International Journal of Medical Informatics 46 (1997) pp. 69–85.CrossRefGoogle Scholar
  6. [Blob97d]
    Blobel, B., Pharow, P.: Security Infrastructure of an Oncological Network Using Health Professional Cards, in Health Cards’ 97(eds. L. van den Broek, AJ. Sikkel), pp 323–334. Series in Health Technology and Informatics Vol. 49. IOS Press, Amsterdam 1997.Google Scholar
  7. [Blob98a]
    Blobel, B., Holena, M.: CORBA Security Services for Health Information Systems. International Journal of Medical Informatics 52 1-3 (1998) pp 29–38.CrossRefGoogle Scholar
  8. [Blob98b]
    Blobel, B., Katsikas, S.K.: Patient data and the Internet — security issues. Chairpersons’ introduction. International Journal of Medical Informatics 49 (1998) pp. S5–S8.CrossRefGoogle Scholar
  9. [Blob98c]
    Blobel, B., Spiegel, V., Krohn, R., Pharow, P., Engel, K.: Standard Guide for HL7 Communication Security. ISIS MEDSEC Project, Deliverable 30, August 1998.Google Scholar
  10. [Blob98d]
    Blobel, B., Spiegel, V., Krohn, R., Pharow, P., Engel, K.: Standard Guide for Implementing EDI Communication Security. ISIS MEDSEC Project, Deliverable 31, August 1998.Google Scholar
  11. [Blob99]
    Blobel, B., Pharow, P., Roger-France, F.: Security Analysis and Design Based on a General Conceptual Security Model and UML. In: P. Sloot, M. Bubak, A. Hoekstra, B. Hertzberger: High Performance Computing and Networking, pp. 919–930. Lecture Notes in Computer Sciences 1593. Springer, Berlin, Heidelberg, New York 1999.CrossRefGoogle Scholar
  12. [CE95]
    Council of Europe: Directive 95/46/EC on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data. Strasbourg 1995.Google Scholar
  13. [CM97]
    Committee of Ministers: European Recommendation (Draft) No. R(96) of the Committee of Ministers to Member States on the Protection of Medical Data (and Genetic Data). CJ-PD (96). Strasbourg 1997.Google Scholar
  14. [EC91]
    European Communities — Commission: ITSEC: Information Technology Security Evaluation Criteria; (Provisional Harmonised Criteria, Version 1.2, 28 June 1991). Office for Official Publications of the European Communities, Luxembourg 1991.Google Scholar
  15. [HPC99]
    HPC Specification Draft version 0.9 of the Specification of the German Doctors’ Licence including the Specification of related Certificates (1999). http://www.hpc-specification.de
  16. [Klug95]
    E.-H.W. Kluge: Patients, Patient Records, and Ethical Principles. In: R. A. Green et al. (Edrs.): MEDINFO 95, pp 1596–1600. Noth-Holland, Amsterdam-London-New York-Tokyo 1995.Google Scholar
  17. [Kats98]
    Katsikas, S.K., Spinellis, D.D., Iliadis, I, Blobel, B.: Using Trusted Third Parties for secure telemedical applications over the WWW: The EUROMED-ETS approach. International Journal of Medical Informatics 49 (1998) pp. 59–68.CrossRefGoogle Scholar
  18. [OMG97]
    OMG: The CORBAservices; Common Object Services Specification, Chapter 15. November 1997.Google Scholar
  19. [Phar99]
    Pharow, P., Blobel, B., Spiegel, V., Engel, K.: Health Professional Cards as Basic Tools for Secure Health Applications, in G. Weck (Hrsg.), VIS 99. DuD Fachbeiträge. Vieweg, Braunschweig, Wiesbaden 1999.Google Scholar
  20. [Scha98]
    Schadow, G., Tucker, M., Rishel, W.: Secure HL7 Transactions using Internet Mail (draft-ietf-ediint-hl7). Internet Draft (EDIINT Working Group), July 21, 1998 http://www.ietf.org/internet-drafts.
  21. [CARD]
    The CARDLINK Consortium. European Network of Card Applications. Project of the Fourth EU Health Telematics Applications Programme. http://www.ehto.be/projects/cardlink
  22. [DIAB]
    The DIABCARD3 Consortium. Improved Communication in Diabetes Care Based on Chipcard Technology. Project of the Fourth EU Health Telematics Applications Programme. http://www-mi.gsf.de/diabcard
  23. [EURO]
    The EUROMED-ETS Consortium. EUROMED — European Trust Structure. Information Society Standardisation Programme. http://euromed.iccs.ntua.gr/
  24. [ISHT]
    The ISHTAR Consortium. Implementation of Secure Health Telematics Applications in Europe. Project of the Fourth EU Health Telematics Applications Programme. http://www.ehto.be/projects/ishtar/
  25. [MEDS]
    MEDSEC Consortium, Health Care Security and Privacy in the Information Society. Project of the EU ISIS Programme.Google Scholar
  26. [SEIS96]
    The SEISMED Consortium, (edr.): Data Security for Health Care. Volume I-III. Studies in Health Technology and Informatics, Vol. 31–33. IOS Press, Amsterdam 1996.Google Scholar
  27. [TRUS]
    The TrustHealth Consortium. Trustworthy Health Telematics 1. Project of the Fourth EU Health Telematics Applications Programme. http://www.ehto.be/projects/trusthealth/

Copyright information

© Friedr. Vieweg & Sohn Verlagsgesellschaft mbH, Braunschweig/Wiesbaden 1999

Authors and Affiliations

  • B. Blobel
    • 1
  • P. Pharow
    • 1
  • K. Engel
    • 1
  • V. Spiegel
    • 1
  1. 1.Abt. Medizinische InformatikUniversitätsklinikum MagdeburgDeutschland

Personalised recommendations