Abstract
Between secure information systems (IS) are also medical IS which support work of different medical institutions as well as pharmacies and insurance companies. All of them have to work with medical personal data which should take into account the privacy. The privacy is the individual’s right to determine if, when and how data about them will be collected, stored, used and shared with others. According to this definition medical personal data are treated as sensitive data, which can only be gathered and processed under particular conditions. In this contribution we will concentrate on personal medical data saved in medical records. Namely there are numerous message flows between medical staff and medical records that are often completely unprotected and can be accessed easier than might be expected. We will study the guidelines for medical staff regarding the protection of personal data, the corresponding Slovenian legislation, and the recommendations of a particular institution.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
European Guideline for Medical Personnel on protecting Personal Data (2005) (accessed, June 2008), http://www.eurosocap.org/
Personal Data Protection Act. Official Journal of the Republic of Slovenia, No. 94/2007 (2007)
Healthcare Database Act. Official Journal of the Republic of Slovenia, No. 65/2007 (2007)
Regulations for personal data and other sensitive data protection and documented material of the Medical Centre (available only in Slovenian), Medical Centre Ljubljana (2006)
Klemenc, D., Požun, P., Milić, J.: Privacy of the patient’s personal and medical data in the University Medical Centre Ljubljana. Informatica Medica Slovenica 9(1-2), 24–30 (2004)
Welzer, T., et al.: Teaching IT in the postgraduate health care and nursing program; Advancing health information management and health informatics: issues, strategies, and tools. In: Raza, A., Bath, P., Keselj, V. (eds.) Eleventh international symposium on health information management research - iSHMIR 2006, pp. 14–16 (2006)
SEISMED Consortium (ed.): Data Security in Health Care, Guidelines. IOS Press, Amsterdam (1996)
Yu, H., Liao, W., Yuan, X., Xu, J.: Teaching a web security course to practice information assurance. ACM SIGCSE Bulletin 38(1), 12–16 (2006)
Pfleeger, C.P., Pfleeger, L.: Security in Computing. Prentice Hall, Englewood Cliffs (2007)
Cannon, J.C.: Privacy. Addison-Wesley, Reading (2005)
Kokol, P., Zazula, D., Brumec, V., Kolenc, L., Slajmer Japelj, M.: New Nursing Informatics Curriculum - An Outcome from the Nice Project. In: Mantas, J. (ed.) Proceedings of HTE 1998, University of Athens (1998)
Welzer Družovec, T., Hölbl, M., Habjanič, A., Brumen, B., Družovec, M.: Teaching of Information Security in the Health Care and Nursing Postgraduate program. In: Venter, H. (ed.) IFIP TC-11 International Information Security Conference - SEC 2007, IFIP International Federation for Information Processing, vol. 232, pp. 479–484 (2007)
Welzer, T., et al.: Information privacy for personal data in medical records. In: Bath, P. (ed.) ISHIMR 2008: Proceedings of the Thirteenth International Symposium for Health Information Management Research, October 20-22, 2008, pp. 149–157. Massey Universtiy, Auckland (2008)
Joosten, R., Whitehouse, D., Doquenoy, P.: Putting Identifiers in the Context of eHealth. In: Fischer-Hübner, S., Doquenoy, P., Zuccato, A., Martucci, L. (eds.) IFIP International Federation for Information Processing. The Future of Identity in the Information Society, vol. 262, pp. 389–403. Springer, Heidelberg (2008)
i2Health – Interoperability Initiative for a European eHealth Area – project deliverable D3.1b Identification management in eHealth (2007) (accessed, June 2008), http://www.i2-health.org/
Yee, G., Korba, L., Song, R.: Ensuring Privacy for E-Health Services. In: Proceedings of the First International Conference on Availability, Reliability and Security - ARES 2006, pp. 321–328. IEEE Press, Washington (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Welzer, T. et al. (2009). Medical Personal Data in Secure Information Systems. In: Yang, J., Ginige, A., Mayr, H.C., Kutsche, RD. (eds) Information Systems: Modeling, Development, and Integration. UNISCON 2009. Lecture Notes in Business Information Processing, vol 20. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01112-2_35
Download citation
DOI: https://doi.org/10.1007/978-3-642-01112-2_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01111-5
Online ISBN: 978-3-642-01112-2
eBook Packages: Computer ScienceComputer Science (R0)