| BMC Medical Informatics and Decision Making | |
| Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education | |
| Research Article | |
| Lars K Vognild1 Tatjana M Burkow2 Elin Johnsen2 Eva Henriksen2 | |
| [1] Norut, Northern Research Institute, Tromsø, Norway;Norwegian Centre for Integrated Care and Telemedicine, University Hospital of North Norway, Tromsø, Norway; | |
| 关键词: Privacy; Confidentiality; Information security; Risk assessment; Pulmonary rehabilitation; Diabetes self-management education; Video conference; Tele-homecare; | |
| DOI : 10.1186/1472-6947-13-85 | |
| received in 2012-11-09, accepted in 2013-07-23, 发布年份 2013 | |
| 来源: Springer | |
 PDF
|
|
【 摘 要 】
BackgroundPrivacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient’s TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform.MethodsRisk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO’s standard for information security risk management.ResultsA total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring.ConclusionsMost of the identified threats are applicable for healthcare services intended for patients or citizens in their own homes. Confidentiality risks in home are different from in a more controlled environment such as a hospital; and electronic equipment located in private homes and communicating via Internet, is more exposed to unauthorised access. By implementing the proposed measures, it has been possible to design a home-based service which ensures the necessary level of information security and privacy.
【 授权许可】
CC BY
© Henriksen et al.; licensee BioMed Central Ltd. 2013
【 预 览 】
| Files | Size | Format | View |
|---|---|---|---|
| RO202311091199688ZK.pdf | 448KB |  download |
【 参考文献 】
- [1]
- [2]
- [3]
- [4]
- [5]
- [6]
- [7]
- [8]
- [9]
- [10]
- [11]
- [12]
- [13]
- [14]
- [15]
- [16]
- [17]
- [18]
- [19]
- [20]
- [21]
- [22]
- [23]
- [24]
- [25]
- [26]
- [27]
- [28]
- [29]
- [30]
- [31]
- [32]
- [33]
- [34]
878987797
028-85220240
