ICMCC 2010 Personal Health Tutorial Blobel.rtf

ICMCC 2010 Personal Health Tutorial Blobel.rtf

-

English
4 Pages
Read
Download
Downloading requires you to have access to the YouScribe library
Learn all about the services we offer

Description

eHealth Platforms for Personal Health: Model-based Analysis and Design of Ad-vanced Security and Privacy Services ICMCC 2010 Tutorial 1Bernd BLOBEL eHealth Competence Center, Regensburg University Hospital, Regensburg, Germany Abstract. The tutorial is based on long term international lecturing experiences at university level as well as common efforts performed in the EFMI WG “Security, Safety and Ethics (SSE)” and EFMI WG “Electronic Health Records (EHR)”. It addresses requirements and solutions for secure, reliable, trustworthy Health In-formation Systems (HIS) and Health Networks (HN) reflecting results of several international and European standards and projects but also related national and re-gional activities. It aims at providing a platform for information/discussion on le-gal, social, behavioral, organizational, and technical aspects/implications for trustworthy Health Telematics. The tutorial provides a comprehensive overview on security threats, risks, and, in particular, solutions in modern distributed Health In-formation Systems including Health Networks aiming at communication and ap-plication security. A special focus will be put on formally modeling security and privacy services embedded in advanced systems' architectures. Taking the recent developments in European countries and beyond into account, personalized porta-ble devices including cards will play an increasing role in providing IT-based health services. Devices for citizens ...

Subjects

Informations

Published by
Reads 46
Language English
Report a problem
eHealth Platforms for Personal Health:
Model-based Analysis and Design of Ad-
vanced Security and Privacy Services
ICMCC 2010 Tutorial
Bernd BLOBEL
1
eHealth Competence Center, Regensburg University Hospital, Regensburg, Germany
Abstract.
The tutorial is based on long term international lecturing experiences at
university level as well as common efforts performed in the EFMI WG “Security,
Safety and Ethics (SSE)” and EFMI WG “Electronic Health Records (EHR)”. It
addresses requirements and solutions for secure, reliable, trustworthy Health In-
formation Systems (HIS) and Health Networks (HN) reflecting results of several
international and European standards and projects but also related national and re-
gional activities. It aims at providing a platform for information/discussion on le-
gal, social, behavioral, organizational, and technical aspects/implications for
trustworthy Health Telematics. The tutorial provides a comprehensive overview on
security threats, risks, and, in particular, solutions in modern distributed Health In-
formation Systems including Health Networks aiming at communication and ap-
plication security. A special focus will be put on formally modeling security and
privacy services embedded in advanced systems' architectures. Taking the recent
developments in European countries and beyond into account, personalized porta-
ble devices including cards will play an increasing role in providing IT-based
health services. Devices for citizens/patients and for health professionals will
change procedures and lead to new ones. Such devices can allow for a better pri-
vacy and safety strategies. Thus, patients’ and professionals’ empowerment, in-
volvement, and integration into treatment and care processes are keys to be ad-
dressed in this tutorial. As special part, biometrics and ID management will be dis-
cussed.
Objectives of the Tutorial
The tutorial concerns requirements and solutions for secure, reliable, and trustworthy
future-proof Health Information Systems and international Health Networks thereby
reflecting the results of several international and European standards as well as Euro-
pean research and best practice projects but also related activities on a national or even
regional scale. It provides a platform for advanced information and discussion of legal,
social, behavioral, organizational, and underlying technical aspects and implications for
Internet-based trustworthy health telematics and eHealth. Furthermore, the exploitation
of results to wards personalized health service provision (pHealth) including related
standardization issues is highlighted.
1
Corresponding Author: Bernd Blobel, PhD, Associate Professor; eHealth Competence Center, Regens-
burg University Hospital; Franz-Josef-Strauss-Allee 11, D-93042 Regensburg, Germany; Email:
bernd.blobel@klinik.uni-regensburg.de
; URL:
http://www.ehealth-cc.de
Structure of the Tutorial
Besides an introduction covering the objectives of the tutorial as well as explaining
specific legal, ethical, organizational, functional and technical challenges, threats and
risks in modern Health Information Systems, some basics of cryptography are ex-
plained, followed by a presentation of system security services and mechanisms.
Among others, solutions for a secure HL7 communication according to user require-
ments and for a strong user authentication within the EDI security framework are intro-
duced. A special part of the tutorial introduced in the methodology of formal security
modeling, privilege management and access control as well as related international
standards and practically implemented policies. Eventually, issues concerning specifics
of TTP technical frameworks including personalized devices according to legal re-
quirements will be presented. The tutorial ends with a summary giving conclusions and
recommendations for nowadays Health Information Systems and Health Networks.
Content of the Tutorial
Requirements for future-proof information systems
Systems, information cycle, models, constraint modeling
EU eHealth strategy and infrastructural services
Challenge of ethics and the ethical principles
Legal and ethical challenges for security, safety and quality in health information
systems
Relevant EU legislation and important equivalent national legislation (e.g. USA)
Dimensions of security and relevant security standards
Organizational aspects of security, safety and quality
Security, safety and quality concerns of different stakeholder groups
Secure EHR communication
Policies, policy statements, policy negotiation, policy bridging
System analysis, design and implementation, unified processes
The Generic Component Model, formal models, and the PMAC example
Security-related knowledge representation, KR languages, constraint modeling
Practical solutions: Communication and application security
Practical solutions: Security infrastructure and infrastructural services
Expected Results
The tutorial will provide well-balanced content with regard to the activities’ starting
points, the main goals and the way how to achieve success within the general frame-
work of international initiatives. The instructors will provide important project results
both from the medical and the industrial point of view including important legal and
social results as an input for the ongoing legislation process. The focus will also in-
clude practical experiences in using the results of several projects, initiatives, and
standards for real-life Health Information Systems and Health Networks.
Potential Participants
Informaticians and computer scientists, medical doctors and technicians intended or
engaged to, or responsible for, analysis, design, implementation, and use of distributed
health information systems and health networks including Internet should attend. The
tutorial provides a well-defined combination of about 50% basics and another 50% of
enhanced knowledge and understanding of security issues for non-specialists. Besides a
general understanding for health IT processes, there are no other prerequisites.
Tutor:
Bernd Blobel, PhD, Associate Professor, Head of the German eHealth Compe-
tence Center in Regensburg, Fellow of the American College for Medical Informatics
The tutor has been partner and national coordinator in several EU projects within EU
Frameworks like Information Society Technology Programme (IST) and Information
Society Initiatives for Standards (ISIS) Programme funded by the European Commis-
sion. In detail, such projects are ISHTAR, TrustHealth, HARP, RESHEN, and Bio-
Health. Bernd Blobel is Chair of the German Health Informatics Standards Body and
Head of the German Delegation to ISO TC 215 and CEN TC 251, but also Chair of
HL7 Germany. He is chair/co-chair of several international and German working
groups dealing with security, EHR and system architecture in health care as, e.g., the
EFMI Working Groups "Security Safety and Ethics" and "Electronic Health Records",
the German Medical Informatics Association WG “Standards for Interoperability and
EHR”, and the German Data Ombudsmen Association WG "Data Protection and Data
Security in Healthcare and Welfare". He is Fellow of the American College of Medical
Informatics.
Selected References
[1]
Bake C, Blobel B, Münch P (Hrsg.): Handbuch Datenschutz und Datensicherheit im Gesundheits- und
Sozialwesen, 3. überarbeitete und erweiterte Auflage. DATAKONTEXT-FACHVERLAG GmbH,
Frechen 2009. (in German)
[2]
Blobel B, Nordberg R, Davis JM, Pharow P (2006) Modelling privilege management and access
control. International Journal of Medical Informatics
75
, 8 (2006) pp. 597-623.
[3]
Blobel B (2006) Advanced and secure architectural EHR approaches. International Journal of Medical
Informatics
75
, 3-4 (2006) pp. 185-190.
[4]
Pharow P, Blobel B (2005) Electronic signatures for long-lasting storage purposes in electronic ar-
chives. International Journal of Medical Informatics
74
, 2-4, March 2005, pp. 279-287.
[5]
Blobel B, Davis JM (2005) Chapter 11: Health
e
People Security Architecture. In: Demetriades JE,
Kolodner RM, Christopherson GA (Edrs.): Person-Centred Health Records – Towards Health
e
People,
pp 147-168. Health Informatics Series. Springer, New York.
[6]
Blobel B (2004) Authorisation and Access Control for Electronic Health Record Systems. Internation-
al Journal of Medical Informatics
73
(2004) pp. 251-257.
[7]
Blobel B, Hoepner P, Joop R, Karnouskos S, Kleinhuis G, Stassinopoulos G (2003) Using a privilege
management infrastructure for secure web-based e-health applications. Computer Communications 26
(2003), pp. 1863-1872.
[8]
Blobel B: Analysis, Design and Implementation of Secure and Interoperable Distributed Health Infor-
mation Systems. Series “Studies in Health Technology and Informatics” Vol. 89. IOS Press, Amster-
dam 2002.
[9]
Allaert F-A, Blobel B, Louwerse K and Barber B (Edrs.): Security Standards for Healthcare Infor-
mation Systems – A Perspective from the EU ISIS MEDSEC Project. Series “Studies in Health Tech-
nology and Informatics” Vol. 69. IOS Press, Amsterdam 2002.
[10]
Blobel B, Roger-France F (2001) A Systematic Approach for Analysis and Design of Secure Health
Information Systems. International Journal of Medical Informatics
62
(3), 51-78.
[11]
The ISHTAR Consortium (Edr.):Implementing Secure Health Telematics Applications in Europe.
Series “Studies in Health Technology and Informatics” Vol. 66. IOS Press, Amsterdam 2001.