Abstract
With the progress and the development of information technology, the internal data in medical organizations have become computerized and are further established the medical information system. Moreover, the use of the Internet enhances the information communication as well as affects the development of the medical information system that a lot of medical information is transmitted with the Internet. Since there is a network within another network, when all networks are connected together, they will form the “Internet”. For this reason, the Internet is considered as a high-risk and public environment which is easily destroyed and invaded so that a relevant protection is acquired. Besides, the data in the medical network system are confidential that it is necessary to protect the personal privacy, such as electronic patient records, medical confidential information, and authorization-controlled data in the hospital. As a consequence, a medical network system is considered as a network requiring high security that excellent protections and managerial strategies are inevitable to prevent illegal events and external attacks from happening. This study proposes secure medical managerial strategies being applied to the network environment of the medical organization information system so as to avoid the external or internal information security events, allow the medical system to work smoothly and safely that not only benefits the patients, but also allows the doctors to use it more conveniently, and further promote the overall medical quality. The objectives could be achieved by preventing from illegal invasion or medical information being stolen, protecting the completeness and security of medical information, avoiding the managerial mistakes of the internal information system in medical organizations, and providing the highly-reliable medical information system.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
The state of HIPAA privacy and security compliance, AHIMA, April 2005.
Institute of Medicine, The computer-based patient record, An essential technology for health care, NAP, Washington, DC, 1991 (revised 1997).
NVN-ENV 12924, 1997 Medical informatics, Division of Security and Protection of Information Systems in Health Care.
W. Stallings, Cryptography and network security, principles and practice, 3rd Edition. Prentice Hall, 2003.
AIM (Advance Informatics in Medicine, Secure Environment for Information Systems in medicine, SEISMED (A2033)/SP14/HILD/05.07. 95.
Snee, N. L., and McCormick, K. A., The case for integrating public health informatics networks. Eng Med Biol Mag 23(1):81–88, 2004.
Detmer, D. E., Building the National Health Information Infrastructure for Personal Health, Health Care Services, Public Health and Research. BMC Medical Informatics and Decision Making, 3(1), 2003.
Shepherd, M., Challenges in Health Informatics, The 40th Annual Hawaii International Conference on System Sciences, pp. 135, 2007.
ISO TS 17090 Health Informatics, Public key infrastructure, Part 1, framework and overview, Part 2, certification profiles, Part 3, policy management of certification authority (revised towards an ISO standards by ISO TC 215 WG 4 in 2004).
Povalej, P., Leni, M., Zoman, M., Kokol, P., and Dinevski, D., Accuracy of intelligent medical systems. Comput Meth Programs Biomed 80:S95–S105, 2005.
Kokol, P., Babic, S. H., Podgorelec, V., and Zorman, M., Some ideas about intelligent medical system design. The 12th IEEE Symposium on Computer-Based Medical Systems, pp. 48–52, 1999.
Kokol, P., Method Engineering—A Framework for Improved Computer Based Medical Systems Design, Ninth IEEE Symposium on Computer-Based Medical Systems, pp. 41–46, 1996.
Ross, M. M., and Kyusuk, C., Current issues in health care informatics. J Med Syst 30(1):1–2, 2006.
Benaloh, J., Chase, M, Horvitz, E., and Lauter, K., Patient controlled encryption: ensuring privacy of electronic medical records. Proceedings of the 2009 ACM workshop on Cloud computing security, November, 2009.
Panko, R., Corporate Computer and Network Security. Prentice-Hall, Englewood Cliffs, 2003.
Tao, L., Introduction to Network Security. Electronic Industry Press, Beijing, pp. 107–111, 2003.
Bartal, Y., Mayer, A., Nissim, K., and Wool, A., Firmato: A novel firewall management toolkit. ACM Trans Comput Syst 22(4):381–420, 2004.
Chapman, D., and Zwicky, E. Building internet firewalls, Second Edition. Orielly & Associates Inc., 2000.
Cheswick, W., and Belovin, S., Firewalls and Internet Security. Addison-Wesley, 1995.
Mayer, A., Wool, A., and Ziskind, E., Fang: A Firewall Analysis Engine. The 2000 IEEE Symposium on Security and Privacy, pp. 177, May 2000.
Ioannidis, S., Keromytis, A., Bellovin, S., and Smith, J., Implementing a distributed firewall. Conference on Computer and Communications Security, pp. 190–199, November 2000.
Hua, W. J., Su, C. X., Zhu, Z. Y., and Jun, N. A flexible policy-based firewall management framework. International Conference on Cyberworlds, pp. 192–194, 2008.
Acknowledgement
The work is partially supported by a project from NSC, Taiwan with grant no. 99-2219-E-011-004.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Liu, CH., Chung, YF., Chen, TS. et al. The Enhancement of Security in Healthcare Information Systems. J Med Syst 36, 1673–1688 (2012). https://doi.org/10.1007/s10916-010-9628-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10916-010-9628-3