Skip to main content

Advertisement

Log in

A Security Framework for Nationwide Health Information Exchange based on Telehealth Strategy

  • Systems-Level Quality Improvement
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

This study focuses on the situation of health information exchange (HIE) in the context of a nationwide network. It aims to create a security framework that can be implemented to ensure the safe transmission of health information across the boundaries of care providers in Malaysia and other countries. First, a critique of the major elements of nationwide health information networks is presented from the perspective of security, along with such topics as the importance of HIE, issues, and main approaches. Second, a systematic evaluation is conducted on the security solutions that can be utilized in the proposed nationwide network. Finally, a secure framework for health information transmission is proposed within a central cloud-based model, which is compatible with the Malaysian telehealth strategy. The outcome of this analysis indicates that a complete security framework for a global structure of HIE is yet to be defined and implemented. Our proposed framework represents such an endeavor and suggests specific techniques to achieve this goal.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

References

  1. Kellermann, A. L., and Jones, S. S., What it will take to achieve the as-yet-unfulfilled promises of health information technology. Health Aff. 32:63–68, 2013.

    Article  Google Scholar 

  2. Brailer, D. J., Interoperability: the key to the future health care system. Health Aff.-Millwood VA Bethesda MA 24:W5, 2005.

    Google Scholar 

  3. Kuperman, G. J., Blair, J. S., Franck, R. A., Devaraj, S., Low, A. F., et al., Developing data content specifications for the nationwide health information network trial implementations. J. Am. Med. Inform. Assoc. 17:6–12, 2010.

    Article  Google Scholar 

  4. Walker, J., Pan, E., Johnston, D., Adler-Milstein, J., Bates, D. W., and Middleton, B., The value of health care information exchange and interoperability. Health Aff.-Millwood VA Bethesda MA 24:W5, 2005.

    Google Scholar 

  5. Kuperman, G. J., Health-information exchange: why are we doing it, and what are we doing? J. Am. Med. Inform. Assoc. 18:678–682, 2011.

    Article  Google Scholar 

  6. Garets, D., and Davis, M., Electronic medical records vs. electronic health records: yes, there is a difference, Policy white paper. Chicago, HIMSS Analytics, 2006.

  7. Benli, S., Yaylacicegi, U., Vetter, R., Reinicke, B., and Mitchell, S., Information security blueprint for national health information network. Ann. Master Sci. Comput. Sci. Inf. Syst. UNC Wilmington 6, 2012.

  8. Shapiro, J. S., Kannry, J., Lipton, M., Goldberg, E., Conocenti, P., Stuard, S., Wyatt, B. M., and Kuperman, G., Approaches to patient health information exchange and their impact on emergency medicine. Ann. Emerg. Med. 48:426–432, 2006.

    Article  Google Scholar 

  9. Liu, W., Park, E., and Krieger, U., eHealth interconnection infrastructure challenges and solutions overview. e-Health Networking, Applications and Services (Healthcom), 2012 I.E. 14th International Conference on, IEEE, 2012, pp. 255–260.

  10. Payne, T. H., Detmer, D. E., Wyatt, J. C., and Buchan, I. E., National-scale clinical information exchange in the United Kingdom: lessons for the United States. J. Am. Med. Inform. Assoc. 18:91–98, 2011.

    Article  Google Scholar 

  11. Kaelber, D. C., and Bates, D. W., Health information exchange and patient safety. J. Biomed. Inform. 40:S40–S45, 2007.

    Article  Google Scholar 

  12. Zaidan, A. A., Zaidan, B. B., Kadhem, Z., Larbani, M., Lakulu, M. B., and Hashim, M., Challenges, alternatives, and paths to sustainability: better public health promotion using social networking pages as key tools. J. Med. Syst. 39(2):1–14, 2015.

    Article  Google Scholar 

  13. Bailey, J. E., Pope, R. A., Elliott, E. C., Wan, J. Y., Waters, T. M., and Frisse, M. E., Health information exchange reduces repeated diagnostic imaging for back pain. Ann. Emerg. Med. 45:3, 2013.

    Google Scholar 

  14. Iezzoni, L. I., Assessing quality using administrative data. Ann. Intern. Med. 127:666–674, 1997.

    Article  Google Scholar 

  15. Safran, C., Bloomrosen, M., Hammond, W. E., Labkoff, S., Markel-Fox, S., Tang, P. C., and Detmer, D. E., Toward a national framework for the secondary use of health data: an American Medical Informatics Association white paper. J. Am. Med. Inform. Assoc. 14:1–9, 2007.

    Article  Google Scholar 

  16. Roelofs, E., Persoon, L., Nijsten, S., Wiessler, W., Dekker, A., and Lambin, P., Benefits of a clinical data warehouse with data mining tools to collect data for a radiotherapy trial. Radiother. Oncol., 2013.

  17. Song, M., Liu, K., Abromitis, R., and Schleyer, T. L., Reusing electronic patient data for dental clinical research: a review of current status. J. Dent., 2013.

  18. Wasserman, R. C., Electronic medical records (EMRs), epidemiology, and epistemology: reflections on EMRs and future pediatric clinical research. Acad. Pediatr. 11:280–287, 2011.

    Article  Google Scholar 

  19. Kiah, M. L. M., Haiqi, A., Zaidan, B. B., and Zaidan, A. A., Open source EMR software: profiling, insights and hands-on analysis. Comput. Methods Prog. Biomed. 117(2):360–382, 2014.

    Article  Google Scholar 

  20. Cios, K. J., and William Moore, G., Uniqueness of medical data mining. Artif. Intell. Med. 26:1–24, 2002.

    Article  Google Scholar 

  21. Regidor, E., The use of personal data from medical records and biological materials: ethical perspectives and the basis for legal restrictions in health research. Soc. Sci. Med. 59:1975–1984, 2004.

    Article  Google Scholar 

  22. Vest, J. R., Health information exchange: national and international approaches. Adv. Health Care Manag. 12:3–24, 2012.

    Article  Google Scholar 

  23. Park, H., Lee, S., Kim, Y., Heo, E.-Y., Lee, J., Park, J. H., and Ha, K., Patients’ perceptions of a health information exchange: a pilot program in South Korea. Int. J. Med. Inform. 82:98–107, 2013.

    Article  Google Scholar 

  24. Gritzalis, D., and Lambrinoudakis, C., A security architecture for interconnecting health information systems. Int. J. Med. Inform. 73:305–309, 2004.

    Article  Google Scholar 

  25. Flores, A., Secure exchange of information in electronic health records, 2010.

  26. van der Linden, H., Kalra, D., Hasman, A., and Talmon, J., Inter-organizational future proof EHR systems: a review of the security and privacy related issues. Int. J. Med. Inform. 78:141–160, 2009.

    Article  Google Scholar 

  27. Sucurovic, S., Implementing security in a distributed web-based EHCR. Int. J. Med. Inform. 76:491–496, 2007.

    Article  Google Scholar 

  28. Xiao, L., Vicente, J., Sáez, C., Peet, A., Gibb, A., Lewis, P., Dasmahapatra, S., Croitoru, M., González-Vélez, H., Ariet, M. L., et al., A security model and its application to a distributed decision support system for healthcare. Availability, Reliability and Security, 2008. ARES 08. Third International Conference on, IEEE, 2008, pp. 578–585.

  29. “Nationwide Health Information Network (NwHIN).”

  30. Lenert, L., Sundwall, D., and Lenert, M. E., Shifts in the architecture of the nationwide health information network. J. Am. Med. Inform. Assoc. 19:498–502, 2012.

    Article  Google Scholar 

  31. “The Direct Project,” 2013.

  32. Coiera, E., Building a national health IT system from the middle out. J. Am. Med. Inform. Assoc. 16:271–273, 2009.

    Article  Google Scholar 

  33. M. Ministry of Health (MOH), Malaysia’s telemedicine blueprint: leading healthcare into the information age, 1997.

  34. Ghani, M. K. A., An integrated and distributed framework for a Malaysian Telemedicine System (MyTEL), 2008.

  35. Som, M. M., Norali, A., and Ali, M. M., Telehealth in Malaysia—An overview, Industrial Electronics & Applications (ISIEA), 2010 I.E. Symposium on, IEEE, 2010, pp. 660–664.

  36. Alaudin, D. F. S., AeHIN General Meeting 2013: eHealth Updates Malaysia, 2013.

  37. Hisan, D. A., Malaysian Health Information Exchange (MyHIX), 2012.

  38. M. Malaysia, “IHE CONNECTATHON - MSC Malaysia.”

  39. M. newsletter, MIMOS collaborates with Health Ministry to develop Healthcare IT, 2013.

  40. Wei, J., Hu, X., and Liu, W., An improved authentication scheme for Telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.

    Article  Google Scholar 

  41. Wu, Z. Y., Lee, Y.-C., Lai, F., Lee, H.-C., and Chung, Y.-F., A secure authentication scheme for Telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.

    Article  Google Scholar 

  42. Kiah, M. L. M., Al-Bakri, S. H., Zaidan, A. A., Zaidan, B. B., and Hussain, M., Design and develop a video conferencing framework for real-time telemedicine applications using secure group-based communication architecture. J. Med. Syst. 38(10):1–11, 2014.

    Google Scholar 

  43. Alanazi, H. O., Zaidan, A. A., Zaidan, B. B., Kiah, M. L., and Al-Bakri, S. H., Meeting the security requirements of electronic medical records in the ERA of high-speed computing. J. Med. Syst. 39(1):1–13, 2015.

    Article  Google Scholar 

  44. He, D., Chen, J., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.

    Article  Google Scholar 

  45. Das, A. K., and Goswami, A., A secure and efficient uniquenessand-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37(3):1–16, 2013.

    Article  Google Scholar 

  46. Chang, Y.-F., Yu, S.-H., and Shiao, D.-R., An uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37:9902, 2013.

    Article  Google Scholar 

  47. Alanizi, H. O., Mat Kiah, M. L., Zaidan, A. A., Zaidan, B. B., and Alam, G. H., Secure topology for electronic medical record transmissions. Int. J. Pharmacol. 6(6):954–958, 2010. http://scialert.net/fulltext/?doi=ijp.2010.954.958&org=11 [accessed 2012-03-24] [WebCite Cache].

    Article  Google Scholar 

  48. Zaidan, B. B., Zaidan, A. A., and Mat Kiah, M. L., Impact of data privacy and confidentiality on developing telemedicine applications: a review participates opinion and expert concerns. Int. J. Pharmacol. 7(3):382–387, 2011.

    Article  Google Scholar 

  49. Kiah, M. L., Nabi, M. S., Zaidan, B. B., and Zaidan, A. A., An enhanced security solution for electronic medical records based on AES hybrid technique with SOAP/XML and SHA-1. J. Med. Syst. 37(5):1–18, 2013.

    Article  Google Scholar 

  50. Li, Y.-C., Hung, M.-C., Hsiao, S.-J., Tsai, K.-D., Chang, M.-M., An assessment of patient safety in acupuncture process under EMR support. J. Med. Syst. 35(6):1447–1453, 2011.1,789 KB).

  51. Ullah, S., and Alamri, A., A secure RFID-based WBAN for healthcare applications. J. Med. Syst. 37(5):1–9, 2013.

    Article  Google Scholar 

  52. Yan, X., Li, W., Li, P., Wang, J., Hao, X., and Gong, P., A secure biometrics-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(2):1–6, 2013.

    MATH  Google Scholar 

  53. Hamdan, O., Alanazi, H. A., Jalab, G. M., Alam, B. B., and Zaidan, A. A., Securing electronic medical records transmissions over unsecured communications: an overview for better medical governance. J. Med. Plant Res. 4(19):2059–2074, 2010.

    Google Scholar 

  54. Hsu, C.-L., Lee, M.-R., and Su, C.-H., The role of privacy protection in healthcare information systems adoption. J. Med. Syst. 37:9966, 2013.

    Article  Google Scholar 

  55. Rivest, R. L., Shamir, A., and Adleman, L., A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21:120–126, 1978.

    Article  MATH  MathSciNet  Google Scholar 

  56. Boneh, D., Rivest, R., Shamir, A., Adleman, L., et al., Twenty years of attacks on the RSA cryptosystem. Not. AMS 46:203–213, 1999.

    MATH  Google Scholar 

  57. Salah, I. K., Darwish, A., and Oqeili, S., Mathematical attacks on RSA cryptosystem. J. Comput. Sci. 2:665, 2006.

    Article  Google Scholar 

  58. Kocher, P. C., Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems, Advances in Cryptology—CRYPTO’96, Springer, 1996, pp. 104–113.

  59. Boneh, D., Joux, A., and Nguyen, P.Q., Why textbook ElGamal and RSA encryption are insecure, Advances in Cryptology—ASIACRYPT 2000, Springer, 2000, pp. 30–43.

  60. Diffie, W., The first ten years of public-key cryptography. Proc. IEEE 76:560–577, 1988.

    Article  Google Scholar 

  61. Koblitz, N., Elliptic curve cryptosystems. Math. Comput. 48:203–209, 1987.

    Article  MATH  MathSciNet  Google Scholar 

  62. Gupta, V., Gupta, S., Chang, S., and Stebila, D., Performance analysis of elliptic curve cryptography for SSL, Proceedings of the 1st ACM Workshop on Wireless Security, ACM, 2002, pp. 87–94.

  63. Jurišic, A., and Menezes, A., Elliptic curves and cryptography. Dr. Dobb’s J., 1997, pp. 26–36.

  64. Kapoor, V., Abraham, V. S., and Singh, R., Elliptic curve cryptography. ACM Ubiquit. 9:20–26, 2008.

    Google Scholar 

  65. Hoffstein, J., Pipher, J., and Silverman, J. H., NTRU: a ring-based public key cryptosystem. Algorithmic Number Theory, Springer, 1998, pp. 267–288.

  66. Hermans, J., Vercauteren, F., and Preneel, B., Speed records for NTRU. Topics in Cryptology-CT-RSA 2010, Springer, 2010, pp. 73–88.

  67. Perlner, R. A., and Cooper, D. A., Quantum resistant public key cryptography: a survey. Proceedings of the 8th Symposium on Identity and Trust on the Internet, ACM, 2009, pp. 85–93.

  68. Daemen, J., and Rijmen, V., AES proposal: Rijndael. First Advanced Encryption Standard (AES) Conference, 1998.

  69. Standard, N.-F., Announcing the Advanced Encryption Standard (AES). Fed. Inf. Process. Stand. Publ. 197, 2001.

  70. Biryukov, A., Dunkelman, O., Keller, N., Khovratovich, D., and Shamir, A., Key recovery attacks of practical complexity on AES-256 variants with up to 10 rounds. Advances in Cryptology–EUROCRYPT 2010, Springer, 2010, pp. 299–319.

  71. Schneier, B., Kelsey, J., Whiting, D., Wagner, D., Hall, C., and Ferguson, N., Performance comparison of the AES submissions, 1999.

  72. Schneier, B., The Blowfish encryption algorithm. Dr Dobb’s J.-Softw. Tools Prof. Program. 19:38–43, 1994.

    Google Scholar 

  73. Schneier, B., Description of a new variable-length key, 64-bit block cipher (Blowfish). Fast Software Encryption, Springer, 1994, pp. 191–204.

  74. Gonzalez, T., A Reflection attack on blowfish. J Latex Files 6, 2007.

  75. Rivest, R. L., Robshaw, M. J., Sidney, R., and Yin, Y. L., The RC6 block cipher. In First Advanced Encryption Standard (AES) Conference, Citeseer, 1998.

  76. Rivest, R. L., The RC5 encryption algorithm. Fast Software Encryption, Springer, 1995, pp. 86–96.

  77. “RSA Security.”

  78. PUB, F., Secure hash standard. Public Law 100:235, 1995.

    Google Scholar 

  79. Wang, X., Yin, Y. L., and Yu, H., Finding collisions in the full SHA-1. Advances in Cryptology–CRYPTO 2005, Springer, 2005, pp. 17–36.

  80. W3C, “XML TECHNOLOGY.”

  81. Naedele, M., Standards for XML and Web services security. Computer 36:96–98, 2003.

    Article  Google Scholar 

  82. Chester, T. M., Cross-platform integration with XML and SOAP. IT Prof. 3:26–34, 2001.

    Article  Google Scholar 

  83. Achard, F., Vaysseix, G., and Barillot, E., XML, bioinformatics and data integration. Bioinformatics 17:115–125, 2001.

    Article  Google Scholar 

  84. Gudgin, M., Hadley, M., Mendelsohn, N., Moreau, J.-J., Nielsen, H. F. , Karmarkar, A., and Lafon, Y., Simple object access protocol (SOAP) 1.2. World Wide Web Consortium, 2003.

  85. Brown, A., Fox, B., Hada, S., LaMacchia, B., and Maruyama, H., SOAP security extensions: Digital signature. See www.w3.org/TR/SOAP-dsig, 2001.

  86. Nabi, M. S. A., Mat Kiah, M. L., Zaidan, B. B., Zaidan, A. A., and Alam, G. M., Suitability of using SOAP protocol to secure electronic medical record databases transmission. Int. J. Pharmacol. 6(6):959–964, 2010.

    Article  Google Scholar 

  87. Adams, C., and Lloyd, S., Understanding the Public-Key Infrastructure: Concepts, Standards and Deployment Considerations. Sams Publishing, 1999.

  88. Ford, W., Hallam-Baker, P., Fox, B., Dillaway, B., LaMacchia, B., Epstein, J., and Lapp, J., Xml key management specification (xkms). W3C note, March, 2001.

  89. Mirth Connect, Available at: http://www.mirthcorp.com/products/mirth-connect, Last accessed: 05/12/2013.

Download references

Acknowledgments

This research was partially funded by the high impact research unit (HIR) at the University of Malaya under grant number UM.C/HIR/MOHE/FCSIT/12.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to A. A. Zaidan.

Additional information

This article is part of the Topical Collection on Systems-Level Quality Improvement

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zaidan, B.B., Haiqi, A., Zaidan, A.A. et al. A Security Framework for Nationwide Health Information Exchange based on Telehealth Strategy. J Med Syst 39, 51 (2015). https://doi.org/10.1007/s10916-015-0235-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-015-0235-1

Keywords

Navigation