ABSTRACT
Information security and privacy are the major concerns in healthcare domain. However, there lacks a comprehensive framework for evaluating the security engineering practices for healthcare systems. Current transition from institution-centered to patient-centered healthcare introduces additional security and privacy problems. With the intensive human (especially the patient) interaction involved in the patient-centered health care systems, information security and privacy can be assured not only by technologies and infrastructure but also by process. This paper develops a mapping from SSE-CMM process areas to the patient-centered healthcare domain aiming at establishing a set of metrics to assess security risks for patient-centered healthcare systems. Based on the mapping, a security risk assessment process is then proposed to evaluate the PHR system (a typical patient-centered healthcare system).
- Diamond, C. C.: "Private Health Records: Privacy Implications of the Federal Government's Health Information Technology Initiative". (2007)Google Scholar
- Gerteis, M., etc: "Through the Patient's Eyes: Understanding and Promoting Patient-Centered Care". Jossey-Bass Health Series (2002)Google Scholar
- HIMSS: "HIMSS PHR Definition and Position Statement". (2007)Google Scholar
- Boehm, B.: "Tutorial: Software Risk Management". IEEE Computer Society Press (1989) Google ScholarDigital Library
- Carr, M., Kondra, S., Monarch, I., Ulrich, F., Walker, C.: "Taxonomy-Based Risk Identification". Software Engineering Institute, Technical Report, CMU/SEI-93-TR-0060 (1993)Google Scholar
- Higuera, R. P., Haimes, Y. Y.: "Software Risk management". Software Enginering Institute, Technical Report, CMU/SEI-96-TR-012 (1996)Google Scholar
- Williams, R. C., Pandelios, G. J., Behrens, S. G.: "SRE Method Description (Version 2.0) & SRE Team Members Notebook". Software Engineering Institute, Technical Report, CMU/SEI-99-TR-029 (1996)Google Scholar
- Bröckers, A.: "Process-based software risk assessment". EWSPT4, Noordwijkerhout, The Netherlands (1995)Google Scholar
- Stølen, K., Braber, F. d., Dimitrakos, T., Fredriksen, R., Gran, B. A., Houmb, S.--H.: "Model-based risk assessment - the CORAS approach". NIK (2002)Google Scholar
- Aagedal, J. Ø., Braber, F. d., Dimitrakos, T., Gran, B. A., Raptis, D., Stølen, K.: "Model-based Risk Assessment to Improve Enterprise Security". the Fifth International Enterprise Distributed Object Computing Conference, Lausanne, Switzerland (2002) 51--62 Google ScholarDigital Library
- Model Description Document Version 3.0. SSE-CMM Project & ISSEA Team (2003)Google Scholar
- National Institute of Standards and Technology (NIST). http://www.nist.gov/Google Scholar
- COBIT, http://www.isaca.org/cobit.htm.Google Scholar
- 104th, Congress: Heath Insurance Portability and Accountability Act of 1996. Public Law 104-191 (1996)Google Scholar
- Centers for Medicare & Medicaid Services (CMS), H.: "Health Insurance Reform: Security Standards". In: Services, H. a. H. (ed.): (2003)Google Scholar
- Office of the Assistant Secretary for Planning and Evaluation, D.: "Standards for Privacy of Individually Identifiable Health Information". In: Services, H. a. H. (ed.): (2000)Google Scholar
- Gallagher, L. A.: "Privacy and Security Issues for PHRs". (2007)Google Scholar
- Yang, Y., Bhuta, J., Boehm, B., Port, D. N.: "Value-based processes for COTS-based applications". Software, IEEE 22 (2005) 54--62 Google ScholarDigital Library
Index Terms
- Developing a SSE-CMM-based security risk assessment process for patient-centered healthcare systems
Recommendations
Enhancing accountability of electronic health record usage via patient-centric monitoring
IHI '12: Proceedings of the 2nd ACM SIGHIT International Health Informatics SymposiumElectronic Health Record (EHR) and Personal Health Record (PHR) systems could allow patients to better manage their health information and share it to enhance the quality and efficiency of their healthcare. Unfortunately, misuse of information stored in ...
Design and application of a Health Insurance Portability and Accountability Act-compliant privacy framework for pervasive healthcare
With an increasing emphasis on pervasive healthcare services, providing a high degree of privacy to patients is becoming a major challenge due to: (a) an increased number of avenues, such as device, access points, switches and database; (b) more threats ...
Protection of Patient's Privacy and Data Security in E-Health Services
BMEI '08: Proceedings of the 2008 International Conference on BioMedical Engineering and Informatics - Volume 01E-Health involves new forms of patient-physician interaction and poses new ethical challenges and threats to patient privacy. This paper reviews Health On the Net Foundation Code of Conduct (HONcode) accredited e-Health websites that provide online ...
Comments