Ασφάλεια και Ιδιωτικότητα σε πληροφοριακά συστήματα υγείας

Καρασταμάτη, Ευαγγελία

Master Thesis

Author

Καρασταμάτη, Ευαγγελία

Date

2013-04-22

Abstract

Information Technology (IT) came in order to convert the ways that modern systems of health care acquire, store, have access and transmit medical information. These developments offer significant benefits to both the patients and to the medical or nursing personnel. This unambiguously, leads to the adoption and implementation of solutions such as information systems and information technologies, in order to record and process effectively this large amount of data that derive both from the medical and the administrative-economic operations of the organizations. This dissertation includes issues related to health information systems and computer applications in this field. The aim of this study is to comprehend the meaning of information systems in the health sector. Therefore, the functions of an Integrated Health Information System and its various subsystems are presented. Subsequently, we present the issues of interoperability and data exchange between health information systems, which are of critical matter for the success and utilization of IT Infrastructure from health professionals. Thus, the various levels of interoperability are studied briefly, as well as the standards and encodings that exist in the health sector. In addition, through this study, matters such as the protection of patients’ rights and fundamental freedoms, the protection of personal data and ensuring a high level of protection against cross-border transfer, are discussed. Moreover, we present legal issues arising from the introduction of technology in the healthcare sector. The issues of information security and the protection of personal data are of high importance in modern Information Systems and of utmost priority in healthcare. Patients’ medical records constitute particular sensitive data. Given the sensitivity of personal information, it is imperative to meet the requirements for data security and integrity. The security of sensitive data is an important issue for which technology has provided effective solutions, which may even be considered to be more effective than the ones that are currently applied for the maintenance and storage of patients’ medical records. Thereafter, we present an overview of the current trends in relation to the security aspects of Health Information Systems. Finally, because of the sensitivity of medical data, the need for selecting appropriate security countermeasures is constantly increasing and the procedures for selecting these measures is considered a tedious process. In the end, we present the Risk Analysis method, a process that identifies and classifies the security issues based on their significance and finally proposes solutions to resolve them. Furthermore, we present the different ways of the Risk Analysis process, the main methods that are currently used and the software packages that are available on the market. To conclude, we present a practical implementation of the Risk Analysis process using CRAMM, on a supposing Integrated Health Information System of a Regional Health Network.