ICMCC 2010 Personal Health Tutorial Blobel.rtf

4 pages

English

ICMCC 2010 Personal Health Tutorial Blobel.rtf

Methong - Drs Lodewijk Bos

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

4 pages

English

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

A propos
Informations
Extrait

Description

eHealth Platforms for Personal Health: Model-based Analysis and Design of Ad-vanced Security and Privacy Services ICMCC 2010 Tutorial 1Bernd BLOBEL eHealth Competence Center, Regensburg University Hospital, Regensburg, Germany Abstract. The tutorial is based on long term international lecturing experiences at university level as well as common efforts performed in the EFMI WG “Security, Safety and Ethics (SSE)” and EFMI WG “Electronic Health Records (EHR)”. It addresses requirements and solutions for secure, reliable, trustworthy Health In-formation Systems (HIS) and Health Networks (HN) reflecting results of several international and European standards and projects but also related national and re-gional activities. It aims at providing a platform for information/discussion on le-gal, social, behavioral, organizational, and technical aspects/implications for trustworthy Health Telematics. The tutorial provides a comprehensive overview on security threats, risks, and, in particular, solutions in modern distributed Health In-formation Systems including Health Networks aiming at communication and ap-plication security. A special focus will be put on formally modeling security and privacy services embedded in advanced systems' architectures. Taking the recent developments in European countries and beyond into account, personalized porta-ble devices including cards will play an increasing role in providing IT-based health services. Devices for citizens ...

Sujets

management

Informations

Publié par	Methong
Nombre de lectures	46
Langue	English

Extrait

eHealth Platforms for Personal Health:

Model-based Analysis and Design of Ad-

vanced Security and Privacy Services

ICMCC 2010 Tutorial

Bernd BLOBEL

eHealth Competence Center, Regensburg University Hospital, Regensburg, Germany

Abstract.

The tutorial is based on long term international lecturing experiences at

university level as well as common efforts performed in the EFMI WG “Security,

Safety and Ethics (SSE)” and EFMI WG “Electronic Health Records (EHR)”. It

addresses requirements and solutions for secure, reliable, trustworthy Health In-

formation Systems (HIS) and Health Networks (HN) reflecting results of several

international and European standards and projects but also related national and re-

gional activities. It aims at providing a platform for information/discussion on le-

gal, social, behavioral, organizational, and technical aspects/implications for

trustworthy Health Telematics. The tutorial provides a comprehensive overview on

security threats, risks, and, in particular, solutions in modern distributed Health In-

formation Systems including Health Networks aiming at communication and ap-

plication security. A special focus will be put on formally modeling security and

privacy services embedded in advanced systems' architectures. Taking the recent

developments in European countries and beyond into account, personalized porta-

ble devices including cards will play an increasing role in providing IT-based

health services. Devices for citizens/patients and for health professionals will

change procedures and lead to new ones. Such devices can allow for a better pri-

vacy and safety strategies. Thus, patients’ and professionals’ empowerment, in-

volvement, and integration into treatment and care processes are keys to be ad-

dressed in this tutorial. As special part, biometrics and ID management will be dis-

cussed.

Objectives of the Tutorial

The tutorial concerns requirements and solutions for secure, reliable, and trustworthy

future-proof Health Information Systems and international Health Networks thereby

reflecting the results of several international and European standards as well as Euro-

pean research and best practice projects but also related activities on a national or even

regional scale. It provides a platform for advanced information and discussion of legal,

social, behavioral, organizational, and underlying technical aspects and implications for

Internet-based trustworthy health telematics and eHealth. Furthermore, the exploitation

of results to wards personalized health service provision (pHealth) including related

standardization issues is highlighted.

Corresponding Author: Bernd Blobel, PhD, Associate Professor; eHealth Competence Center, Regens-

burg University Hospital; Franz-Josef-Strauss-Allee 11, D-93042 Regensburg, Germany; Email:

bernd.blobel@klinik.uni-regensburg.de

; URL:

http://www.ehealth-cc.de

Structure of the Tutorial

Besides an introduction covering the objectives of the tutorial as well as explaining

specific legal, ethical, organizational, functional and technical challenges, threats and

risks in modern Health Information Systems, some basics of cryptography are ex-

plained, followed by a presentation of system security services and mechanisms.

Among others, solutions for a secure HL7 communication according to user require-

ments and for a strong user authentication within the EDI security framework are intro-

duced. A special part of the tutorial introduced in the methodology of formal security

modeling, privilege management and access control as well as related international

standards and practically implemented policies. Eventually, issues concerning specifics

of TTP technical frameworks including personalized devices according to legal re-

quirements will be presented. The tutorial ends with a summary giving conclusions and

recommendations for nowadays Health Information Systems and Health Networks.

Content of the Tutorial



Requirements for future-proof information systems



Systems, information cycle, models, constraint modeling



EU eHealth strategy and infrastructural services



Challenge of ethics and the ethical principles



Legal and ethical challenges for security, safety and quality in health information

systems



Relevant EU legislation and important equivalent national legislation (e.g. USA)



Dimensions of security and relevant security standards



Organizational aspects of security, safety and quality



Security, safety and quality concerns of different stakeholder groups



Secure EHR communication



Policies, policy statements, policy negotiation, policy bridging



System analysis, design and implementation, unified processes



The Generic Component Model, formal models, and the PMAC example



Security-related knowledge representation, KR languages, constraint modeling



Practical solutions: Communication and application security



Practical solutions: Security infrastructure and infrastructural services

Expected Results

The tutorial will provide well-balanced content with regard to the activities’ starting

points, the main goals and the way how to achieve success within the general frame-

work of international initiatives. The instructors will provide important project results

both from the medical and the industrial point of view including important legal and

social results as an input for the ongoing legislation process. The focus will also in-

clude practical experiences in using the results of several projects, initiatives, and

standards for real-life Health Information Systems and Health Networks.

Potential Participants

Informaticians and computer scientists, medical doctors and technicians intended or

engaged to, or responsible for, analysis, design, implementation, and use of distributed

health information systems and health networks including Internet should attend. The

tutorial provides a well-defined combination of about 50% basics and another 50% of

enhanced knowledge and understanding of security issues for non-specialists. Besides a

general understanding for health IT processes, there are no other prerequisites.

Tutor:

Bernd Blobel, PhD, Associate Professor, Head of the German eHealth Compe-

tence Center in Regensburg, Fellow of the American College for Medical Informatics

The tutor has been partner and national coordinator in several EU projects within EU

Frameworks like Information Society Technology Programme (IST) and Information

Society Initiatives for Standards (ISIS) Programme funded by the European Commis-

sion. In detail, such projects are ISHTAR, TrustHealth, HARP, RESHEN, and Bio-

Health. Bernd Blobel is Chair of the German Health Informatics Standards Body and

Head of the German Delegation to ISO TC 215 and CEN TC 251, but also Chair of

HL7 Germany. He is chair/co-chair of several international and German working

groups dealing with security, EHR and system architecture in health care as, e.g., the

EFMI Working Groups "Security Safety and Ethics" and "Electronic Health Records",

the German Medical Informatics Association WG “Standards for Interoperability and

EHR”, and the German Data Ombudsmen Association WG "Data Protection and Data

Security in Healthcare and Welfare". He is Fellow of the American College of Medical

Informatics.

Selected References

[1]

Bake C, Blobel B, Münch P (Hrsg.): Handbuch Datenschutz und Datensicherheit im Gesundheits- und

Sozialwesen, 3. überarbeitete und erweiterte Auflage. DATAKONTEXT-FACHVERLAG GmbH,

Frechen 2009. (in German)

[2]

Blobel B, Nordberg R, Davis JM, Pharow P (2006) Modelling privilege management and access

control. International Journal of Medical Informatics

, 8 (2006) pp. 597-623.

[3]

Blobel B (2006) Advanced and secure architectural EHR approaches. International Journal of Medical

Informatics

, 3-4 (2006) pp. 185-190.

[4]

Pharow P, Blobel B (2005) Electronic signatures for long-lasting storage purposes in electronic ar-

chives. International Journal of Medical Informatics

, 2-4, March 2005, pp. 279-287.

[5]

Blobel B, Davis JM (2005) Chapter 11: Health

People Security Architecture. In: Demetriades JE,

Kolodner RM, Christopherson GA (Edrs.): Person-Centred Health Records – Towards Health

People,

pp 147-168. Health Informatics Series. Springer, New York.

[6]

Blobel B (2004) Authorisation and Access Control for Electronic Health Record Systems. Internation-

al Journal of Medical Informatics

(2004) pp. 251-257.

[7]

Blobel B, Hoepner P, Joop R, Karnouskos S, Kleinhuis G, Stassinopoulos G (2003) Using a privilege

management infrastructure for secure web-based e-health applications. Computer Communications 26

(2003), pp. 1863-1872.

[8]

Blobel B: Analysis, Design and Implementation of Secure and Interoperable Distributed Health Infor-

mation Systems. Series “Studies in Health Technology and Informatics” Vol. 89. IOS Press, Amster-

dam 2002.

[9]

Allaert F-A, Blobel B, Louwerse K and Barber B (Edrs.): Security Standards for Healthcare Infor-

mation Systems – A Perspective from the EU ISIS MEDSEC Project. Series “Studies in Health Tech-

nology and Informatics” Vol. 69. IOS Press, Amsterdam 2002.

[10]

Blobel B, Roger-France F (2001) A Systematic Approach for Analysis and Design of Secure Health

Information Systems. International Journal of Medical Informatics

(3), 51-78.

[11]

The ISHTAR Consortium (Edr.):Implementing Secure Health Telematics Applications in Europe.

Series “Studies in Health Technology and Informatics” Vol. 66. IOS Press, Amsterdam 2001.

Univers
Ebooks
Livres audio
Presse
Podcasts
BD
Documents

Livre audio en ligne - Développement personnel Livre en ligne Tout le catalogue Tous les Intérêts

ICMCC 2010 Personal Health Tutorial Blobel.rtf

management

YouScribe

Le catalogue

Le service

Les conditions