A Security Advisory System for Healthcare Environments

This thesis considers the current requirements for security in European healthcare establishments. Information Technology is being used increasingly by all areas of healthcare, from administration to clinical treatment and this has resulted in increased dependence upon computer systems by healthcare staff. The thesis looks at healthcare security requirements from the European perspective. An aim of the research was to develop security guidelines that could be used by healthcare establishments to implement a common baseline standard for security. These guidelines represent work submitted to the Commission of European Communities SEISMED (Secure Environment for Information Systems in Medicine) project, with which the research programme was closely linked. The guidelines were validated by implementing them with the Plymouth and Torbay Health Trust. The thesis also describes the development of a new management methodology and this was developed to allow the smooth implementation of security within healthcare establishments. The methodology was validated by actually using it within the Plymouth and Torbay Health Authority to implement security countermeasures. A major area of the research was looking at the use of risk analysis and reviewing all the known risk analysis methodologies. The use of risk analysis within healthcare was also considered and the main risk analysis methods used by UK healthcare establishments were reviewed. The thesis explains why there is a need for a risk analysis method specially developed for healthcare. As part of the research a new risk analysis method was developed, this allows healthcare establishments to determine their own security requirements. The method was also combined with the new management methodology that would determine any implementional problems. The risk analysis methodology was developed into a computerised prototype, which demonstrated the different stages of the methodology.Plymouth and Torbay Health Authorit

Data security in European healthcare information systems

This thesis considers the current requirements for data security in European healthcare systems and establishments. Information technology is being increasingly used in all areas of healthcare operation, from administration to direct care delivery, with a resulting dependence upon it by healthcare staff. Systems routinely store and communicate a wide variety of potentially sensitive data, much of which may also be critical to patient safety. There is consequently a significant requirement for protection in many cases. The thesis presents an assessment of healthcare security requirements at the European level, with a critical examination of how the issue has been addressed to date in operational systems. It is recognised that many systems were originally implemented without security needs being properly addressed, with a consequence that protection is often weak and inconsistent between establishments. The overall aim of the research has been to determine appropriate means by which security may be added or enhanced in these cases. The realisation of this objective has included the development of a common baseline standard for security in healthcare systems and environments. The underlying guidelines in this approach cover all of the principal protection issues, from physical and environmental measures to logical system access controls. Further to this, the work has encompassed the development of a new protection methodology by which establishments may determine their additional security requirements (by classifying aspects of their systems, environments and data). Both the guidelines and the methodology represent work submitted to the Commission of European Communities SEISMED (Secure Environment for Information Systems in MEDicine) project, with which the research programme was closely linked. The thesis also establishes that healthcare systems can present significant targets for both internal and external abuse, highlighting a requirement for improved logical controls. However, it is also shown that the issues of easy integration and convenience are of paramount importance if security is to be accepted and viable in practice. Unfortunately, many traditional methods do not offer these advantages, necessitating the need for a different approach. To this end, the conceptual design for a new intrusion monitoring system was developed, combining the key aspects of authentication and auditing into an advanced framework for real-time user supervision. A principal feature of the approach is the use of behaviour profiles, against which user activities may be continuously compared to determine potential system intrusions and anomalous events. The effectiveness of real-time monitoring was evaluated in an experimental study of keystroke analysis -a behavioural biometric technique that allows an assessment of user identity from their typing style. This technique was found to have significant potential for discriminating between impostors and legitimate users and was subsequently incorporated into a fully functional security system, which demonstrated further aspects of the conceptual design and showed how transparent supervision could be realised in practice. The thesis also examines how the intrusion monitoring concept may be integrated into a wider security architecture, allowing more comprehensive protection within both the local healthcare establishment and between remote domains.Commission of European Communities SEISMED proje

Worldwide Advances in Seismic Zonation

Seismic zonation is the process that integrates the hazard, policy, and built environments to produce maps that divide a geographic region into smaller areas or zones which can be used by community decision makers to answer the question, Where is the best location to locate and build a specific structure. Seismic zonation maps have been produced by almost every country in the world with the most rapid advances occurring after 1968

Composite and comprehensive multimedia electronic health care records

Merged with duplicate record 10026.1/845 on 03.04.2017 by CS (TIS)The thesis considers the issue of multimedia data utilisation within modem health care delivery and the consequent need for an appropriate patient records system. The discussions centre upon the deployment and utilisation of IT systems, and paper-based patient records within health care establishments (HCEs), and the resultant problems, such as data duplication, inconsistency, unavailability and loss. Electronic Health Care Records (EHCRs) are put forward as a means of obviating the problems defined, and effectively supporting the future development of care provision in a coherent manner. The thesis identifies the barriers to further development of EHCRs with respect to clinical data entry, clinical terminiologies, record security and the integration of other information sources. Equally, a number of EHCR developments are reviewed. This shows that, although elements of EHCRs (such as electronic prescribing) have been achieved, significant further developments are required to produce composite and comprehensive EHCRs, capable of capturing and maintaining all patient data (especially multimedia data, which is being increasingly utilised within care provision). The thesis defines a new comprehensive and composite Multimedia Electronic Health Care Record (MEHCR) system to facilitate the following: • delivery and management of all patient care; • creation/recording/support and maintenance of patient data (including multimedia data) to give composite and comprehensive multimedia patient records. The assistance of a local HCE was utilised throughout the project, enabling a suitable reference environment to be established and utilised, so that the process of care provision could be defined. The thesis describes how the requirements of the new MEHCR were identified (via examination of the care provision process defined), and thus how an appropriate conceptual design was formulated. This describes the form and capabilities of the required system. The resulting MEHCR is effectively a comprehensive care provision tool, which aids both process of care delivery and that of data generation and recording. Thus, the MEHCR concept facilitates patient care provision whilst aiding the seamless creation and maintenance of multimedia patient records. To achieve the conceptual design, a design environment was defined to give an intermediate means of enabling the MEHCR's implementation and further development. Thus, the MEHCR can be achieved, or implemented, using either a revolutionary or evolutionary approach. Equally, it is a means for enabling the MEHCR's continued evolution (e.g. the incorporation of new clinical systems etc.), so that it remains composite and comprehensive over time as care provision changes. The thesis also describes an evaluation of the ideas defined, based upon the development of a prototype system simulating the form and operations of the MEHCR conceptual design. The prototype system was demonstrated to a number of parties and an evaluation conducted. The results obtained were very positive as to the nature, structure and capabilities of the system as given by the conceptual design. The design environment was also commended as both a practical means of achieving the MEHCR (especially as it enables retaining of existing system where appropriate), and for its future development as care provision advances.Plymouth Hospitals NHS Trus

Synergy between medical informatics and bioinformatics: facilitating genomic medicine for future health care

Medical Informatics (MI) and Bioinformatics (BI) are two interdisciplinary areas located at the intersection between computer science and medicine and biology, respectively. Historically, they have been separated and only occasionally have researchers of both disciplines collaborated. The completion of the Human Genome Project has brought about in this post genomic era the need for a synergy of these two disciplines to further advance in the study of diseases by correlating essential genotypic information with expressed phenotypic information. Biomedical Informatics (BMI) is the emerging technology that aims to put these two worlds together in the new rising genomic medicine. In this regard, institutions such as the European Commission have recently launched several initiatives to support a new combined research agenda, based on the potential for synergism of both disciplines. In this paper we review the results the BIOINFOMED study one of these projects funded by the E

A model for role-based security education, training and awareness in the South African healthcare environment

It is generally accepted that a business operates more efficiently when it is able to consolidate information from a variety of sources. This principle applies as much in the healthcare environment. Although limited in the South African context, the use of electronic systems to access information is advancing rapidly. Many aspects have to be considered in regards to such a high availability of information, for example, training people how to access and protect information, motivating them to use the systems and information extensively and effectively, ensuring adequate levels of security, confronting ethical issues and maintaining the availability of information at crucial times. This is especially true in the healthcare sector, where access to critical data is often vital. This data must be accessed by different kinds of people with different levels of access. However, accessibility often leads to vulnerabilities. The healthcare sector deals with very sensitive data. People’s medical records need to be kept confidential; hence, security is very important. Information of a very sensitive nature is exposed to human intervention on various levels (e.g. nurses, administrative staff, general practitioners and specialists). In this scenario, it is important for each person to be aware of the requirements in terms of security and privacy, especially from a legal perspective. Because of the large dependence on the human factor in maintaining information security, organisations must employ mechanisms that address this at the staff level. One such mechanism is information security education, training and awareness programmes. As the learner is the recipient of information in such a programme, it is increasingly important that it targets the audience that it is intended for. This will maximize the benefits achieved from such a programme. This can be achieved through following a role-based approach in the design and development of the SETA programme. This research therefore proposes a model for a role-based SETA programme, with the area of application being in the South African healthcare environment

Training Methods for Shunting Inhibitory Artificial Neural Networks

This project investigates a new class of high-order neural networks called shunting inhibitory artificial neural networks (SIANN\u27s) and their training methods. SIANN\u27s are biologically inspired neural networks whose dynamics are governed by a set of coupled nonlinear differential equations. The interactions among neurons are mediated via a nonlinear mechanism called shunting inhibition, which allows the neurons to operate as adaptive nonlinear filters. The project\u27s main objective is to devise training methods, based on error backpropagation type of algorithms, which would allow SIANNs to be trained to perform feature extraction for classification and nonlinear regression tasks. The training algorithms developed will simplify the task of designing complex, powerful neural networks for applications in pattern recognition, image processing, signal processing, machine vision and control. The five training methods adapted in this project for SIANN\u27s are error-backpropagation based on gradient descent (GD), gradient descent with variable learning rate (GDV), gradient descent with momentum (GDM), gradient descent with direct solution step (GDD) and APOLEX algorithm. SIANN\u27s and these training methods are implemented in MATLAB. Testing on several benchmarks including the parity problems, classification of 2-D patterns, and function approximation shows that SIANN\u27s trained using these methods yield comparable or better performance with multilayer perceptrons (MLP\u27s)