Aspectos éticos da informática médica: princípios de uso e usuário apropriado de sistemas computacionais na atenção clínica

Medical Informatics (MI) studies the intersection among computer technology, medicine and the influence of electronic clinical history and the intelligent systems for diagnosis support in clinical decision making. The inadequate use of technology may divert the purposes of MI towards an inadequate use by third parties involved in clinical health care, such as health care managers or insurance agents. The principles for “use and appropriate user for MI applications” as base are proposed to manage suitably computational technology in health care. The development of these principles must be based in the evaluation of their applications, emphasizing that the evaluation must be carried out with the same considerations as other types of medical or surgical interventions.La Informática Médica (IM) estudia la intersección entre la tecnología computacional, la medicina y la influencia del uso de la historia clínica electrónica y los sistemas inteligentes de apoyo diagnóstico en la toma de decisiones clínicas. El uso inadecuado de la tecnología puede desviar los propósitos de la IM hacia su aprovechamiento impropio por terceros involucrados en la atención clínica, tales como administradores de salud o agentes aseguradores. Se plantea que los principios de “uso y usuario apropiado de la aplicaciones en IM” sean los fundamentos con los cuales se maneje adecuadamente la tecnología computacional en salud. El desarrollo de estos principios debe basarse en la evaluación de las propias aplicaciones, recalcando que ésta debe realizarse con las mismas consideraciones de otros tipos de intervenciones médicas o quirúrgicas.A Informática Médica (IM) estuda a interseção entre a tecnologia computacional, a medicina e a influência do uso da história clínica eletrônica e os sistemas inteligentes de apoio diagnóstico na tomada de decisões clínicas. O uso inadequado da tecnologia pode desviar os propósitos da IM para seu aproveitamento inadequado por terceiros envolvidos na atenção clínica, tais como administradores de saúde ou agentes de seguros. Propõe-se que os princípios de “uso e usuário apropriado das aplicações em IM” sejam os fundamentos com os quais se manipule adequadamente a tecnologia computacional em saúde. O desenvolvimento destes princípios deve se basear na avaliação das próprias aplicações, recalcando que esta se deve realizar com as mesmas considerações de outros tipos de intervenções médicas ou cirúrgicas

Data Analysis Techniques to Visualise Accesses to Patient Records in Healthcare Infrastructures

Access to Electronic Patient Record (EPR) data is audited heavily within healthcare infrastructures. However, it is often left untouched in a data silo and only accessed on an ad hoc basis. Users with access to the EPR infrastructure are able to access the data of almost any patient without reprimand. Very Important Patients (VIPs) are an exception, for which the audit logs are regularly monitored. Otherwise, only if an official complaint is logged by a patient are audit logs reviewed. Data behaviour within healthcare infrastructures needs proactive monitoring for malicious, erratic or unusual activity. In addition, external threats, such as phishing or social engineering techniques to acquire a clinician’s logon credentials, need to be identified. This paper presents research towards a system which uses data analysis and visualisation techniques deployed in a cloud setting. The system adds to the defence-in-depth of the healthcare infrastructures by understanding patterns of data for profiling users’ behaviour to enable the detection and visualisation of anomalous activities. The results demonstrate the potential of visualising accesses to patient records for the situational awareness of patient privacy officers within healthcare infrastructures

Ethical aspects of medical informatics : principles for use and appropriate user of computational systems in clinical health care

Resumen: 1.a Informática Medica (IM) estudia la intersección entre la tecnología computacional, la medicina y la influencia del uso de la historia clínica electrónica y los sistemas inteligentes de apoyo diagnóstico en la toma de decisiones clínicas. F.I uso inadecuado de la tecnología puede desviar los propósitos de la IM hacia su aprovechamiento impropio por terceros involucrados en la atención clínica, tales como administradores de salud o agentes aseguradores. Se plantea que los principios de ' “uso y usuario apropiado de la aplicaciones en IM” sean los fundamentos con los cuales se maneje adecuadamente la tecnología computacional en salud. El desarrollo de estos principios debe basarse en la evaluación de las propias aplicaciones, recalcando que esta debe realizarse con las mismas consideraciones de otros tipos de intervenciones medicas o quirúrgicas.Q4Q4Artículo original199-208Medical Informatics (MI) studies the intersection among computer technology, medicine and the influence of electronic clinical history and the intelligent systems for diagnosis support in clinical decision making. The inadequate use of technology may divert the purposes of MI towards an inadequate use by third parties involved in clinical health care, such as health care managers or insurance agents. The principles for “use and appropriate user for MI applications” as base are proposed to manage suitably computational technology in health care. The development of these principles must be based in the evaluation of their applications, emphasizing that the evaluation must be carried out with the same considerations as other types of medical or surgical interventions

Probabilistic Record Linkage with Elliptic Curve Operations

Federated query processing for an electronic health record infrastructure enables large epidemiology studies using data integrated from geographically dispersed medical institutions. However, government imposed privacy regulations prohibit disclosure of patient\u27s health record outside the context of clinical care, thereby making it difficult to determine which records correspond to the same entity in the process of query aggregation. Privacy-preserving record linkage is an actively pursued research area to facilitate the linkage of database records under the constraints of regulations that do not allow the linkage agents to learn sensitive identities of record owners. In earlier works, scalability has been shown to be possible using traditional cryptographic transformations such as Pohlig-Hellman ciphers, precomputations, data parallelism, and probabilistic key reuse approaches. This work proposes further optimizations to improve the runtime of a linkage exercise by adopting elliptic curve based transformations that are mostly additive and multiplicative, instead of exponentiations. The elliptic curve operations are used to improve the precomputation time, eliminate memory intensive comparisons of encrypted values and introduce data structures to detect negative comparisons. This method of record linkage is able to link data sets of the order of a million rows within 15 minutes. The approach has been gauged using synthetic and real world demographics data with parametric studies. We have also assessed the residual privacy risk of the proposed approach

Privacy in Mobile Technology for Personal Healthcare

Information technology can improve the quality, efficiency, and cost of healthcare. In this survey, we examine the privacy requirements of \emphmobile\/ computing technologies that have the potential to transform healthcare. Such \emphmHealth\/ technology enables physicians to remotely monitor patients\u27 health, and enables individuals to manage their own health more easily. Despite these advantages, privacy is essential for any personal monitoring technology. Through an extensive survey of the literature, we develop a conceptual privacy framework for mHealth, itemize the privacy properties needed in mHealth systems, and discuss the technologies that could support privacy-sensitive mHealth systems. We end with a list of open research questions

Securely sharing dynamic medical information in e-health

This thesis has introduced an infrastructure to share dynamic medical data between mixed health care providers in a secure way, which could benefit the health care system as a whole. The study results of the universally data sharing into a varied patient information system prototypes

A Machine Learning Framework for Securing Patient Records

This research concerns the detection of abnormal data usage and unauthorised access in large-scale critical networks, specifically healthcare infrastructures. The focus of this research is safeguarding Electronic Patient Record (EPR)systems in particular. Privacy is a primary concern amongst patients due to the rising adoption of EPR systems. There is growing evidence to suggest that patients may withhold information from healthcare providers due to lack of Trust in the security of EPRs. Yet, patient record data must be available to healthcare providers at the point of care. Roles within healthcare organisations are dynamic and relying on access control is not sufficient. Access to EPR is often heavily audited within healthcare infrastructures. However, this data is regularly left untouched in a data silo and only ever accessed on an ad hoc basis. In addition, external threats need to be identified, such as phishing or social engineering techniques to acquire a clinician’s logon credentials. Without proactive monitoring of audit records, data breaches may go undetected. This thesis proposes a novel machine learning framework using a density-based local outlier detection model, in addition to employing a Human-in-the-Loop Machine Learning (HILML) approach. The density-based outlier detection model enables patterns in EPR data to be extracted to profile user behaviour and device interactions in order to detect and visualise anomalous activities. Employing a HILML model ensures that inappropriate activity is investigated and the data analytics is continuously improving. The novel framework is able to detect 156 anomalous behaviours in an unlabelled dataset of 1,007,727 audit logs

HI-Risk: a socio-technical method for the identification and monitoring of healthcare information security risks in the information society

This thesis describes the development of the HI-risk method to assess socio-technical information security risks. The method is based on the concept that related organisations experience similar risks and could benefit from sharing knowledge in order to take effective security measures. The aim of the method is to predict future risks by combining knowledge of past information security incidents with forecasts made by experts. HI-risks articulates the view that information security risk analysis should include human, environmental, and societal factors, and that collaboration amongst disciplines, organisations and experts is essential to improve security risk intelligence in today’s information society. The HI-risk method provides the opportunity for participating organisations to register their incidents centrally. From this register, an analysis of the incident scenarios leads to the visualisation of the most frequent scenario trees. These scenarios are presented to experts in the field. The experts express their opinions about the expected frequency of occurrence for the future. Their expectation is based on their experience, their knowledge of existing countermeasures, and their insight into new potential threats. The combination of incident and expert knowledge forms a risk map. The map is the main deliverable of the HI-risk method, and organisations could use it to monitor their information security risks. The HI-risk method was designed by following the rigorous process of design science research. The empirical methods used included qualitative and quantitative techniques, such as an analysis of historical security incident data from healthcare organisations, expert elicitation through a Delphi study, and a successful test of the risk forecast in a case organisation. The research focused on healthcare, but has potential to be further developed as a knowledge-based system or expert system, applicable to any industry. That system could be used as a tool for management to benchmark themselves against other organisations, to make security investment decisions, to learn from past incidents and to provide input for policy makers