Ehealth Security Australia: The Solution Lies with Frameworks and Standards

Security is a key foundation for eHealth in Australia, driving benefits in healthcare quality, safety, and efficiency towards improved health outcomes for all Australians. To this end, the National eHealth Transition Authority (NEHTA), the Royal Australian College of General Practitioners (RACGP), and Standards Australia have each produced security-related publications to assist Australian healthcare organisations protect their data. These publications provide standards, tools, and guides for the healthcare industry to build and implement secure systems that protect patient data and eHealth-related assets, while providing the provenance required to help ensure patient safety and privacy. This paper outlines some of the current and emerging threats and risks to eHealth in Australia, and how these Australian security-based standards and frameworks can assist in mitigating such threats, support the management of information security risks, and maintain legislative compliance

A model for information security management and regulatory compliance in the South African health sector

Information Security is becoming a part of the core business processes in every organization. Companies are faced with contradictory requirements to ensure open systems and accessible information while maintaining high protection standards. In addition, the contemporary management of Information Security requires a variety of approaches in different areas, ranging from technological to organizational issues and legislation. These approaches are often isolated while Security Management requires an integrated approach. Information Technology promises many benefits to healthcare organizations. It helps to make accurate information more readily available to healthcare providers and workers, researchers and patients and advanced computing and communication technology can improve the quality and lower the costs of healthcare. However, the prospect of storing health information in an electronic form raises concerns about patient privacy and security. Healthcare organizations are required to establish formal Information Security program, for example through the adoption of the ISO 17799 standard, to ensure an appropriate and consistent level of information security for computer-based patient records, both within individual healthcare organizations and throughout the entire healthcare delivery system. However, proper Information Security Management practices, alone, do not necessarily ensure regulatory compliance. South African healthcare organizations must comply with the South African National Health Act (SANHA) and the Electronic Communication Transaction Act (ECTA). It is necessary to consider compliance with the Health Insurance Portability and Accountability Act (HIPAA) to meet healthcare international industry standards. The main purpose of this project is to propose a compliance strategy, which ensures full compliance with regulatory requirements and at the same time assures customers that international industry standards are being used. This is preceded by a comparative analysis of the requirements posed by the ISO 17799 standard and the HIPAA, SANHA and ECTA regulations

A framework for secure mobile computing in healthcare

Mobile computing is rapidly becoming part of healthcare’s electronic landscape, helping to provide better quality of care and reduced cost. While the technology provides numerous advantages to the healthcare industry, it is not without risk. The size and portable nature of mobile computing devices present a highly vulnerable environment, which threaten the privacy and security of health information. Since these devices continually access possibly sensitive healthcare information, it is imperative that these devices are considered for security in order to meet regulatory compliance. In fact, the increase in government and industry regulation to ensure the privacy and security of health information, makes mobile security no longer just desirable, but mandatory. In addition, as healthcare becomes more aware of the need to reinforce patient confidence to gain competitive advantage, it makes mobile security desirable. Several guidelines regarding security best practices exist. Healthcare institutions are thus faced with matching the guidelines offered by best practices, with the legal and regulatory requirements. While this is a valuable question in general, this research focuses on the aspect of considering this question when considering the introduction of mobile computing into the healthcare environment. As a result, this research proposes a framework that will aid IT administrators in healthcare to ensure that privacy and security of health information is extended to mobile devices. The research uses a comparison between the best practices in ISO 17799:2005 and the regulatory requirements stipulated in HIPAA to provide a baseline for the mobile computing security model. The comparison ensures that the model meets healthcare specific industry requirement and international information security standard. In addition, the framework engages the Information Security Management System (ISMS) model based on the ISO 27000 standard. The framework, furthermore, points to existing technical security measurers associated with mobile computing. It is believed that the framework can assist in achieving mobile computing security that is compliant with the requirements in the healthcare industry

A framework for secure mobile computing in healthcare

Mobile computing is rapidly becoming part of healthcare’s electronic landscape, helping to provide better quality of care and reduced cost. While the technology provides numerous advantages to the healthcare industry, it is not without risk. The size and portable nature of mobile computing devices present a highly vulnerable environment, which threaten the privacy and security of health information. Since these devices continually access possibly sensitive healthcare information, it is imperative that these devices are considered for security in order to meet regulatory compliance. In fact, the increase in government and industry regulation to ensure the privacy and security of health information, makes mobile security no longer just desirable, but mandatory. In addition, as healthcare becomes more aware of the need to reinforce patient confidence to gain competitive advantage, it makes mobile security desirable. Several guidelines regarding security best practices exist. Healthcare institutions are thus faced with matching the guidelines offered by best practices, with the legal and regulatory requirements. While this is a valuable question in general, this research focuses on the aspect of considering this question when considering the introduction of mobile computing into the healthcare environment. As a result, this research proposes a framework that will aid IT administrators in healthcare to ensure that privacy and security of health information is extended to mobile devices. The research uses a comparison between the best practices in ISO 17799:2005 and the regulatory requirements stipulated in HIPAA to provide a baseline for the mobile computing security model. The comparison ensures that the model meets healthcare specific industry requirement and international information security standard. In addition, the framework engages the Information Security Management System (ISMS) model based on the ISO 27000 standard. The framework, furthermore, points to existing technical security measurers associated with mobile computing. It is believed that the framework can assist in achieving mobile computing security that is compliant with the requirements in the healthcare industry

A Secure Healthcare 5.0 System Based on Blockchain Technology Entangled with Federated Learning Technique

In recent years, the global Internet of Medical Things (IoMT) industry has evolved at a tremendous speed. Security and privacy are key concerns on the IoMT, owing to the huge scale and deployment of IoMT networks. Machine learning (ML) and blockchain (BC) technologies have significantly enhanced the capabilities and facilities of healthcare 5.0, spawning a new area known as "Smart Healthcare." By identifying concerns early, a smart healthcare system can help avoid long-term damage. This will enhance the quality of life for patients while reducing their stress and healthcare costs. The IoMT enables a range of functionalities in the field of information technology, one of which is smart and interactive health care. However, combining medical data into a single storage location to train a powerful machine learning model raises concerns about privacy, ownership, and compliance with greater concentration. Federated learning (FL) overcomes the preceding difficulties by utilizing a centralized aggregate server to disseminate a global learning model. Simultaneously, the local participant keeps control of patient information, assuring data confidentiality and security. This article conducts a comprehensive analysis of the findings on blockchain technology entangled with federated learning in healthcare. 5.0. The purpose of this study is to construct a secure health monitoring system in healthcare 5.0 by utilizing a blockchain technology and Intrusion Detection System (IDS) to detect any malicious activity in a healthcare network and enables physicians to monitor patients through medical sensors and take necessary measures periodically by predicting diseases.Comment: 20 pages, 6 tables, 3 figure

Double Secret Protection: Bridging Federal and State Law To Protect Privacy Rights for Telemental and Mobile Health Users

Mental health care in the United States is plagued by stigma, cost, and access issues that prevent many people from seeking and continuing treatment for mental health conditions. Emergent technology, however, may offer a solution. Through telemental health, patients can connect with providers remotely—avoiding stigmatizing situations that can arise from traditional healthcare delivery, receiving more affordable care, and reaching providers across geographic boundaries. And with mobile health technology, people can use smart phone applications both to self-monitor their mental health and to communicate with their doctors. But people do not want to take advantage of telemental and mobile health unless their privacy is protected. After evaluating the applicability of current health information privacy law to these new forms of treatment, this Note proposes changes to the federal regime to protect privacy rights for telemental and mobile health users

Legal Solutions in Health Reform: Privacy and Health Information Technology

Identifies gaps in the federal health privacy standard and proposes options for strengthening the legal framework for privacy protections in order to build public trust in health information technology. Presents arguments for and against each option