26 research outputs found
Data security in European healthcare information systems
This thesis considers the current requirements for data security in European healthcare systems and
establishments. Information technology is being increasingly used in all areas of healthcare
operation, from administration to direct care delivery, with a resulting dependence upon it by
healthcare staff. Systems routinely store and communicate a wide variety of potentially sensitive
data, much of which may also be critical to patient safety. There is consequently a significant
requirement for protection in many cases.
The thesis presents an assessment of healthcare security requirements at the European level, with a
critical examination of how the issue has been addressed to date in operational systems. It is
recognised that many systems were originally implemented without security needs being properly
addressed, with a consequence that protection is often weak and inconsistent between establishments.
The overall aim of the research has been to determine appropriate means by which security may be
added or enhanced in these cases.
The realisation of this objective has included the development of a common baseline standard for
security in healthcare systems and environments. The underlying guidelines in this approach cover
all of the principal protection issues, from physical and environmental measures to logical system
access controls. Further to this, the work has encompassed the development of a new protection
methodology by which establishments may determine their additional security requirements (by
classifying aspects of their systems, environments and data). Both the guidelines and the
methodology represent work submitted to the Commission of European Communities SEISMED
(Secure Environment for Information Systems in MEDicine) project, with which the research
programme was closely linked.
The thesis also establishes that healthcare systems can present significant targets for both internal
and external abuse, highlighting a requirement for improved logical controls. However, it is also
shown that the issues of easy integration and convenience are of paramount importance if security is
to be accepted and viable in practice. Unfortunately, many traditional methods do not offer these
advantages, necessitating the need for a different approach.
To this end, the conceptual design for a new intrusion monitoring system was developed, combining
the key aspects of authentication and auditing into an advanced framework for real-time user
supervision. A principal feature of the approach is the use of behaviour profiles, against which user
activities may be continuously compared to determine potential system intrusions and anomalous
events.
The effectiveness of real-time monitoring was evaluated in an experimental study of keystroke
analysis -a behavioural biometric technique that allows an assessment of user identity from their
typing style. This technique was found to have significant potential for discriminating between
impostors and legitimate users and was subsequently incorporated into a fully functional security
system, which demonstrated further aspects of the conceptual design and showed how transparent
supervision could be realised in practice.
The thesis also examines how the intrusion monitoring concept may be integrated into a wider
security architecture, allowing more comprehensive protection within both the local healthcare
establishment and between remote domains.Commission of European Communities
SEISMED proje
A Security Advisory System for Healthcare Environments
This thesis considers the current requirements for security in European healthcare
establishments. Information Technology is being used increasingly by all areas of
healthcare, from administration to clinical treatment and this has resulted in increased
dependence upon computer systems by healthcare staff.
The thesis looks at healthcare security requirements from the European perspective.
An aim of the research was to develop security guidelines that could be used by
healthcare establishments to implement a common baseline standard for security.
These guidelines represent work submitted to the Commission of European
Communities SEISMED (Secure Environment for Information Systems in Medicine)
project, with which the research programme was closely linked. The guidelines were
validated by implementing them with the Plymouth and Torbay Health Trust.
The thesis also describes the development of a new management methodology and
this was developed to allow the smooth implementation of security within healthcare
establishments. The methodology was validated by actually using it within the
Plymouth and Torbay Health Authority to implement security countermeasures.
A major area of the research was looking at the use of risk analysis and reviewing all
the known risk analysis methodologies. The use of risk analysis within healthcare was
also considered and the main risk analysis methods used by UK healthcare
establishments were reviewed.
The thesis explains why there is a need for a risk analysis method specially developed
for healthcare. As part of the research a new risk analysis method was developed, this
allows healthcare establishments to determine their own security requirements. The
method was also combined with the new management methodology that would
determine any implementional problems. The risk analysis methodology was
developed into a computerised prototype, which demonstrated the different stages of
the methodology.Plymouth and Torbay Health Authorit
A Participational Managerial Method to Implement and Evaluate Information Security within a Healthcare Organizaton
The use of participational approaches to system design has been debated for a number of years. In some situations it seems that participational approaches are not a suitable or practical method by which to design an Information System or to analyse a problem. Within this paper we describe a framework in which participation plays an active and effective role and describe a method that was used to effectively design information systems and implement computer security countermeasures
Seismocardiography - a non-invasive method of assessing systolic and diastolic left ventricular function in ischaemic heart disease
Background: Seismocardiography (SCG) is a new non-invasive method which can assess left
ventricular function (LVF) during exercise testing based on cardiac time intervals (CTI). There
are no data assessing cardiac time intervals during exercise ischaemia in patients with coronary
artery disease. The aim of the study was to assess systolic and diastolic CTI in patients after
myocardial infarction (MI) with ischaemia during the exercise tolerance test (ETT).
Material and methods: Sixty post-MI patients were included in the study and subdivided into
two groups, A and B. Group A consisted of 30 patients aged 61.7 ± 6 with normal left ventricular
systolic function and left ventricular diastolic dysfunction based on Echo. Group B consisted
of 30 patients aged 60.1 ± 6 with normal left ventricular systolic and diastolic function. During
SCG the following parameters were analysed: pre-ejection period (PEP) in ms, left ventricular
ejection time (LVET) in ms, PEP/LVET, myocardial performance index (MPI) and
isovolumetric relaxation time (IVRT) in ms at rest and immediately after exercise. During
ETT the following parameters were analysed: ETT duration in minutes, blood pressure (BP),
heart rate (HR) and ST depression in mm.
Results: In group A on SCG exercise-induced ischaemia changed PEP from 115 ± 13 to
116 ± 17 ms, LVET from 298 ± 22 to 290 ± 26 ms, PEP/LVET from 0.39 ± 0.05 to 0.40 ± 0.08,
MPI from 0.39 ± 0.1 to 0.42 ± 0.1, IVRT from 67 ± 21 to 72 ± 21 ms and MO-RF from
115 ± 39 to 85 ± 20, p < 0.001, which suggests a deterioration of the left ventricular systolic
and diastolic function. In group B on SCG exercise-induced ischaemia changed PEP from
116 ± 18 to 118 ± 15 ms, LVET from 305 ± 25 to 294 ± 27, PEP/LVET from 0.38 ± 0.07 to
0.40 ± 0.07, MPI from 0.37 ± 0.8 to 0.40 ± 0.09, IVRT from 59 ± 14 to 66 ± 17 and MO-RF
from 112 ± 39 to 85 ± 28, p = 0.001, also suggesting a deterioration in left ventricular systolic and diastolic function in spite of the normal function at rest. There were no intergroup
differences in ETT duration, HR and BP; only ST depression in group B was longer,
1.7 vs. 1.4 mm (p = 0.027).
Conclusion: Seismocardiography is a helpful method of assessing left ventricular systolic and
diastolic function in patients with exercise-induced ischaemia
Composite and comprehensive multimedia electronic health care records
Merged with duplicate record 10026.1/845 on 03.04.2017 by CS (TIS)The thesis considers the issue of multimedia data utilisation within modem health care delivery and the
consequent need for an appropriate patient records system. The discussions centre upon the deployment
and utilisation of IT systems, and paper-based patient records within health care establishments (HCEs),
and the resultant problems, such as data duplication, inconsistency, unavailability and loss. Electronic
Health Care Records (EHCRs) are put forward as a means of obviating the problems defined, and
effectively supporting the future development of care provision in a coherent manner.
The thesis identifies the barriers to further development of EHCRs with respect to clinical data entry,
clinical terminiologies, record security and the integration of other information sources. Equally, a number
of EHCR developments are reviewed. This shows that, although elements of EHCRs (such as electronic
prescribing) have been achieved, significant further developments are required to produce composite and
comprehensive EHCRs, capable of capturing and maintaining all patient data (especially multimedia data,
which is being increasingly utilised within care provision).
The thesis defines a new comprehensive and composite Multimedia Electronic Health Care Record
(MEHCR) system to facilitate the following:
• delivery and management of all patient care;
• creation/recording/support and maintenance of patient data (including multimedia
data) to give composite and comprehensive multimedia patient records.
The assistance of a local HCE was utilised throughout the project, enabling a suitable reference
environment to be established and utilised, so that the process of care provision could be defined. The
thesis describes how the requirements of the new MEHCR were identified (via examination of the care
provision process defined), and thus how an appropriate conceptual design was formulated. This describes
the form and capabilities of the required system. The resulting MEHCR is effectively a comprehensive
care provision tool, which aids both process of care delivery and that of data generation and recording.
Thus, the MEHCR concept facilitates patient care provision whilst aiding the seamless creation and
maintenance of multimedia patient records.
To achieve the conceptual design, a design environment was defined to give an intermediate means of
enabling the MEHCR's implementation and further development. Thus, the MEHCR can be achieved, or
implemented, using either a revolutionary or evolutionary approach. Equally, it is a means for enabling the
MEHCR's continued evolution (e.g. the incorporation of new clinical systems etc.), so that it remains
composite and comprehensive over time as care provision changes.
The thesis also describes an evaluation of the ideas defined, based upon the development of a prototype
system simulating the form and operations of the MEHCR conceptual design. The prototype system was
demonstrated to a number of parties and an evaluation conducted. The results obtained were very positive
as to the nature, structure and capabilities of the system as given by the conceptual design. The design
environment was also commended as both a practical means of achieving the MEHCR (especially as it
enables retaining of existing system where appropriate), and for its future development as care provision
advances.Plymouth Hospitals NHS Trus
Synergy between medical informatics and bioinformatics: facilitating genomic medicine for future health care
Medical Informatics (MI) and Bioinformatics (BI) are two interdisciplinary areas located at the intersection between computer science and medicine and biology, respectively. Historically, they have been separated and only occasionally have researchers of both disciplines collaborated. The completion of the Human Genome Project has brought about in this post genomic era the need for a synergy of these two disciplines to further advance in the study of diseases by correlating essential genotypic information with expressed phenotypic information. Biomedical Informatics (BMI) is the emerging technology that aims to put these two worlds together in the new rising genomic medicine. In this regard, institutions such as the European Commission have recently launched several initiatives to support a new combined research agenda, based on the potential for synergism of both disciplines. In this paper we review the results the BIOINFOMED study one of these projects funded by the E
A model for role-based security education, training and awareness in the South African healthcare environment
It is generally accepted that a business operates more efficiently when it is able to consolidate information from a variety of sources. This principle applies as much in the healthcare environment. Although limited in the South African context, the use of electronic systems to access information is advancing rapidly. Many aspects have to be considered in regards to such a high availability of information, for example, training people how to access and protect information, motivating them to use the systems and information extensively and effectively, ensuring adequate levels of security, confronting ethical issues and maintaining the availability of information at crucial times. This is especially true in the healthcare sector, where access to critical data is often vital. This data must be accessed by different kinds of people with different levels of access. However, accessibility often leads to vulnerabilities. The healthcare sector deals with very sensitive data. People’s medical records need to be kept confidential; hence, security is very important. Information of a very sensitive nature is exposed to human intervention on various levels (e.g. nurses, administrative staff, general practitioners and specialists). In this scenario, it is important for each person to be aware of the requirements in terms of security and privacy, especially from a legal perspective. Because of the large dependence on the human factor in maintaining information security, organisations must employ mechanisms that address this at the staff level. One such mechanism is information security education, training and awareness programmes. As the learner is the recipient of information in such a programme, it is increasingly important that it targets the audience that it is intended for. This will maximize the benefits achieved from such a programme. This can be achieved through following a role-based approach in the design and development of the SETA programme. This research therefore proposes a model for a role-based SETA programme, with the area of application being in the South African healthcare environment
Clinical foundations and information architecture for the implementation of a federated health record service
Clinical care increasingly requires healthcare professionals to access patient record information that
may be distributed across multiple sites, held in a variety of paper and electronic formats, and
represented as mixtures of narrative, structured, coded and multi-media entries. A longitudinal
person-centred electronic health record (EHR) is a much-anticipated solution to this problem, but
its realisation is proving to be a long and complex journey.
This Thesis explores the history and evolution of clinical information systems, and establishes a set
of clinical and ethico-legal requirements for a generic EHR server. A federation approach (FHR) to
harmonising distributed heterogeneous electronic clinical databases is advocated as the basis for
meeting these requirements.
A set of information models and middleware services, needed to implement a Federated Health
Record server, are then described, thereby supporting access by clinical applications to a distributed
set of feeder systems holding patient record information. The overall information architecture thus
defined provides a generic means of combining such feeder system data to create a virtual
electronic health record. Active collaboration in a wide range of clinical contexts, across the whole
of Europe, has been central to the evolution of the approach taken.
A federated health record server based on this architecture has been implemented by the author
and colleagues and deployed in a live clinical environment in the Department of Cardiovascular
Medicine at the Whittington Hospital in North London. This implementation experience has fed
back into the conceptual development of the approach and has provided "proof-of-concept"
verification of its completeness and practical utility.
This research has benefited from collaboration with a wide range of healthcare sites, informatics
organisations and industry across Europe though several EU Health Telematics projects: GEHR,
Synapses, EHCR-SupA, SynEx, Medicate and 6WINIT.
The information models published here have been placed in the public domain and have
substantially contributed to two generations of CEN health informatics standards, including CEN
TC/251 ENV 13606