Ubiquitous-Severance Hospital Project: Implementation and Results

OBJECTIVES: The purpose of this study was to review an implementation of u-Severance information system with focus on electronic hospital records (EHR) and to suggest future improvements. METHODS: Clinical Data Repository (CDR) of u-Severance involved implementing electronic medical records (EMR) as the basis of EHR and the management of individual health records. EHR were implemented with service enhancements extending to the clinical decision support system (CDSS) and expanding the knowledge base for research with a repository for clinical data and medical care information. RESULTS: The EMR system of Yonsei University Health Systems (YUHS) consists of HP integrity superdome servers using MS SQL as a database management system and MS Windows as its operating system. CONCLUSIONS: YUHS is a high-performing medical institution with regards to efficient management and customer satisfaction; however, after 5 years of implementation of u-Severance system, several limitations with regards to expandability and security have been identifiedope

Privacy Concerns Related to Data Sharing for European Diabetes Devices

Background: Individuals with diabetes rely on medical equipment (eg, continuous glucose monitoring (CGM), hybrid closed-loop systems) and mobile applications to manage their condition, providing valuable data to health care providers. Data sharing from this equipment is regulated via Terms of Service (ToS) and Privacy Policy documents. The introduction of the Medical Devices Regulation (MDR) and In Vitro Diagnostic Medical Devices Regulation (IVDR) in the European Union has established updated rules for medical devices, including software. Objective: This study examines how data sharing is regulated by the ToS and Privacy Policy documents of approved diabetes medical equipment and associated software. It focuses on the equipment approved by the Norwegian Regional Health Authorities. Methods: A document analysis was conducted on the ToS and Privacy Policy documents of diabetes medical equipment and software applications approved in Norway. Results: The analysis identified 11 medical equipment and 12 software applications used for diabetes data transfer and analysis in Norway. Only 3 medical equipment (OmniPod Dash, Accu-Chek Insight, and Accu-Chek Solo) were registered in the European Database on Medical Devices (EUDAMED) database, whereas none of their respective software applications were registered. Compliance with General Data Protection Regulation (GDPR) security requirements varied, with some software relying on adequacy decisions (8/12), whereas others did not (4/12). Conclusions: The study highlights the dominance of non-European Economic Area (EEA) companies in medical device technology development. It also identifies the lack of registration for medical equipment and software in the EUDAMED database, which is currently not mandatory. These findings underscore the need for further attention to ensure regulatory compliance and improve data-sharing practices in the context of diabetes management

Information Technology and Russia's Social Modernization

Information technologies play a very important role in modernizing Russia's economy and society as whole. Its competitive advantage lies in the availability of highly educated labour resources. Russia accounts for approximately 9% of researchers in the world as opposed to a share of about 0.3% in the world innovation market. Our approach is based on identifying ways to set up IT innovation centres and create an organizational and economic mechanisms making possible the transfer of new technologies to production processes and the creation of tools for innovative management. In the markets of high technology Russia will concentratie on software tools for IT security, applied modelling information systems, various types of software, and cryptographic systems, some types of specialized computing systems. In the Education Project two main mechanisms of systemic change are envisaged: to identify and support leading higher educational institutions; to introduce on a grand scale new knowledge-management methods and put mechanisms into practice. Among the main intentions of the Education Project the following should be mentioned: the modernization of its material-technical base, the internetization of education, the expansion of innovation centres on the pattern of universities and scientific and research institutes, the creation of Russian "Siliceous Valley"- Skolkovo complementary clusters of small, innovative companies. In the framework of the Health Care 2020 Programme. Activities are underway to introduce a Federal Register of the most widespread diseases, to operate waiting lists of those who need high technology medical help, and to centralize access to the common database of normative and reference information. Drafts of their electronic presentation formats are developed on the basis of international ISO standards. An Internet market for various types of medical and information services is being set up; telemedicine technologies are being taken into account. The social orientation of IT development will improve educational and health care systems, accelerate progress in extending the number of qualified professionals in IT (according to experts, the demand for these in 2012 will increase by up to 550,000 persons, and even then the country's demand will only be satisfied to the degree of 15%). A model enabling Russia to enter the group of countries with a high development of intellectual potential demands more intensive introduction of IT in modernization of Russian society. --codes Information technology,human factor,modern economy,social factors,telecommunication,education,personal training,medicine,national healthcare,telemedicine,social networks,internatization

On the Use of XML in Medical Imaging Web-Based Applications

The rapid growth of digital technology in medical fields over recent years has increased the need for applications able to manage patient medical records, imaging data, and chart information. Web-based applications are implemented with the purpose to link digital databases, storage and transmission protocols, management of large volumes of data and security concepts, allowing the possibility to read, analyze, and even diagnose remotely from the medical center where the information was acquired. The objective of this paper is to analyze the use of the Extensible Markup Language (XML) language in web-based applications that aid in diagnosis or treatment of patients, considering how this protocol allows indexing and exchanging the huge amount of information associated with each medical case. The purpose of this paper is to point out the main advantages and drawbacks of the XML technology in order to provide key ideas for future web-based applicationsPeer ReviewedPostprint (author's final draft

Information Accountability Framework for a Trusted Health Care System

Trusted health care outcomes are patient centric. Requirements to ensure both the quality and sharing of patients’ health records are a key for better clinical decision making. In the context of maintaining quality health, the sharing of data and information between professionals and patients is paramount. This information sharing is a challenge and costly if patients’ trust and institutional accountability are not established. Establishment of an Information Accountability Framework (IAF) is one of the approaches in this paper. The concept behind the IAF requirements are: transparent responsibilities, relevance of the information being used, and the establishment and evidence of accountability that all lead to the desired outcome of a Trusted Health Care System. Upon completion of this IAF framework the trust component between the public and professionals will be constructed. Preservation of the confidentiality and integrity of patients’ information will lead to trusted health care outcomes

Ensuring patients privacy in a cryptographic-based-electronic health records using bio-cryptography

Several recent works have proposed and implemented cryptography as a means to preserve privacy and security of patients health data. Nevertheless, the weakest point of electronic health record (EHR) systems that relied on these cryptographic schemes is key management. Thus, this paper presents the development of privacy and security system for cryptography-based-EHR by taking advantage of the uniqueness of fingerprint and iris characteristic features to secure cryptographic keys in a bio-cryptography framework. The results of the system evaluation showed significant improvements in terms of time efficiency of this approach to cryptographic-based-EHR. Both the fuzzy vault and fuzzy commitment demonstrated false acceptance rate (FAR) of 0%, which reduces the likelihood of imposters gaining successful access to the keys protecting patients protected health information. This result also justifies the feasibility of implementing fuzzy key binding scheme in real applications, especially fuzzy vault which demonstrated a better performance during key reconstruction

An authorization policy management framework for dynamic medical data sharing

In this paper, we propose a novel feature reduction approach to group words hierarchically into clusters which can then be used as new features for document classification. Initially, each word constitutes a cluster. We calculate the mutual confidence between any two different words. The pair of clusters containing the two words with the highest mutual confidence are combined into a new cluster. This process of merging is iterated until all the mutual confidences between the un-processed pair of words are smaller than a predefined threshold or only one cluster exists. In this way, a hierarchy of word clusters is obtained. The user can decide the clusters, from a certain level, to be used as new features for document classification. Experimental results have shown that our method can perform better than other methods.<br /

Towards A Well-Secured Electronic Health Record in the Health Cloud

The major concerns for most cloud implementers particularly in the health care industry have remained data security and privacy. A prominent and major threat that constitutes a hurdle for practitioners within the health industry from exploiting and benefiting from the gains of cloud computing is the fear of theft of patients health data in the cloud. Investigations and surveys have revealed that most practitioners in the health care industry are concerned about the risk of health data mix-up amongst the various cloud providers, hacking to comprise the cloud platform and theft of vital patients’ health data.An overview of the diverse issues relating to health data privacy and overall security in the cloud are presented in this technical report. Based on identifed secure access requirements, an encryption-based eHR security model for securing and enforcing authorised access to electronic health data (records), eHR is also presented. It highlights three core functionalities for managing issues relating to health data privacy and security of eHR in health care cloud

Electronical Health Record's Systems. Interoperability

Understanding the importance that the electronic medical health records system has, with its various structural types and grades, has led to the elaboration of a series of standards and quality control methods, meant to control its functioning. In time, the electronic health records system has evolved along with the medical data's change of structure. Romania has not yet managed to fully clarify this concept, various definitions still being encountered, such as "Patient's electronic chart", "Electronic health file". A slow change from functional interoperability (OSI level 6) to semantic interoperability (level 7) is being aimed at the moment. This current article will try to present the main electronic files models, from a functional interoperability system's possibility to be created perspective. \ud \u

Audit-based Compliance Control (AC2) for EHR Systems

Traditionally, medical data is stored and processed using paper-based files. Recently, medical facilities have started to store, access and exchange medical data in digital form. The drivers for this change are mainly demands for cost reduction, and higher quality of health care. The main concerns when dealing with medical data are availability and confidentiality. Unavailability (even temporary) of medical data is expensive. Physicians may not be able to diagnose patients correctly, or they may have to repeat exams, adding to the overall costs of health care. In extreme cases availability of medical data can even be a matter of life or death. On the other hand, confidentiality of medical data is also important. Legislation requires medical facilities to observe the privacy of the patients, and states that patients have a final say on whether or not their medical data can be processed or not. Moreover, if physicians, or their EHR systems, are not trusted by the patients, for instance because of frequent privacy breaches, then patients may refuse to submit (correct) information, complicating the work of the physicians greatly. \ud \ud In traditional data protection systems, confidentiality and availability are conflicting requirements. The more data protection methods are applied to shield data from outsiders the more likely it becomes that authorized persons will not get access to the data in time. Consider for example, a password verification service that is temporarily not available, an access pass that someone forgot to bring, and so on. In this report we discuss a novel approach to data protection, Audit-based Compliance Control (AC2), and we argue that it is particularly suited for application in EHR systems. In AC2, a-priori access control is minimized to the mere authentication of users and objects, and their basic authorizations. More complex security procedures, such as checking user compliance to policies, are performed a-posteriori by using a formal and automated auditing mechanism. To support our claim we discuss legislation concerning the processing of health records, and we formalize a scenario involving medical personnel and a basic EHR system to show how AC2 can be used in practice. \ud \ud This report is based on previous work (Dekker & Etalle 2006) where we assessed the applicability of a-posteriori access control in a health care scenario. A more technically detailed article about AC2 recently appeared in the IJIS journal, where we focussed however on collaborative work environments (Cederquist, Corin, Dekker, Etalle, & Hartog, 2007). In this report we first provide background and related work before explaining the principal components of the AC2 framework. Moreover we model a detailed EHR case study to show its operation in practice. We conclude by discussing how this framework meets current trends in healthcare and by highlighting the main advantages and drawbacks of using an a-posteriori access control mechanism as opposed to more traditional access control mechanisms