4 research outputs found
Gestión del control de acceso en historiales clÃnicos electrónicos: revisión sistemática de la literatura
ResumenObjetivoEste trabajo presenta los resultados de una revisión sistemática de la literatura relacionada con aspectos del control de acceso en sistemas de historias clÃnicas electrónicas, la seguridad en entornos inalámbricos y la formación de los usuarios de dichos sistemas en temas de privacidad y seguridad.MétodosComo fuente de información se utilizaron artÃıculos originales encontrados en las bases de datos Medline, ACM Digital Library, Wiley InterScience, IEEE Digital Library, Science@Direct, MetaPress, ERIC, CINAHL y Trip Database, publicados entre enero de 2006 y enero de 2011. Se extrajeron 1208 artÃculos usando una cadena de búsqueda predefinida, y el resultado fue revisado por los autores. El resultado final de la selección fue de 24 artÃculos.Resultados21 de los artÃculos encontrados mencionaban las polÃticas de acceso a los sistemas de historias clÃnicas electrónicas. Once artÃculos discuten si deben ser las personas o las entidades quienes concedan los permisos en las historias clÃnicas electrónicas. Los entornos inalámbricos sólo se consideran en tres artÃculos. Finalmente, sólo cuatro citan expresamente que es necesaria la formación técnica de los usuarios.ConclusionesEl control de acceso basado en roles es el mecanismo preferido para implementar la polÃtica de acceso por los diseñadores de historias clÃnicas electrónicas. El control de acceso es gestionado por usuarios y profesionales médicos en la mayorÃa de los sistemas, lo que promulga el derecho del paciente a controlar su información. Por último, la seguridad en entornos inalámbricos no es considerada en muchos casos, y sin embargo, una lÃnea de investigación es la eSalud en entornos móviles, conocida como mHealth.AbstractObjectiveThis study presents the results of a systematic literature review of aspects related to access control in electronic health records systems, wireless security and privacy and security training for users.MethodsInformation sources consisted of original articles found in Medline, ACM Digital Library, Wiley InterScience, IEEE Digital Library, Science@Direct, MetaPress, ERIC, CINAHL and Trip Database, published between January 2006 and January 2011. A total of 1,208 articles were extracted using a predefined search string and were reviewed by the authors. The final selection consisted of 24 articles.ResultsOf the selected articles, 21 dealt with access policies in electronic health records systems. Eleven articles discussed whether access to electronic health records should be granted by patients or by health organizations. Wireless environments were only considered in three articles. Finally, only four articles explicitly mentioned that technical training of staff and/or patients is required.ConclusionRole-based access control is the preferred mechanism to deploy access policy by the designers of electronic health records. In most systems, access control is managed by users and health professionals, which promotes patients’ right to control personal information. Finally, the security of wireless environments is not usually considered. However, one line of research is eHealth in mobile environments, called mHealth
Protocols for Secure Computation on Privately Encrypted Data in the Cloud
Cloud services provide clients with highly scalable network, storage, and computational resources. However, these service come with the challenge of guaranteeing the confidentiality of the data stored on the cloud. Rather than attempting to prevent adversaries from compromising the cloud server, we aim in this thesis to provide data confidentiality and secure computations in the cloud, while preserving the privacy of the participants and assuming the existence of a passive adversary able to access all data stored in the cloud.
To achieve this, we propose several protocols for secure and privacy-preserving data storage in the cloud. We further show their applicability and scalability through their implementations. we first propose a protocol that would allow emergency providers access to privately encrypted data in the cloud, in the case of an emergency, such as medical records. Second, we propose various protocols to allow a querying entity to securely query privately encrypted data in the cloud while preserving the privacy of the data owners and the querying entity. We also present cryptographic and non-cryptographic protocols for secure private function evaluation in order to extend the functions applicable in the protocols
Using digital rights management for securing data in a medical research environment
We propose a digital rights management approach for sharing electronic health records in a health research facility and argue advantages of the approach. We also give an outline of the system under development and our implementation of the security features and discuss challenges that we faced and future directions