Cryptographic protection of health information: cost and benefit.

Medical, legal, and economic reasons inevitably force health care establishments to apply more and more open distributed IT systems rather than the less flexible and more expensive mainframes. Managing, for example, electronic patient records by various users at different locations by means of large scale client server systems requires new security provisions for storing, archiving and communicating those data. Using an analogy, data processing is being changed from railroads to highways. Formerly, only one engine-driver was responsible for the security of a whole train whereas now the car-drivers themselves are responsible each for his own car. Unless the cars are equipped with suitable security mechanisms like breaks and safety belts this change endangers individuals within and outside the cars. Cryptography provides many of the relevant security mechanisms for open distributed health care IT systems. Indeed, suitable cost effective cryptographic products are available but are rarely found in health care IT systems. The reason is more political than economic, diverging national security interests in the EU have prevented strong security in public telecommunication infrastructures arguing that, e.g. criminals would profit, too. The resulting uncertainty of investments delays the development, standardisation and installation of cryptographic solutions.

[1]  Ward Rosenberry,et al.  Understanding DCE , 1992 .

[2]  George Pangalos Security Guidelines for Database Systems Development , 1994, DBSec.

[3]  Wendy London EC information security legislation: Where now? , 1994, Comput. Law Secur. Rev..

[4]  Kevin O'Connor Confidentiality, Privacy and Security Concerns in the Modern Healthcare Environment , 1994, Aust. Comput. J..

[5]  Joachim Biskup,et al.  Reflections on Security of Database and Datatransfer Systems in Health Care , 1994, IFIP Congress.

[6]  S. Chokhani Toward a national public key infrastructure , 1994, IEEE Communications Magazine.

[7]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[8]  Niklaus Wirth,et al.  A Plea for Lean Software , 1995, Computer.

[9]  Kluge Eh Health information, privacy, confidentiality and ethics. , 1994 .

[10]  G Bleumer,et al.  Security for decentralized health information systems. , 1994, International journal of bio-medical computing.

[11]  S J Henkind,et al.  Application of a multilevel access model in the development of a security infrastructure for a clinical information system. , 1993, Proceedings. Symposium on Computer Applications in Medical Care.

[12]  H. Jonas,et al.  Toward a philosophy of technology. , 1979, The Hastings Center report.

[13]  Jean-Claude Laprie How Much is Safety Worth? , 1994, IFIP Congress.

[14]  John Linn,et al.  Generic interface to security services , 1994, Comput. Commun..

[15]  E. Kluge Health information, privacy, confidentiality and ethics. , 1994, International journal of bio-medical computing.

[16]  Yvo Desmedt,et al.  Defending systems against viruses through cryptographic authentication , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[17]  Frederick B. Cohen,et al.  A cost analysis of typical computer viruses and defenses , 1991, Comput. Secur..