Technical solutions for mitigating security threats caused by health professionals in clinical settings

The objective of this paper is to present a brief description of technical solutions for health information system security threats caused by inadequate security and privacy practices in healthcare professionals. A literature search was carried out in ScienceDirect, ACM Digital Library and IEEE Digital Library to find papers reporting technical solutions for certain security problems in information systems used in clinical settings. A total of 17 technical solutions were identified: measures for password security, the secure use of e-mail, the Internet, portable storage devices, printers and screens. Although technical safeguards are essential to the security of healthcare organization's information systems, good training, awareness programs and adopting a proper information security policy are particularly important to prevent insiders from causing security incidents.

[1]  Ana Sánchez-Henarejos,et al.  Guía de buenas prácticas de seguridad informática en el tratamiento de datos de salud para el personal sanitario en atención primaria , 2014, Atención Primaria.

[2]  Juan M. Carrillo de Gea,et al.  Guía de buenas prácticas de seguridad informática en el tratamiento de datos de salud para el personal sanitario en atención primaria , 2014, Atención Primaria.

[3]  Ashwini Rao,et al.  Eddy, a formal language for specifying and analyzing data flow specifications for conflicting privacy requirements , 2014, Requirements Engineering.

[4]  Stefanos Gritzalis,et al.  Requirements Engineering for Security, Privacy and Services in Cloud Environments , 2013, Requirements Engineering.

[5]  Haralambos Mouratidis,et al.  Evaluating cloud deployment scenarios based on security and privacy requirements , 2013, Requirements Engineering.

[6]  Steve Gold Healthcare biometrics: solving the staff and patient security governance challenge , 2013 .

[7]  William J. Buchanan,et al.  Monitoring information security risks within health care , 2013, Comput. Secur..

[8]  Line Melby,et al.  Instant messaging at the hospital: Supporting articulation work? , 2013, Int. J. Medical Informatics.

[9]  Sean W. Smith,et al.  Privacy-preserving screen capture: Towards closing the loop for health IT usability , 2013, J. Biomed. Informatics.

[10]  José Luis Fernández Alemán,et al.  Security and privacy in electronic health records: A systematic literature review , 2013, J. Biomed. Informatics.

[11]  Liv Karen Johannessen,et al.  Scaling of an information system in a public healthcare market - Infrastructuring from the vendor's perspective , 2013, Int. J. Medical Informatics.

[12]  Jonathan E. Westfall,et al.  Locking the virtual filing cabinet: A researcher's guide to Internet data security , 2012, Int. J. Inf. Manag..

[13]  Robert Biddle,et al.  Graphical passwords: Learning from the first twelve years , 2012, CSUR.

[14]  Sheila Anand,et al.  A survey on Security Issues of Reputation Management Systems for Peer-to-Peer Networks , 2012, Comput. Sci. Rev..

[15]  Cath Everett Printers: the neglected threat , 2011, Netw. Secur..

[16]  Wayne G. Lutters,et al.  Tensions of network security and collaborative work practice: Understanding a single sign-on deployment in a regional hospital , 2011, Int. J. Medical Informatics.

[17]  Ulrich Lang,et al.  Analysis of recommended cloud security controls to validate OpenPMF "policy as a service" , 2011, Inf. Secur. Tech. Rep..

[18]  David Griffiths,et al.  Shoulder surfing defence for recall-based graphical passwords , 2011, SOUPS.

[19]  John Clark,et al.  Compromise through USB-based Hardware Trojan Horse device , 2011, Future Gener. Comput. Syst..

[20]  Uwe Aickelin,et al.  A New Graphical Password Scheme Resistant to Shoulder-Surfing , 2010, 2010 International Conference on Cyberworlds.

[21]  Henning Müller,et al.  Strategies for health data exchange for secondary, cross-institutional clinical research , 2010, Comput. Methods Programs Biomed..

[22]  Walmir M. Caminhas,et al.  A review of machine learning approaches to Spam filtering , 2009, Expert Syst. Appl..

[23]  Aashish Srivastava Electronic signatures and security issues: An empirical study , 2009, Comput. Law Secur. Rev..

[24]  Albert Levi,et al.  Understanding the limitations of S/MIME digital signatures for e-mails: A GUI based approach , 2009, Comput. Secur..

[25]  Ken Perkins Chapter 43 – Data Loss Protection , 2009 .

[26]  Raphael C.-W. Phan Cryptanalysis of e-mail protocols providing perfect forward secrecy , 2008, Comput. Stand. Interfaces.

[27]  Hai Tao,et al.  Pass-Go: A Proposal to Improve the Usability of Graphical Passwords , 2008, Int. J. Netw. Secur..

[28]  Duncan De Borde 2FA: Selecting a two-factor authentication system , 2007 .

[29]  Jiankun Hu,et al.  A Fingerprint Orientation Model Based on 2D Fourier Expansion (FOMFE) and Its Application to Singular-Point Detection and Fingerprint Indexing , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[30]  Juha Mykkänen,et al.  Designing web services in health information systems: from process to application level. , 2007, International journal of medical informatics.

[31]  Bernd Blobel,et al.  Modelling privilege management and access control , 2006, Int. J. Medical Informatics.

[32]  P. Oscar Boykin,et al.  Collaborative Spam Filtering Using E-Mail Networks , 2006, Computer.

[33]  A. Ant Ozok,et al.  A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords , 2006, SOUPS '06.

[34]  Michael Walfish,et al.  Distributed Quota Enforcement for Spam Control , 2006, NSDI.

[35]  Michael F. Bunting,et al.  Proactive interference and item similarity in working memory. , 2006, Journal of experimental psychology. Learning, memory, and cognition.

[36]  Ying Zhu,et al.  Graphical passwords: a survey , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[37]  Mathieu Gorge,et al.  USB & other portable storage device usage , 2005 .

[38]  Nasir D. Memon,et al.  PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..

[39]  Ulrich Sax,et al.  Position Paper: Wireless Technology Infrastructures for Authentication of Patients: PKI that Rings , 2005, J. Am. Medical Informatics Assoc..

[40]  J. S. Kong,et al.  Let Your CyberAlter Ego Share Information and Manage Spam , 2005, ArXiv.