Implementation of Data Security Requirements in a Web-based Application for Interactive Medical Documentation

Keeping data confidential is a deeply rooted requirement in medical documentation. However, there are increasing calls for patient transparency in medical record documentation. With Tele-Board MED, an interactive system for joint documentation of doctor and patient is developed. This web-based application designed for digital whiteboards will be tested in treatment sessions with psychotherapy patients and therapists. In order to ensure the security of patient data, security measures were implemented and they are illustrated in this paper. We followed the major information security objectives: confidentiality, integrity, availability and accountability. Next to technical aspects, such as data encryption, access restriction through firewall and password, and measures for remote maintenance, we address issues at organizational and infrastructural levels as well (e.g., patients’ access to notes). With this paper we want to increase the awareness of information security, and promote a security conception from the beginning of health software research projects. The measures described in this paper can serve as an example for other health software applications dealing with sensitive patient data, from early user testing phases on.

[1]  C. Matthew Curtin,et al.  Using Science to Combat Data Loss: Analyzing Breaches by Type and Industry , 2008 .

[2]  José Luis Fernández Alemán,et al.  Security and privacy in electronic health records: A systematic literature review , 2013, J. Biomed. Informatics.

[3]  Michael J. Lambert,et al.  Bergin and Garfield's Handbook of Psychotherapy and Behavior Change , 2003 .

[4]  Christoph Meinel,et al.  Design Thinking Research: Building Innovators , 2014 .

[5]  Christoph Meinel,et al.  Tele-Board: Enabling efficient collaboration in digital design spaces , 2011, Proceedings of the 2011 15th International Conference on Computer Supported Cooperative Work in Design (CSCWD).

[6]  Dipak Kalra,et al.  Inter-organizational future proof EHR systems: A review of the security and privacy related issues , 2009, Int. J. Medical Informatics.

[7]  Christoph Meinel,et al.  Supporting creative collaboration in globally distributed companies , 2013, CSCW.

[8]  Herbert Burkert,et al.  Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. , 1996 .

[9]  David Josephsen,et al.  Building a Monitoring Infrastructure with Nagios , 2007 .

[10]  Konstantin Knorr,et al.  Towards a Secure Web-Based Health Care Application , 2000, ECIS.

[11]  Bundesärztekammer (BÄK), Kassenärztliche Bundesver Empfehlungen zur ärztlichen Schweigepflicht, Datenschutz und Datenverarbeitung in der Arztpraxis , 2009 .