A systematic approach for analysis and design of secure health information systems

A toolset using object-oriented techniques including the nowadays popular unified modelling language (UML) approach has been developed to facilitate the different users' views for security analysis and design of health care information systems. Paradigm and concepts used are based on the component architecture of information systems and on a general layered security model. The toolset was developed in 1996/1997 within the ISHTAR project funded by the European Commission as well as through international standardisation activities. Analysing and systematising real health care scenarios, only six and nine use case types could be found in the health and the security-related view, respectively. By combining these use case types, the analysis and design of any thinkable system architecture can be simplified significantly. Based on generic schemes, the environment needed for both communication and application security can be established by appropriate sets of security services and mechanisms. Because of the importance and the basic character of electronic health care record (EHCR) systems, the understanding of the approach is facilitated by (incomplete) examples for this application.

[1]  Bernd Blobel Application of the component paradigm for analysis and design of advanced health system architectures , 2000, Int. J. Medical Informatics.

[2]  Grady Booch,et al.  Object-Oriented Analysis and Design with Applications , 1990 .

[3]  Bernd Blobel Modelling for Design and Implementation of Secure Health Information Systems , 1996 .

[4]  Silvana Castano,et al.  Database Security , 1997, IFIP Advances in Information and Communication Technology.

[5]  O Ying-Lie A Life-Cycle Based Authorisation Expert Database System , 1999, AIMDM.

[6]  Hans-Erik Eriksson,et al.  UML toolkit , 1997 .

[7]  Caroline Laske,et al.  Legal Issues in Medical Informatics: A Bird's Eye View , 1996, Towards Security in Medical Telematics.

[8]  C. P. Louwerse,et al.  Towards Security in Medical Telematics - Legal and Technical Aspects , 1996, Studies in Health Technology and Informatics.

[9]  Ross Anderson,et al.  Personal Medical Information , 1997, Springer Berlin Heidelberg.

[10]  Ivar Jacobson,et al.  Object-Oriented Software Engineering , 1991, TOOLS.

[11]  Bernd Blobel Clinical Record Systems in Oncology. Experiences and Developments on Cancer Registers in Eastern Germany , 1997, Personal Medical Information.

[12]  James Martin,et al.  Object-oriented analysis and design , 1992 .

[13]  Bernd Blobel,et al.  Security Infrastructure of an Oncological Network Using Health Professional Cards , 1997 .

[14]  Bernd Blobel,et al.  Using trusted third parties for secure telemedical applications over the WWW: The EUROMED-ETS approach , 1998, Int. J. Medical Informatics.

[15]  Martin Holena,et al.  CORBA security services for health information systems , 1998, Int. J. Medical Informatics.

[16]  Bernd Blobel,et al.  Results of European Projects Improving Security of Distributed Health Information Systems , 1998, MedInfo.

[17]  B Blobel,et al.  Comparing middleware concepts for advanced healthcare system architectures. , 1997, International journal of medical informatics.

[18]  William E. Lorensen,et al.  Object-Oriented Modeling and Design , 1991, TOOLS.

[19]  Bernd Blobel,et al.  Trusted Third Party Services for Internet Security , 1999 .

[20]  Bernd Blobel Patient data and the Internet - security issues. Chairpersons' introduction , 1998 .