№2, 2015

THE INFORMATION SECURITY OF PERSONAL MEDICAL DATA IN AN ELECTRONIC ENVIRONMENT

Masuma H. Mammadova

This article investigates the problems of personal data security in the electronic medical system. Approaches to information security support of patients’ medical data are presented, features of personal medical data are specified, and potential threats to the privacy and safety of the data in medical information systems are identified. The legal basis of personal data security in Azerbaijan is reviewed, and the feasibility of regulating the information security of personal medical data in Azerbaijan is justified (pp.15-25).

Keywords: personal medical data, information security, safety, privacy, illegal access, medical secret, threats.
References
  • Chao H., Twu S., and Hsu C. A Patient-Identity Security Mechanism for Electronic Medical Records During Transit and At Rest, // Medical Informatics and the Internet in Medicine, vol.30, no.3, 2005, pp.227–240.
  • Abdumanonov A.A. Karabayev M.K. Algorithms and technologies of information security in the health information system Externet // Software and Systems, 2013, No. 1. pp. 150–155.
  • Wang J., Zhang Z., Yang X., Zuo L., Kim J. Data Security and Privacy of e-Healthcare in Electronic Medical Environment / Proc. of the 2nd International Conference on Sensor and its Applications, 2013, pp. 92–98.
  • Wilkowska W., Ziefle M. Privacy and data security in e-health: Requirements from the user’s perspective. Aachen University, Communication Science, Germany/ Health Informatics Journal, 2012, vol.18, no.3, pp.191–201.
  • Kobrinsky B.A. Privacy and protection of personal health information in e-health. Federal guide. http://federalbook.ru/files/FSZ/soderghanie/Tom%2015/XI/Kobrinskiy
  • Ameen M. A., Liu J. W. and Kwak K. Security and privacy issues in wireless sensor net-works for healthcare applications // Journal of Medical System, 2012, vol.36, no.1, pp.93–101.
  • Baker D.B. Privacy and Security in Public Health: Maintaining the Delicate Balance between Personal Privacy and Population Safety / The 22nd Annual Computer Security Applications Conference, 2006, pp.3–22.
  • European Parliament and Council Directive 95/46/ EC of 24 October 1995 http://europa.eu/legislation_summaries/information_society/data_protection/l14012_en.htm
  • ISO 27001:2013 Information technology. Security techniques. Information Security management systems. Requirements.
  • Choi Y.B., Capitan K.E., Krause J.S., Streeper M.M/ Challenges Associated with Privacy in Healthcare Industry: Implementation of HIPAA and Security Rules. // Journal of Medical Systems, 2006, vol.30, no.1, pp.57–64.
  • Nazarenko G.I., Mikheyev A.E., Gorbunov P.A., Guliyev Y.I., Focht I.A. Focht O.A. Features of solving information security problems in medical information systems, http://www.interin.ru/datas/documents/pib.pdf.
  • Agrawal R., Johnson C. Securing Electronic Health Records Without Impeding the Flow of Information // International Journal of Medical Informatics, 2007, vol.76, no.5-6, pp.471–479.
  • Gostin, L.O., Hodge, J.G. Personal Privacy and Common Goods: A Framework for Balancing Under the National Health Information Privacy Rule // Minnesota Law Review, 2002, vol.86, pp.1439–1449.
  • Brands S. Privacy and Security in Electronic Health, credentica.com/ehealth.pdf
  • Gallaher M.P., O‘Connor A.C., Kropp. B. The Economic Impact of Role-Based Access Control, National Institute of Standards and Technology Report, 2002.
  • Li N., Tripunitara M.V. Security Analysis in Role-Based Access Control. //ACM Transactions on Information and System Security, 2006, vol.9, no.4, pp.391–420.
  • Alyass A., Turcotte M., Meyre D. From big data analysis to personalized medicine for all: challenges and opportunities. BMC Medical Genomics 2015, www.biomedcentral.com/1755-8794/8/33
  • Appari A., Johnson M.E. Information Security and Privacy in Healthcare: Current State of Research. 2008. http://www.ists.dartmouth.edu/library/416.pdf .
  • Mammadova M. Problems of information security of personal data in the electronic medicine. Proceeding of the Second Republic Scientific and Practical Conference on the Multi-disciplinary Problems of Information Security. Baku, 14 May, 2015, pp. 52–55.
  • McAfee Labs. Threats Report – February 2015. www.mcafee.com/ru/security-awareness/articles/mcafee-labs-threats-report-q4-2014.aspx
  • Kanigina O., Zhuravlyova E., Silva-Vega M. Global practice of information leakage http://vademec.ru/magazines/article31896.html
  • Laurinda B. Harman, Cathy A. Flite, Kesa Bond. Electronic Health Records: Privacy, Confidentiality, and Security.// AMA, Journal of Ethics, 2012, vol.14, no.9, pp.712–719. http://journalofethics.ama-assn.org/2012/09/stas1-1209.html
  • Protection of information leakage (DLP-system), www.zecurion.ru
  • FL-152 in health care: how to "protect" LPU?, cnews.ru/reviews
  • Mammadova M.H., Aliyev A.G. The problems of formation and development of e-health system, First Republic scientific-practical conference on the Problems of E-government formation", Baku, December 4, 2014, pp.160-162.
  • Regulations of the Ministry of Health, www.health.gov.az/sehiyye-nazirliyinin-esasnamesi. html
  • E-health. http://e-sehiyye.gov.az
  • Universal Declaration of Human Rights. United Nations, 10 December 1948. www.un.org/ru/documents/decl_conv/declarations/declhr.shtml
  • Convention for the Protection of Individuals with regard to Automatic Processing  of Personal Data. http://conventions.coe.int/Treaty/EN/Reports/Html/108.htm
  • Law of the Republic of Azerbaijan on Personal Data, May 11, 2010 http://www.rabita.az/uploads/qanunverilcik/qanunlar_ru/opersonalnidannix.pdf
  • Constitution of the Republic of Azerbaijan, August 3, 2003 http://ru.president.az/azerbaijan/constitution/
  • Law of the Republic of Azerbaijan on Information, Informatization and Protection of Information, 3 April 1998 www.e-qanun.az
  • Law of the Republic of Azerbaijan on Electronic Signature and Electronic Document, March 9, 2004 www.e-qanun.az
  • Law of the Republic of Azerbaijan on Health Protection, 25 June 1997. www.sehiyye.gov.az
  • The protection of medical confidentiality. What can informatisation of medicine cause? http://www.aif.ru/society/healthcare/1158820
  • Stolbov A. Processing of personal data in medical organizations // Doctor and Information Technology, 2007, No 4, pp. 39-43.
  • Zinovyova O.V. The procedure for the provision of information and the responsibility for their disclosure. www.onegingroup.ru/
  • Imamverdiyev Y.N., Teoh A.B.J., Kim J. Biometric cryptosystem based on discretized fingerprint texture descriptors // Expert Systems with Applications, 2013, vol.40, no.4, pp.1888–1901.
  • Internet of Things in the healthcare. The benefits and risks. www.mcafee.com/ru/resources/reports/rp-healthcare-iot-rewards-risks-summary.pdf
  • Magnusson, R.S. The Changing Legal and Conceptual Shape of Health Care Privacy // Journal of Law, Medicine & Ethics, 2004, vol.32, no.4, pp.680–691.
  • De Vimercati SDC, Foresti S, Livraga G, Samarati P. Protecting privacy in data release / Aldini A., Gorrieri R. (eds) FOSAD VI. Berlin: Springer, 2011, pp.1–34.
  • Magnusson R.S. The Changing Legal and Conceptual Shape of Health Care Privacy// Journal of Law, Medicine & Ethics, 2004, vol.32, no.4, pp.680–691.
  • Hodge J.G., Gostin L.O., Jacobbson P.D. Legal Issues Concerning Health Information: Privacy, Quality, and Liability// Journal of American Medical Association, 1999, vol.282, no.15, pp.1466–1471.
  • Vasilyev V.I., Belkov N.V. Decision support system for the security of personal data // Bulletin USATU 2001, Vol.15, No5 (45) pp.54-65.
  • Korolyova N.A., Tyutyunnik V.M. Expert decision support system to ensure information security. Tambov, publishing house Nobelistika 2006, 198 p.
  • Abbasov A.M., Mammadova M.G. Methods of the organization of knowledge bases of fuzzy relational structure. Baku, Elm, 1997, 256 p.
  • Eta S. Berner. Clinical decision support systems. Theory and practice. Springer Science+Business Media LLC, 2007, 278 p.