Subscribe to RSS
DOI: 10.1055/s-0038-1636656
Data Security in Health Information Systems by Applying Software Techniques
DATENSCHUTZ IN GESUNDHEITS-INFORMATIONSSYSTEMEN DURCH ANWENDUNG VON SOFTWARE-TECHNIKENPublication History
Publication Date:
19 February 2018 (online)
The problems encountered in achieving data security within computer-supported information systems increased with the development of modern computer systems. The threats are manifold and have to be met by an appropriate set of hardware precautions, organizational procedures and software measures which are the topic of this paper. Design principles and software construction rules are treated first, since the security power of a system is considerably determined by its proper design. A number of software techniques presented may support security mechanisms ranging from user identification and authentication to access control, auditing and threat monitoring. Encryption is a powerful tool for protecting data during physical storage and transmission as well.
Since an increasing number of health information systems with information-integrating functions are database-supported, the main issues and terms of database systems and their specific security aspects are summarized in the appendix.
Mit der Entwicklung moderner Rechnersysteme wuchsen die Probleme zur Gewährleistung des Datenschutzes in rechnergestützten Informationssystemen. Den vielfältigen Risiken muß mit einer geeigneten Kombination von Hardware-Einrichtungen, organisatorischen Verfahren und Software-Maßnahmen, welche Gegenstand dieses Beitrags sind, begegnet werden. Entwurfsprinzipien und Regeln für die Software-Konstruktion werden zuerst behandelt, denn der Sicherheitsgrad eines Systems wird entscheidend durch einen guten Entwurf bestimmt. Eine Reihe von Software-Techniken unterstützen Sicherheitsmechanismen, die sich von der Benutzer-Erkennung bis zur Zugriffskontrolle und -protokollierung erstrecken. Einen wirksamen Schutz bei der Speicherung und auch während der Übertragung der Daten stellt das Kryptieren (Chiffrieren) dar.
Da eine zunehmende Zahl von medizinischen Informationssystemen mit Funktionen der Informations-Integration durch Datenbanken unterstützt werden, sind im Anhang die wesentlichen Begriffe und Konzepte der Datenbanksysteme sowie ihre spezifischen Datenschutz-Aspekte zusammenfassend dargestellt.
-
References
- 1 Anonymous. Personal Privacy in an Information Society. Report of the Privacy Protection Study Commission, USA, July. 1977
- 2 Ansi/X3/Sparc: Study Group on Data Base Management Systems. Interim Report, American National Standards Institute, CBEMA. Washington, D. C: 1975
- 3 Bayer R, Metzger J. K. On the Enciphcrment of Search Trees and Random Access Files. Institut für Informatik, Technische Universität München. 1975
- 4 Chamberlin D. D, Gray J. M, Traiger I. L. Views, Authorization a,nd Locking in a Relational Data Base System. IBM Research Report; RJ 1486, San José, California: 1974
- 5 Codasyl Programming Language Committee: Data Base Task Group (DBTG) Report. Ass. Comput. Machin. New York: April 1971
- 6 Codasyl Data Description Language Committee: Journal of Development, June 1973. Nat. Bur. Stand. (U. S.), Handb. 113, Jan.. 1974
- 7 Codd E. F. A Relational Model of Data for Large Shared Data Banks. Comm. ACM 1970; 13: 377-387.
- 8 Conway R. W, Maxwell W. L, Morgan H. L. On the Implementation of Security Measures in Information Systems. Comm. ACM 1972; 15: 211-220.
- 9 Date C. J. An Introduction to Database Systems. Reading, Massachusetts: Addison-Wesley Publ. Co; 1975
- 10 Evans Jr A, Kantrowitz W, Weiss E. A User Authentication Scheme not Requiring Secrecy in the Computer. Comm. ACM 1974; 17: 437-442.
- 11 Fak V. Data Security by Application of Cryptographic Methods. Linköping Studies in Science and Technology, Dissertation No. 25. Linköpings University, Linköping; 1978
- 12 Fellegi I. P. On the Question of Statistical Confidentiality. J. Amer, statist. Ass 1972; 67: 7-18.
- 13 Hoffman L. J. Computers and Privacy — A Survey. Comput. Surv 1969; 1: 85-103.
- 14 Hoffman L. J. Modern Methods for Computer Security and Privacy. Englewood Cliffs: Prentice Hall. Inc.; 1977
- 15 Hsiao D. K, Kerr D. S, Madnick S. E. Privacy and Security of Data Communications and Data Bases. In Bing Yao S.. (Edit.) Proceedings of the 4th Int. Conf. on Very Large Data Bases. Long Beach, California: IEEE Computer Society; 1978: 55-67.
- 16 Hüber R, Lockemann P. C. Informationsschutz durch Methodenbanksysteme. Institut für Informatik II, Universität Karlsruhe, Interner Bericht Nr. 13/77. 1977
- 17 Jainz M, Risch T, Appel K, Sauter K, Schneider W. A Data Manager for the Health Information System BERLIN. Comput. Progr. Biomed. fi. 1976: 166-170.
- 18 Martin J. Security, Accuracy and Privacy. Englewood Cliffs: Prentice Hall, Inc; 1973
- 19 Palme J. Software Security. Datamation 1974; 20: 51-54.
- 20 Palmer I. R. Database Systems — A. Practical Reference. London: C. A. C. I. Inc; 1975
- 21 Petersen H. E, Turn R. System Implication of Information Privacy. In AFIPS Conf. Proc, Vol. 30. Washington, D. C: 1967
- 22 Reichertz P. L. Medical School of Hannover Hospital Computer System (Hannover). In Collen M. F. (Edit.) Hospital Computer Systems. New York: Wiley; 1974: 598-661.
- 23 Reichertz P. L. Realization of Data Protection by Software Techniques. In Griesser G. (Edit.) Realization of Data Protection in Health Information Systems. Amsterdam: North Holland; 1977: 89-95.
- 24 Saltzer J. H, Schroeder M. D. The Protection of Information in Computer Systems. Proc. IEEE 1975; 63: 1278-1308.
- 25 Sauter K. Structure and Functions of the Patient Data Bank in the Medical System Hannover. In Guenther A.. et. al (Eds) International Computing Symposium 1973, Davos, Sept. 1973. Amsterdam: North Holland; 1974: 585-589.
- 26 Sauter K, Reichertz P. L, Weingarten W, Schwarz B. A System to Support High-Level Data Description and Manipulation of an Operational Data Base System. Med. Inform 1976; 1: 15-26.
- 27 Sauter K. Data Protection by Software Techniques with Special Regard to Problems Created by Multi-User Access. In Griesser G. (Edit.) Realization of Data Protection in Health Information Systems. Amsterdam: North Holland; 1977: 97-105.
- 28 Sauter K, Weingarten W, Klonk J, Reichertz P. L. A Multi-Level Approach for Data Description and Management of a Large Hierarchical Database Supporting a Hospital Patient Information System. In Bracchi G, Loekemann P. C. (Eds.) Information Systems Methodology. Lecture Notes in Computer Science, Vol. 65. Berlin—Heidelberg-New York: Springer; 1978: 367-370.
- 29 Sohloerer J. Identification of Personal Records and Retrieval of Dossiers from a Statistical Data Bank. Meth. Inform. Med 1975; 14: 7-13.
- 30 Stonebraker M, Wong E. Access Control in a Relational Database Management System by Query Modification. Proceed. ACM Annual Conference 1974; Vol 1: 180-192.
- 31 Sundgren B. Theory of Data Bases. New York: Petrocelli/Charter; 1975
- 32 Turn B. Privacy Transformations for Databank Systems. Proc. AFIPS NCC 1975; 42: 589-601.
- 33 Turn B, Wabe W. H. Privacy and Security in Computer Systems. Amer. Sci 1975; 63: 196-203.
- 34 Turn B, Shapiro N. Z. Privacy and Security in Databank Systems — Measures of Effectiveness, Costs and Protector-Intruder Interactions. In Hoffman L. J. (Edit.) Security and Privacy in Computer Systems. Los Angeles: Melville; 1973
- 35 Ueno H. Data Protection by Software Techniques in a Hospital Computer System. In Griesser G. (Edit.) Bealization of Data Protection in Health Information Systems. Amsterdam: North Holland; 1977: 107-114.
- 36 Wagner G, Böhm K. Data Protection Concerning a Cancer Bogistry. In Griesser G. (Edit.) Bealization of Data Protection in Health Information Systems. Amsterdam: North Holland; 1977: 55-61.