WEB-Enabled Medical Databases: a Threat to Security?

 

 Buy Article Permissions and Reprints

Abstract:

An increasing number of clinical databases are being adapted to allow access through Internet protocols, particularly Hypertext Transfer Protocol (HTTP). The World Wide Web (WWW) provides a user-friendly, standardized, broadly distributed database interface; at the same time, it may also present a threat to the security and confidentiality of patient data. However, there is little empirical evidence concerning such threats. Using publicly available records we estimate the additional risk of security violations due to web-enabling a database. The evidence, though limited, suggests that the additional risk may be small relative to more traditional security threats.

• REFERENCES

• 1 Schoenfelt S. Next Generation: How Internet Technology Propels the Electronic Medical Record, Journal of AHIMA,. 1999; 70: 30-6
  PubMedGoogle Scholar
• 2 Bowen JW, Klimczak JC, Ruiz M, Barnes M. Design of access control methods for protecting the confidentiality of patient information in networked systems. AMIA 1997; Symposium Supplement: 46-50.
  PubMedGoogle Scholar
• 3 Rind DM, Kohane IS, Szolovits P, Safran C, Chueh HC, Barnett GO. Maintaining the confidentiality of medical records shared over the internet and the world wide web. Ann Intern Med 1997; 127: 138-41.
  CrossrefPubMedGoogle Scholar
• 4 Barrows RC. Privacy, confidentiality, and electronic medical records. JAMIA 1996; 3: 139-48.
  PubMedGoogle Scholar
• 5 Rindfleisch T. Privacy, Information Technology, and Health Care. Comm Assoc Comp Mach 1997; 40 (Suppl. 08) 93-00.
  PubMedGoogle Scholar
• 6 Pangalos GJ. Medical database security policies. Method Inform Med 1993; 32: 349-56.
  PubMedGoogle Scholar
• 7 CERT©/CC.http://www.cert.org/stats/cert_stats.html
  PubMed
• 8 Thompson JH. An Analysis of Security Incidents on the Internet. 1989-1995. Dissertation. Carnegie Mellon University; 1997
  Google Scholar
• 9 Littman J. Hacker shocker: research project reveals breaches galore. The ZDNet News Channel. http://www.zdnet.com/zdnn/content/zdnn/0918/zdnn0010.html
  PubMedGoogle Scholar
• 10 Attrition.org. 1999 http://www.attrition.org/mirror/attrition/stats.html">http://www.attrition.org/mirror/attrition/stats.html
  PubMed
• 11 Internet Software Consortium. http://www.isc.org/dsview.cgi?domainsurvey/host-count-history
  PubMedGoogle Scholar
• 12 Deloitte & Touche. Computer Survey in Australia. 1999 http://www.deloitte.com.au/index.asp?MenuId=3&Page=/content/computer_crime99_survey.asp
  PubMedGoogle Scholar
• 13 Computer Security Institute/Federal Bureau of Investigation. Issues and trends: 1999 CSI/FBI computer crime and security survey. CSI, San Francisco USA: 1999
  Google Scholar
• 14 Power R. Testimony before the permanent subcommittee on investigations,. U.S. Senate committee on governmental affairs.; 1996
  Google Scholar
• 15 Jain R. The Art of Computer Systems Performance Analysis. New York 1991: John Wiley.;
  Google Scholar
• 16 InfoSec 1999. http://www.infosecnews.com/scmagazine/9705/article2.html
  PubMed
• 17 Newswire 1998 http://www.newswire.ca/releases/October1998/06/c1319.html
  PubMed
• 18 Active Firewall. http://www.bitpipe.com/resource/19990729/res_930711265_907.html
  PubMed
• 19 EIDS. http://www.sdl.sri.com/emerald/index.
  PubMed
• 20 Luby M, Rackoff C. A study of password security. J Cryptology 1989; 1: 151-158.
  CrossrefPubMedGoogle Scholar
• 21 World-Wide Web Consortium (W3C), Digital Signature Initiative. http://www.w3.org/DSig
  PubMedGoogle Scholar
• 22 Miller M, Cooper J. Security considerations for present and future medical bases. Int J Bio-Med Comp 1996; 41: 39-46.
  CrossrefPubMedGoogle Scholar
• 23 Pangalos GJ. Secure medical databases: design and operation. Int J Bio-Med Comp 1996; 43: 53-60.
  CrossrefPubMedGoogle Scholar
• 24 Espinosa AL. Availability of health data: requirements an solutions. Int J Med Inform 1998; 49: 97-104.
  CrossrefPubMedGoogle Scholar
• 25 King KM, Davis T. Accessing patients, patient records, and patient databases: the »confidentiality-access maze«. Part II. Can J Cardiovas Nurs 1997; 8: 31-5.
  PubMedGoogle Scholar
• 26 National Research Council, For the Record: Protecting Electronic Health Information Washington. National Academy of Sciences; (National Academy Press), 1997
  Google Scholar