Subscribe to RSS
DOI: 10.1055/s-0038-1636471
Data Security in Health Information Systems by Applying Software Techniques
DATENSCHUTZ IN GESUNDHEITS-INFORMATIONSSYSTEMEN DURCH ANWENDUNG YON SOFTWARE-TECHNIKENPublication History
Publication Date:
19 February 2018 (online)
The problems encountered in achieving data security within computer-supported information systems increased with the development of modern computer systems. The threats are manifold and have to be met by an appropriate set of hardware precautions, organizational procedures and software measures which are the topic of this paper. Design principles and software construction rules are treated first, since the security power of a system is considerably determined by its proper design. A number of software techniques presented may support security mechanisms ranging from user identification and authentication to access control, auditing and threat monitoring. Encryption is a powerful tool for protecting data during physical storage and transmission as well.
Since an increasing number of health information systems with information-integrating functions are database-supported, the main issues and terms of database systems and their specific security aspects are summarized in the appendix.
Mit der Entwicklung moderner Rechnersysteme wuchsen clie Probleme zur Gewährleistung des Datenschutzes in rechnergestützten Informationssystemen. Den vielfältigen Risiken muß mit einer geeigneten Kombination von Hardware-Einrichtungen, organisatorischen Verfahren und Software-Maßnahmen, welche Gegenstand dieses Beitrags sind, begegnet werden. Entwurfsprinzipien und Regeln für die Software-Konstruktion werden zuerst behandelt, denn der Sicherheitsgrad eines Systems wird entscheidend durch einen guten Entwurf bestimmt. Eine Reihe von Software-Techniken unterstützen Sicherheitsmechanismen, clie sich von der Benutzer-Erkennung bis zur Zugriffskontrolle und -protokollierung erstrecken. Einen wirksamen Schutz bei cler Speicherung unci auch während cler Übertragung cler Daten stellt das Kryptieren (Chiffrieren) dar.
Da eine zunehmende Zahl von medizinischen Informationssystemen mit Funktionen cler InformationsIntegration durch Datenbanken unterstützt werden, sind im Anhang clie wesentlichen Begriffe unci Konzepte cler Datenbanksysteme sowie ihre spezifischen Datenschutz-Aspekte zusammenfassend dargestellt.
-
References
- 1 ANOKYHOUS. Personal Privacy in an Information Society. Report of the Privacy Protection Study Commission. USA: July 1977
- 2 ANSI/X3/SPARC. Study Group on Data Base Management Systems. Interim Report, American National Standards Institute, CBEMA. Washington, D. C.: 1978
- 3 BAYER R., METZOER J. K.. On the Encipherment of Search Trees and Random Access Files. Institut für Informatik, Technische Universität München. 1975
- 4 CHAMBERLIN D. D., GRAY J. M., TRAIGER I. L.. Views, Authorization and Locking in a Relational Data Base System. IBM Research Report: RJ 1486. San José, California: 1974
- 5 CODASYL PROGRAMMING LANGUAGE COMMITTEE. Data Base Task Group (DBTG) Report. Ass. Comput. Maehin.. New York: April 1971
- 6 CODASYL DATA DESCRIPTION LANGUAGE COMMITTEE. Journal of Development. June 1973 Nat. Bur. Stand. (U: S.): Handb; 113, Jan 1974
- 7 CODD E. E.. A Relational Model of Data for Large Shared Data Banks. Comm. ACM 13 ( 1970; ) 377-387.
- 8 CONWAY R. W., MAXWELL W. L., MORGAN H. L.. On the Implementation of Security Measures in Information Systems. Comm. ACM 15 ( 1972; ) 211-220.
- 9 DATE C. J.. An Introduction to Database Systems. ( Reading, Massachusetts: Addison-Wesley Pubi. Co; 1975. ).
- 10 EVANS A. JR., KANTROWITZ W., WEISS E.. A User Authentication Scheme not Requiring Secrecy in the Computer. Comm. ACM 17 ( 1974; ) 437-442.
- 11 FAK V.. Data Security by Application of Cryptographic Methods. Linköping Studies in Science and Technology, Dissertation No. 25, Linköpings University, Linköping. 1978
- 12 FELLEGI I. P.. On the Question of Statistical Confidentiality. J. Amer, statist. Ass 67 ( 1972; ) 7-18.
- 13 HOEEMAN L. J.. Computers and Privacy – A Survey. Comput. Surv 1 ( 1969; ) 85-103.
- 14 HOEEMAN L. J.. Modern Methods for Computer Security and Privacy. ( Englewood Cliff's: Prentice Hall. Inc.,; 1977. ).
- 15 HSIAO D. II., KERR D. S., MADNICK S. E.. Privacy and Security of Data Communications and Data Bases. In Bing Yao S.. (Edit.) Proceedings of the 4111 Int. Conf. on Very Large Data Bases. pp. 55-67. ( Long Beach, California: IEEE Computer Society; 1978. ).
- 16 HÜBER R., LOOKEMANN P. C.. Informationsschutz durch Methodenbanksysteme. Institut für Informatik II, Universität Karlsruhe, Interner Bericht Nr. 13/77. 1977
- 17 JAINZ M., RISCH T., APPEL K., SAUTER K., SCHNEIDER W.. A Data Manager for the Health Information System BERLIN. Comput. Progr. Biomed 6 ( 1976; ) 166-170.
- 18 MARTIN J.. Security, Accuracy and Privacy. ( Englewood Cliffs: Préntice Hall, Inc.,; 1973. ).
- 19 PALME J.. Software Security. Datamation 20 ( 1974; ) 51-54.
- 20 PALMER I. R.. Database Systems — A. Practical Reference. ( London: C. A. C.I. Inc.; 1975. ).
- 21 PETERSEN H. E., TURN R.. System Implication of Information Privacy. In AFIPS Conf. Proe., Vol. 30. Washington, D. C.: 1967
- 22 REICHERTZ P. L.. Medical School of Hannover Hospital Computer System (Hannover). In Collen M. F.. (Edit.) Hospital Computer Systems. pp. 598-661 ( New York: Wiley; 1974. ).
- 23 REICHERTZ P. L.. Realization of Data Protection by Software Techniques. In Griesser G.. (Edit.) Realization of Data Protection in Health Information Systems, pp. S9-95. ( Amsterdam: North Holland; 1977. ).
- 24 SALTZER J. H., SCHROEDER M. D.. The Protection of Information in Computer Systems. Proe. IEEE 63 (1.975). 1278-1308.
- 25 SAUTER K.. Structure and Functions of the Patient Data Bank in the Medical System Hannover. In Guenther A.. et. al. (Eds) International Computing Symposium 1973, Davos, Sept. 1973. pp. 585-589. ( Amsterdam: North Holland; 1974. ).
- 26 SAUTER K., REICHERTZ P. L., WEINGARTEN W., SCHWARZ B.. A System to Support High-Level Data Description and Manipulation of an Operational Data Base System. Med. Inform 1 ( 1976; ) 15-26.
- 27 SAUTER K.. Data Protection by Software Techniques with Special Regard to Problems Created by Multi-User Access. In Griesser G.. (Edit.) Realization of Data Protection in Health Information Systems. PP. 97-105. ( Amsterdam: North Holland; 1977. ).
- 28 SAUTER IC., WEINGARTEN W., KLONK J., REICHERTZ P. L.. A Multi-Level Approach for Data Description and Management of a Large Hierarchical Database Supporting a Hospital Patient Information System. In Bracchi G., Lockemann P. C.. (Eds) Information Systems Methodology. Lecture Notes in Computer Science, Vol. 65. pp. 367-379. ( Berlin-Heidelberg-New York: Springer; 1978. ).
- 29 SCHLOERER J.. Identification of Personal Records and Retrieval of Dossiers from a Statistical Data Bank. Meth. Inform. Med. Ii ( 1975; ) 7-7.
- 30 STONEBRAKER M., WONG E.. Access Control in a Relational Database Management System by Query Modification. Proceed. ACM Annual Conference. 1974 Vol. 1 180-192.
- 31 SUNDGREN B.. Theory of Da,ta Bases. ( New York: Petrooelli/ Charter; 1975. ).
- 32 TURN R.. Privacy Transformations for Databank Systems, Proc. AFIPS NCC. 2 ( 1975; ) 589-601.
- 33 TURN R., WABE W. H.. Privacy and Security in Computer Systems. Amer. Sci 83 ( 1975; ) 196-203.
- 34 TURN R., SHAPIRO N.. Privacy and Security in Databank Systems — Measures of Effectiveness, Costs and Protector-Intruder Interactions. In Hoffman L. J.. ( Edit.): Security and Privacy in Computer Systems. (Los Angeles: Melville; 1973. ).
- 35 UENO H.. Data Protection by Software Techniques in a Hospital Computer System. In Griesser G.. (Edit.) Realization of Data Protection in Health Information Systems. pp. 107-114. ( Amsterdam: North Holland; 1977. ).
- 36 WAGNER G., BÖHM K.. Data Protection Concerning a Cancer Registry. In Griesser G.. (Edit.) Realization of Data Protection in Health Information Systems. pp. 55-61. ( Amsterdam: North Holland; 1977. ).