ABSTRACT
La seguridad informática se ha convertido en una necesidad y un derecho de todos los ciudadanos. Los sistemas informáticos empleados en el sector de salud poseen un almacenamiento digital fácil y sostenible que debe garantizar la privacidad e integridad de la información, lo cual constituye cuestión delicada. En Cuba no está definido un esquema PKI (Públic Key Infraestructure) o Infraestructura de Clave Pública, centralizado a nivel nacional que propicie y garantice la seguridad de la información sensible en el sistema de salud pública, lo cual pone en riesgo la autenticidad, integridad y confidencialidad de los datos médicos personales. Este trabajo tiene como objetivo diseñar una estructura de seguridad centrada en la PKI entre las instituciones de salud, a partir de la infraestructura de llave pública nacional como autoridad de certificación raíz. Se realizó un análisis documental sobre la actualidad del tema, se realizaron entrevistas a administrativos, gestores hospitalarios y especialistas en seguridad informática, lo cual permitió crear las bases de la investigación. Se obtuvo un esquema de confianza que propicia el intercambio seguro de los registros médicos de los pacientes entre instituciones de salud. La implementación de una infraestructura PKI en el sector sanitario permite que las instituciones que requieran intercambiar registros médicos, a través de una red, puedan hacerlo con un alto nivel de seguridad(AU)
Computer security has become a necessity and a right for all citizens. The IT systems used in the health sector have much easier and more sustainable digital storage and guarantee the privacy and integrity of information, which are sensitive issues. In Cuba, there is no centralized PKI (Public Key Infrastructure) scheme at the national level that promotes and guarantees the security of sensitive information in the public health system, which puts the authenticity, integrity and confidentiality of personal medical data at risk. The aim of our work was to design a security structure centered on PKI among health institutions, based on the national public key infrastructure as root certificate authority (CA). In order to achieve this, a documentary analysis was carried out on the current state of the art in the subject; as well as interviews with administrative staff, hospital managers and specialists in computer security, which allowed the research bases to be created. As a result, a trust scheme was obtained that promotes the secure exchange of patients' medical records between health institutions. The implementation of a PKI infrastructure in the health sector allows institutions to exchange medical records through a network with a high level of security(AU)
Subject(s)
Humans , Software , Medical Records Systems, Computerized , Computer Security , CubaABSTRACT
Objective:To provide the solution based on electronic authentication service and electronic signature for doctor and nurse in order to guarantee the integrity and authenticity of electronic medical records system(EMRS) in building, writing and storage.Methods: To establish integrated electronic signature platform based on the installation and debugging for the digital signature sever device; and to improve some parts of the database, such as the digital certificate, certificate logging and the integration process of digital signature etc.Results: The integrated electronic signature of EMRS can guarantee the authenticity and reliability of identity when doctor logged system or finished the normal medical work; and it can reduce manual signature process and contribute to finish the automatic signature after doctor or nurse finished EMRS and nursing recorder sheet.Conclusion: The implementation of the electronic signature can ensure the reliability of electronic medical records, achieve the complete electronic file storage for patient medical records, and greatly save manpower and material resources.
ABSTRACT
Based on introducing digital certificate related concepts, the paper compares the similarities and differences of digital sig-nature soft and hard certificates from the aspects of implementation process, implementation condition, convenience, security, law validi-ty, maintainability, etc.Combining with the actual status of information system, it analyzes the selection of digital signature.
ABSTRACT
Objective: To ensure the integrity、non-repudiation、authenticity of pictures and relevent messages by making a digital signature for a DICOM file. Methods: By using OpenSSL toolkits and dcmsign of DCMTK toolkits, make a digital sig nature for the relevent messages of DICOM medical image and then save it behind of the DICOM file. Results: We can evaluate integrity、non-repudiation、authenticity of pictures and relevent messages in the DICOM file which has been made a digital signature. Conclusion: To make a digital signature in a DICOM file by using the OpenSSL toolkits and dcmsign of DCMTK toolkits can realize the security when DICOM file transported in remote medical treatment and PACS.
ABSTRACT
We developed security function modules based DICOM standard, including Secure Connection of TLS, Digital Signature, and Media Security of CMS. Using DICOM standard security functions, medical equipment, modality, and PACS software are able to communicate and exchange information safely without sacrifice for the compatibility. TLS enables secure connection between modality. Digital Signature guarantees data integrity and authentication based on PKI technology. Lastly, CMS algorithm provides how to encrypt DICOM File based on Media Storage Security. Signed and encrypted images are only to be decrypted by patient or who has authority, and it is to be proved that those images are not changed.