ABSTRACT
ABSTRACT Medical image security is acquiring its importance to preserve the integrity and confidentiality of information (medical data) from malicious users given its importance in timely and successful diagnosis. In this context, several techniques have been developed to protect medical images, such as encryption, data hiding, image tagging, application of Hash algorithms, etc. This paper proposes a technique to cipher medical images by adding the metadata inside a cover image, based on extended visual cryptography as well as the inclusion of a Hash-like function to verify the integrity of the image and the metadata once they are recovered. The method proposed in this work is implemented using medical images with a grayscale resolution of [0,4095] that is a depth of 12 bits/pixel and color images with 24 bits/pixel depth. Experimental results prove the effectiveness of the proposed method in the task of secure exchange of medical images by allowing higher hiding capability, lower distortion in the visual quality of the image with the hidden medical data, as well as a means to verify the integrity of the sent data, compared to state-of-the-art.
RESUMEN La seguridad de imágenes médicas está incrementando su importancia para preservar la integridad y la confidencialidad de la información (datos médicos), frente a usuarios malintencionados dada su importancia en el diagnóstico oportuno y acertado. En este contexto, se han desarrollado varias técnicas para proteger las imágenes médicas, como el cifrado, la ocultación de datos, el etiquetado de imágenes, la aplicación de algoritmos Hash, etc. Este trabajo propone una técnica para cifrar imágenes médicas añadiendo los metadatos dentro de una imagen de cubierta, basada en la criptografía visual extendida, así como la inclusión de una función tipo Hash para comprobar la integridad de la imagen y los metadatos una vez estos sean recuperados. El método propuesto en este trabajo se implementa utilizando imágenes médicas con una resolución en escala de grises de [0,4095] es decir una profundidad de 12 bits/ píxel e imágenes en color con 24 bits/píxel de profundidad. Los resultados experimentales demuestran la eficacia del método propuesto en la tarea de transmisión segura de imágenes médicas permitiendo una mayor capacidad de ocultamiento, una menor distorsión en la calidad visual de la imagen con los datos médicos ocultos, así como un medio para comprobar la integridad de los datos enviados, en comparación con los artículos publicados.
ABSTRACT
Motivado pela adoção do Regulamento Geral sobre a Proteção de Dados pela União Europeia, o legislador brasileiro aprovou a Lei Geral de Proteção de Dados, expressamente tornando a proteção de dados pessoais um direito fundamental e reconhecendo a existência de uma categoria de dados específica, denominada de dados pessoais sensíveis, cujo conceito abarca os dados relativos à saúde e que recebem tratamento específico desse diploma legal. O objetivo do presente estudo foi analisar como a Lei Geral de Proteção de Dados trata a proteção de dados relativos à saúde. Para tanto, utilizando método dedutivo e análise bibliográfica, o estudo foi dividido em duas partes. Na primeira foi exposto o conceito jurídico de dados trazido pela Lei Geral de Proteção de Dados, bem como a definição legal de dados sensíveis. Na segunda parte discutiu-se como essa lei trata os dados relativos à saúde. De modo geral, conclui-se que, com a entrada em vigor da Lei Geral de Proteção de Dados, profissionais da saúde, clínicas médicas, hospitais e centros de saúde, entre outros, que realizarem tratamento de dados pessoais sensíveis relacionados à saúde deverão adotar medidas para adaptar tais atividades à legislação o mais brevemente possível, a fim de evitar sanções que podem ir desde a aplicação de multas pecuniárias até a proibição do uso de dados pessoais sensíveis.
Motivated by the adoption of the General Data Protection Regulation by the European Union, the Brazilian legislator approved the General Data Protection Law, expressly making the protection of personal data a fundamental right and recognizing the existence of a specific category of data, known as sensitive personal data, the concept of which encompasses data relating to health and which receive specific treatment in this legal document. The objective of the present study was to analyze how the General Data Protection Law deals with the protection of health-related data. To this end, using a deductive method and bibliographic analysis, the study was divided into two parts. In the first part, the legal concept of data brought by the General Data Protection Law was exposed, as well as the legal definition of sensitive data. The second part discussed how this law deals with health data. In general, it is concluded that, with the entry into force of the General Data Protection Law, health professionals, medical clinics, hospitals and health centers, among others, who process sensitive personal data related to health should adopt measures to adapt their activities to the legislation as soon as possible, in order to avoid sanctions that can range from the imposition of financial fines to the prohibition of the use of sensitive personal data.
Subject(s)
Computer Security , PrivacyABSTRACT
Objective:To assess the current situation of information security literacy, and determine its factors. Methods:Literature review and Delphi method were used to design a questionnaire on information security literacy. All users of disease control information system in Jinshan District,Shanghai were investigated. The questionnaire included information security related knowledge, awareness, role cognition, and behavior. Results:The overall proportion of information security literacy was determined to be 7.98%. Information security knowledge, awareness, role cognition, and behavior was identified in 17.18%, 37.42%, 62.58%, and 38.04% of the users, respectively. Sex, age and type of information system account were associated with the information security literacy. Conclusion:Information security literacy remains low in Jinshan District, which may not meet the current requirement in work. Particularly, information security behavior is at risk, which warrants further improvement in the information security management.
ABSTRACT
【Objective】 To explore the current information construction and security status in blood banks in China though sampling. so as to provide feasible suggestions for strengthening security management. 【Methods】 The anonymous online questionnaire was issued to a total of 44 blood banks to investigate the information construction status, development of hierarchical protection work, security precautions at all levels of the information system, information operation and maintenance, and emergency response in these institutions. 【Results】 The average investment concerning information construction of 44 blood banks was 12.64 yuan per donor, with a median of 8.1 yuan. The investments of information security accounted for about 22.86% of the total investment, and the informatization construction investment was mainly concentrated in one-time project. The investment in infrastructure was basically equivalent to the that in the core business information system. The blood banks have paid more attention to the importance of information security. 【Conclusion】 Under the complicated situation of information security, the blood banks should further improve the frame work of information security systems and the management level of information security to secure a stable performance of key infrastructure and the privacy of blood donors and patients.
ABSTRACT
La seguridad informática se ha convertido en una necesidad y un derecho de todos los ciudadanos. Los sistemas informáticos empleados en el sector de salud poseen un almacenamiento digital fácil y sostenible que debe garantizar la privacidad e integridad de la información, lo cual constituye cuestión delicada. En Cuba no está definido un esquema PKI (Públic Key Infraestructure) o Infraestructura de Clave Pública, centralizado a nivel nacional que propicie y garantice la seguridad de la información sensible en el sistema de salud pública, lo cual pone en riesgo la autenticidad, integridad y confidencialidad de los datos médicos personales. Este trabajo tiene como objetivo diseñar una estructura de seguridad centrada en la PKI entre las instituciones de salud, a partir de la infraestructura de llave pública nacional como autoridad de certificación raíz. Se realizó un análisis documental sobre la actualidad del tema, se realizaron entrevistas a administrativos, gestores hospitalarios y especialistas en seguridad informática, lo cual permitió crear las bases de la investigación. Se obtuvo un esquema de confianza que propicia el intercambio seguro de los registros médicos de los pacientes entre instituciones de salud. La implementación de una infraestructura PKI en el sector sanitario permite que las instituciones que requieran intercambiar registros médicos, a través de una red, puedan hacerlo con un alto nivel de seguridad(AU)
Computer security has become a necessity and a right for all citizens. The IT systems used in the health sector have much easier and more sustainable digital storage and guarantee the privacy and integrity of information, which are sensitive issues. In Cuba, there is no centralized PKI (Public Key Infrastructure) scheme at the national level that promotes and guarantees the security of sensitive information in the public health system, which puts the authenticity, integrity and confidentiality of personal medical data at risk. The aim of our work was to design a security structure centered on PKI among health institutions, based on the national public key infrastructure as root certificate authority (CA). In order to achieve this, a documentary analysis was carried out on the current state of the art in the subject; as well as interviews with administrative staff, hospital managers and specialists in computer security, which allowed the research bases to be created. As a result, a trust scheme was obtained that promotes the secure exchange of patients' medical records between health institutions. The implementation of a PKI infrastructure in the health sector allows institutions to exchange medical records through a network with a high level of security(AU)
Subject(s)
Humans , Software , Medical Records Systems, Computerized , Computer Security , CubaABSTRACT
AIM: To explore the information management of the whole process of clinical trials based on the laws and guidelines. METHODS: Taking the clinical trial management of our hospital as an example, we designed the clinical trial management information systems separately for researcher and sponsor to realize the whole process management of clinical trial in our hospital. RESULTS:The application of the clinical trial information management systems realized the real-time monitoring and information management of the whole process of project initiation, contract signing, ethical review, start-up, project selection/enrollment, subject management and conclusion. CONCLUSION: The separate design can ensure the information security of subjects, make effective statistics on the data generated, which can greatly improve the work efficiency of clinical trial management.
ABSTRACT
Telemedicine technology is a means of deploying medical resources with low cost and high efficiency. A set of remote radiotherapy system based on Citrix was designed in this paper, so that the senior radiation therapists from the developed areas can provide medical services effectively for the patients in the rural areas. This paper focused on the design ideas and the detail of the technical implementation of how to design a remote radiotherapy system based on the existing equipment in the primary hospital. And the technical reliability and security of the remote radiotherapy system were verified by the scientific test method with pairwise comparison. The early practical experience shows that through the remote radiotherapy system the primary radiotherapy personnel and the radiotherapy experts from thirdgrade class-A hospital can form effective alliance in radiotherapy techniques to allow patients in rural areas to receive more professional radiation therapy.
Subject(s)
Humans , Information Systems , Radiotherapy , Reproducibility of Results , TelemedicineABSTRACT
Objective To implement the disease control and prevention information system digital certification in Tianjin,to achieve full coverage of network direct reporting unit digital certification in the city and to improve the ability to control security risks like information leakage.Methods CA certificate management was implemented with hierarchical framework and electronic authentication cloud platform of national disease control and prevention information system in China.The life-cycle certificate management was realized for certificate update,unlocking,reissuance and withdrawal.A silent server was deployed in Tianjin Centers for Disease Control and Prevention for annual update of digital certificate.Results The digital certificate was issued to the user of Tianjin disease control and prevention information system,the integration was realized with national cloud authentication platform,and digital certificate authentication was implemented for user access.The risks for information leakage were eliminated during network reporting of disease control and prevention information.Conclusion All the authorized users of China's disease control and prevention information system in Tianjin area gain the authentication for access based on digital certificate,and the safety system is improved greatly.
ABSTRACT
El desarrollo extraordinario de la tecnología, los resultados de la innovación tecnológica y más aún en el campo de las ciencias informáticas y las telecomunicaciones, hacen de la realización de proyectos de investigación algo cotidiano en las organizaciones empresariales e instituciones públicas. La mayoría de las veces los resultados de estas investigaciones, así como otras informaciones de carácter general son presentados en plataformas web, haciendo uso de gestores de contenido por las ventajas que ofrecen estos con respecto a su alcance y fácil manipulación para mantenerlos actualizados, evidenciándose en una mayor productividad de la entidad al emplearlos. Es por esta razón que se hace imprescindible que las instituciones se interesen por las redes de computación, el mantenimiento y la seguridad requerida para la utilización de los gestores de contenido. Con el fin de prestar atención a este último aspecto (la seguridad), es que el presente trabajo aborda una serie de aspectos que tanto programadores, como administradores de red deben manejar para mejorar la toma de decisiones a la hora de proteger la información expuesta en Web basadas en sistemas gestores de contenido, y en específico aquellas basadas en Joomla!(AU)
The extraordinary development of technology, the results of technological innovation and even more in the field of computer science and telecommunications, make the realization of research projects something every day in business organizations and public institutions. Most of the time the results of this research, as well as other general information are presented in web platforms, making use of content managers because of the advantages they offer with respect to their scope and easy manipulation to keep them updated, evidenced in greater productivity of the entity when using them. It is for this reason that it is essential that institutions are interested in the computer networks, maintenance and security required for the use of content managers. In order to pay attention to this last aspect (security), it is that the present work shows a series of aspects that both programmers and network administrators must manage to improve decision making in protecting the information exposed in Web-based content management systems, and specifically those based on Joomla!(AU)
Subject(s)
Humans , Software/standards , Technological Development/methods , Computer Security/standardsABSTRACT
The commercial gene test is a kind of detection service different from genetic diagnosis in medical institutions.There is no specific legislation on gene discrimination and genetic information security related to it.This paper adopted the method of comparative study to sort out the related legal issues of commercial gene test,and put forward the regulation ideas and scheme.
ABSTRACT
By analyzing challenges brought along by mobile medical application and introducing design,layout,technical realization,functional modules and application effect of the comprehensive management platform for mobile terminals,the paper points out that application of the platform would facilitate medical staffs with clinical work and enhance control ability of management department of the hospital on mobile medical service.
ABSTRACT
The paper explains challenge and influence of the building of safe hospital against the "Intemet + " background,and discusses the countermeasures including strengthening personal information protection,the third party supervision,public opinion monitoring,talent cultivation and other aspects,in order to promote rapid development of safe hospital building.
ABSTRACT
With constant development and application of new generation information technology such as big data, cloud computing and Internet of Things, traditional management style and thought patterns of TCM are being changed. It is particularly important to introduce information security into budget management of TCM projects. This article discussed security factors in TCM budget monitoring platform, organized key contents of information security construction, built information security model for monitoring platform, and analyzed security strategies for the construction of TCM budget monitoring platform, with a purpose to guarantee effective implementation of budget information management measures of TCM projects.
ABSTRACT
Information security is the key in construction of digital hospitals and determines the successful diagno-sis and treatment of diseases in hospitals with information as a tool.The major problems in our hospital were imper-fect information security system , weak technique support , and insufficient implementation of regulations .The infor-mation security can be assured by constructing the security systems-for computer room, networks, data and their management , respectively .
ABSTRACT
The information security and privacy protection of electronic health records (HER) are greatly con-cerned by healthcare administrators, healthcare providers and patients in the era of big data and cloud computing. The concepts of information security and privacy protection of HER wre defined according to the systematic investi-gation of related literature, the keys to the information security and privacy protection of HER were summarized, and the advances in research on information security and privacy protection of HER were described.
ABSTRACT
〔Abstract〕 The paper introduces the characteristics, methods and achivements of regional health informatization construction of Luoy-ang health information security project, overviews the construction ideas of regional informatization, providing basis for future development and references for similar projects implementation.
ABSTRACT
OBJECTIVES: The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals. METHODS: The ISMS check-list derived from international/domestic standards was distributed to each hospital to complete and the staff of each hospital was interviewed. Information Security Indicator and Information Security Values were used to estimate the present security levels and evaluate the application of each hospital's current system. RESULTS: With regard to the moderate clause of the ISMS, the hospitals were determined to be in compliance. The most vulnerable clause was asset management, in particular, information asset classification guidelines. The clauses of information security incident management and business continuity management were deemed necessary for the establishment of successful ISMS. CONCLUSIONS: The level of current ISMS in the hospitals evaluated was determined to be insufficient. Establishment of adequate ISMS is necessary to ensure patient privacy and the safe use of medical records for various purposes. Implementation of ISMS which meet international standards with a long-term and comprehensive perspective is of prime importance. To reflect the requirements of the varied interests of medical staff, consumers, and institutions, the establishment of political support is essential to create suitable hospital ISMS.
Subject(s)
Humans , Commerce , Compliance , Dietary Sucrose , Hospitals , Medical Records , Medical Staff , PrivacyABSTRACT
OBJECTIVE: If medical information is integrated for management purposes, the efficiency of the system may increase. In addition, diagnostic abilities of physicians may be improved through the increased speed and accuracy of information processing. Medical databases must ensure high performance in terms of speed and reliability. In addition, access to medical information must be restricted to persons with proper authorization to ensure the privacy of patients. METHODS: Thus, the security of medical database systems with multiversion data requires both the existing management system and security policies. RESULTS: This study simulates the performance of a dynamic multiversion data management system in terms of security levels and update operations. CONCLUSION: The results show that a dynamic multiversion data management system increases disk availability more than a double version system. In addition, if the number of security levels is small, throughput will be improved because the security overhead will be low. However, frequent update operations will decrease throughput whenever versions are created at each interval.
Subject(s)
Humans , Electronic Data Processing , Dietary Sucrose , PrivacyABSTRACT
With the development of network and information in hospital,the issue of security has been raised and got more and more important.This article describes the factors that might threaten the network and information security,such as the reliability of network equipments,computer viruses,invalid intrusion,the security of inner-network,the thunder,users' actions and so on.Then some solutions to the problems are proposed.This could be an instruction to design or update the hospital's network and information system.
ABSTRACT
Several critical information technologies are discussed, which will deeply impact the informatization construction and medical support of the field hospital. The importance and development trends of these technologies in military medical service are also analyzed. These technologies will be an indispensable part in military informatization.