Esquema de confianza basado en Infraestructura de clave pública (PKI) para el intercambio de información clínica electrónica en el sistema XAVIA HIS / PKI-based trust scheme for the exchange of electronic clinical information in the XAVIA HIS system

La seguridad informática se ha convertido en una necesidad y un derecho de todos los ciudadanos. Los sistemas informáticos empleados en el sector de salud poseen un almacenamiento digital fácil y sostenible que debe garantizar la privacidad e integridad de la información, lo cual constituye cuestión delicada. En Cuba no está definido un esquema PKI (Públic Key Infraestructure) o Infraestructura de Clave Pública, centralizado a nivel nacional que propicie y garantice la seguridad de la información sensible en el sistema de salud pública, lo cual pone en riesgo la autenticidad, integridad y confidencialidad de los datos médicos personales. Este trabajo tiene como objetivo diseñar una estructura de seguridad centrada en la PKI entre las instituciones de salud, a partir de la infraestructura de llave pública nacional como autoridad de certificación raíz. Se realizó un análisis documental sobre la actualidad del tema, se realizaron entrevistas a administrativos, gestores hospitalarios y especialistas en seguridad informática, lo cual permitió crear las bases de la investigación. Se obtuvo un esquema de confianza que propicia el intercambio seguro de los registros médicos de los pacientes entre instituciones de salud. La implementación de una infraestructura PKI en el sector sanitario permite que las instituciones que requieran intercambiar registros médicos, a través de una red, puedan hacerlo con un alto nivel de seguridad(AU)

Computer security has become a necessity and a right for all citizens. The IT systems used in the health sector have much easier and more sustainable digital storage and guarantee the privacy and integrity of information, which are sensitive issues. In Cuba, there is no centralized PKI (Public Key Infrastructure) scheme at the national level that promotes and guarantees the security of sensitive information in the public health system, which puts the authenticity, integrity and confidentiality of personal medical data at risk. The aim of our work was to design a security structure centered on PKI among health institutions, based on the national public key infrastructure as root certificate authority (CA). In order to achieve this, a documentary analysis was carried out on the current state of the art in the subject; as well as interviews with administrative staff, hospital managers and specialists in computer security, which allowed the research bases to be created. As a result, a trust scheme was obtained that promotes the secure exchange of patients' medical records between health institutions. The implementation of a PKI infrastructure in the health sector allows institutions to exchange medical records through a network with a high level of security(AU)

The Personal Health Information Reference System based on e-P.O.Box Conception / 대한의료정보학회지

IT Strategic Headquarters of the Japanese government compiled the Priority Policy Program 2007, in which "Establishment of the structure for every citizen to be able to manage and utilize his health information by himself" and "Foundation of the e- Post-Office box for the realization of the social security service in aspects of people" are declared. For this purpose, a health information system is considered that delivers healthcare data to the server, where the data is to be individually self.administered by the owner. A patient can register his data, and download or reference it from any medical institution or home when necessary. We made a prototype system to realize such a personal health data referring system based on the e. post.office box concept. The system is to be used in field trial experiment with the staffs and students of Tokyo Institute of Technology using their ID Card. This prototype system is expected to be available for the policy suggestion in the realization of the e-P.O.Box stated in the Priority Policy Program of the government.

A Study on the Implementation of DICOM Standard Security / 대한의료정보학회지

We developed security function modules based DICOM standard, including Secure Connection of TLS, Digital Signature, and Media Security of CMS. Using DICOM standard security functions, medical equipment, modality, and PACS software are able to communicate and exchange information safely without sacrifice for the compatibility. TLS enables secure connection between modality. Digital Signature guarantees data integrity and authentication based on PKI technology. Lastly, CMS algorithm provides how to encrypt DICOM File based on Media Storage Security. Signed and encrypted images are only to be decrypted by patient or who has authority, and it is to be proved that those images are not changed.

PKI-based security for computer-based patient record information system / 医疗卫生装备

Public Key Infrastructure (PKI) can provides a series of security services for computer-based patient record information system. This paper discusses the application of PKI to the security of computer-based patient record information system.