Health care management and information systems security: awareness, training or education?

In this paper, a methodology for determining the training needs of personnel classes within health care establishments (HCEs) with respect to information systems security is discussed. This methodology, in way of an example, is applied to a particular class of HCE personnel, namely managers, whose training needs are derived. Further, the ISHTAR training course on information systems security for HCE managers is evaluated against these requirements and improvements to it are proposed.

Using trusted third parties for secure telemedical applications over the WWW: the EUROMED-ETS approach.

This paper reports on the results obtained by the pilot operation of Trusted Third Parties (TTP) for secure telemedical applications over the WWW. The work reported on herein was carried out within the context of EUROMED-ETS, a R&D project funded by the INFOSEC office of Directorate General XIII of the European Union. The paper discusses the platform used, the security needs of the specific application, the TTP solution provided, the steps taken in order to implement the solution at a pilot scale and the results of the pilot operation; it is compiled using material included in the project deliverables.

Forming a health care incident reporting scheme.

In this paper the initial design steps of an Incident Reporting Scheme for Health Care are presented. The results of a short survey for the determination of Health Care user needs and expectations from such a scheme are given. The paper outlines a concise description of the proposed system and presents the conceptual model of the IRS database, and the developed prototype version of this database. Finally, future steps and security issues are described.

The SEISMED High Level Security Policy for Health Care.

The proliferation of the use of automated Health Information Systems in the everyday practice of health professionals has brought a number of issues related to the security of health information to a critical point. The preservation of security of health-related information can only be achieved through a concerted approach, comprising legal, organisational, technical and educational actions. These classes of actions constitute a complete "security framework", a key aspect of which is the set of rules, laws and regulations that govern the usage of information within a Health Care Establishment. This set is commonly referred to as "Security Policy". In this paper, the SEISMED High Level Security Policy for Health Care Establishments is presented.

The need for a security policy in health care institutions.

Because of the increasing role of information technology in health care more attention is needed for security. Legal, technical/organisational and social measures are needed. Based on general principles a high level security policy needs to be formulated for each institution. Based on such policy measures can be selected and implemented. The need for a high level policy is emphasized; as an example the high level policy developed within the AIM SEISMED project is briefly described.

A new expert system for histopathological diagnosis of human ovarian epithelial cancer.

A new rule-based expert system designed to assist pathologists in the histological diagnosis of human ovarian epithelial cancer has been developed. The system was implemented using the INSIGHT II+ EXPERT System Shell and runs on IBM compatible microcomputers. It operates using knowledge acquired through the literature, research and experience, formulated into a total of 195 IF-THEN rules. The WHO International Histological Classification of Tumours is being used throughout. The system can quickly focus on a differential problem, thereby reducing the time necessary to reach a conclusion. It has been tested on a set of 34 cases, previously examined by pathologists of the Metaxas Memorial Cancer Institute, and has been found to reach good agreement with the pathologists' diagnoses.