greater interoperability, boosting internet trust and security, much faster internet access and better investment in research and development.
such as ageing, health, security and climate change. We refer to them as societal challenges. This brochure illustrates how Information
The project is currently testing how to make the patient summaries securely accessible to the European emergency services (112 emergency number) and the potentialities of the European Health insurance card
whose majority experienced an increased sense of security. 15 DREAMING DREAMING integrated familiar devices-such as blood pressure cuffs, mobile phones and TV-in a single platform.
A mobile emergency response system, a cooker safety solution, and a nurse alarm system were tested among the solutions.
The feedback enabled the suppliers to develop or redevelop their products, resulting in new user-driven innovations.
Moving about It is estimated that one in three people aged over 65 is at risk of falling going up to one in two for those over 80.
including a real risk of fatality. Technology permits the development of solutions which enable the elderly
The principal output of the project was a prototype of an innovative alarm system for fall detection
The objective is to deliver by 2015 across the EU evidence based validated and operational programmes for prevention, early identification and minimisation of risk,
efficient and less expensive for the taxpayer. 33 Living in a secure and trustworthy society The concern for security is as old as humankind.
not only benefits but also carries risks. Only 12%of European web users feel completely safe making online transactions. 38%of users had concerns with the safety of online payments
and have changed their behaviour because of concerns with security issues: 18%are less likely to buy goods online and 15%are less likely to use online banking.
IT networks and end users'terminals still remain vulnerable to a wide range of evolving threats (lack of privacy, loss of data, malfunctioning of the network due to a cyberattack.
Therefore, the DAE has defined a number of objectives in the field of trust and security:
security of networks the internet has become a critical information infrastructure, encompassing IT systems and networks across the globe.
It must be resilient and secure against all sorts of threats. Strong cooperation between EU governments, public bodies and private companies is necessary to improve information exchange
and to ensure that security problems are addressed quickly and effectively. The European Network Information and Security Agency (ENISA) serves as a focal point for this exchange and cooperation.
To react to threats in real-time conditions, the European commission will establish a network of Computer emergency response teams (CERTS),
also for European institutions. fight against cybercrime and cyberattacks attacks against information systems are a growing threat,
and there is an increasing concern about the potential for terrorist or politically motivated attacks against information systems
which form part of the critical infrastructures of Member States and the Union. The forthcoming European Strategy on Cybersecurity will 34 set out ways to strengthen network
and information security across the EU. It will protect the public and private sectors from intrusion and fraud,
by strengthening cross-border cooperation and information exchange. trust in technology 74%of EU Internet users in 2012 think that the risk of becoming a victim of cybercrime has increased in the past year.
Building citizens'confidence in the digital world needs an EU-wide solution also because cyber attackers do not respect national borders. safety of children online
the European commission will propose the EU's Strategy for Cyber security. It has created also a Task force Legislation Team (eidas) to deliver a predictable regulatory environment for electronic identification
or deliberate failure. 35 Over the past decade we have witnessed an ever-increasing amount of cyber attacks on the Internet.
Ranging in style from large-scale worms to phishing attempts cyber attacks have evolved to unprecedented levels of sophistication.
To counter these phenomena, defenders are (mostly) developing safeguards after the attacks are made. In the meantime, while defenders are busy with mending the fences,
We are facing an asymmetrical threat; unless addressed, this asymmetrical threat will have locked the defenders into a vicious cycle:
chasing after attackers without ever being able to catch up. The Project Syssec's objective is to be proactive instead of being reactive to cyber attacks.
Instead of cleaning up after existing (or past) attacks, they will work on predicting threats and vulnerabilities,
and build the defence before threats materialise. Syssec will create a Network of Excellence in the field of Systems Security for Europe to play a leading role in changing the rules of the game.
Current trends in Internet applications such as Web 2. 0, cloud computing, and the Internet of things are bound to bring more pervasive data collection,
longer persistence of collected data, higher and more heterogeneous traffic volume. All these factors make network management an evolving environment that becomes more challenging every day.
create a virtual centre of excellence consolidating the Systems Security research community in Europe; promote cyber security education
and to engage a think-tank in discovering the threats and vulnerabilities of the Current and Future Internet;
create an active research roadmap in the area, and develop a joint working plan to conduct State-of-the-art collaborative research. http://www. syssec-project. eu/Funded by the Seventh Framework Programme (FP7) Duration:
2010-2014 36 not only today's threats, but also those of tomorrow. DEMONS's objective is to realise this infrastructure by applying novel distributed systems technologies and leveraging their native scalability and fault tolerance characteristics.
These issues have prevented previously other security solutions from being deployed widely and have rendered therefore them ineffective.
Moreover, there are plans to exploit DEMONS technologies after the conclusion of the project in actual operational networks. http://fp7-demons. eu/Funded by the Seventh Framework Programme (FP7) Duration:
not only companies in the high security field but also emerging small and medium sized enterprises (SMES) that wish to sell biometric technologies.
and match service components depending on attributes such as availability, quality, price and security. Thus, the applications that end users see may be composed of multiple services from many different providers.
or service supplier will actually offer the security claimed. The ANIKETOS project will help to establish
The project is aligning existing and developing new technology, methods, tools and security services. Tabula rasa (Trusted Biometrics under Spoofing Attacks) The project will:
propose countermeasures such as combining biometric information from multiple sources; examine novel biometrics that may be inherently robust to direct attacks. http://www. tabularasa-euproject. org/Funded by the Seventh Framework Programme (FP7) Duration:
solving, and sharing information on mitigation of new threats and vulnerabilities. A platform will be constructed for creating
provide solutions for security engineering and trust management on the Future Internet; develop an integral framework to support secure interoperation
and higher supply security for end-users. http://www. smarthouse-smartgrid. eu Funded by the Seventh Framework Programme (FP7) Duration:
-europe. eu/@einclusion ec Trust and Security http://cordis. europa. eu/fp7/ict/security/home en. html https://ec. europa. eu/digital-agenda
/en/telecoms-internet/cybersecurity http://www. enisa. europa. eu/@EU TRUSTSEC Smart Cities and Sustainability https://ec. europa. eu/digital-agenda/node
on-road signing including variable messaging, surveillance systems, and on-road access and charging systems, while others are mobile in the sense that they are in-vehicle systems or personal (portable) systems.
Congestion relief Video Surveillance and Response (fixed)( public, private. Variable Message Signs (VMS)( fixed)( public, private.
Video Surveillance and Response, Informational Signing (variable messages), Advanced Traveler Information systems, Adaptive Cruise control, Intelligent Speed Adaptation, Congestion Free Zoning and Lanes,
Video Surveillance and Response, Informational Signing and the previously discussed Signalization, belong to larger systems of Road Traffic Management that are currently in use in particular sections and nodes.
Video Surveillance and Response Several cities maintain a continuous monitoring of key network locations to determine
(2) risk of use due to a lack of robustness of the technology under particular conditions, like in specific weather (environmental conditions and in interference with other electronic systems,
Congestion relief Video Surveillance and Response (fixed)( public, private. Variable Message Signs (VMS)( fixed and mobile)( public, private.
Patient safety (reduced risk of patient harm. Quality of care (effectiveness and efficiency of care service provision) A number of key technologies were identified as proven catalysts to significant healthcare improvement,
identify at-risk patients, and review the performance of individual physicians. Business intelligence and in particular Data mining are useful tools in the detection of outbreaks when used for the real time detection of infection trends within hospitals.
and the hospital faced significant risk with written off debt. The claims office were constantly fielding calls from consultants seeking updates on claims relevant to their patients.
In total, SMSA-BH operates 137 healthcare centres, six emergency centres and more than 40 associated hospitals.
i e. the information follows the patient Assurance that all hospital treatments, procedures, medication, management plans, investigations are fully available
and business-friendly environment, Ireland has a tremendous opportunity to exploit multiple opportunities in these international markets.
In this paper, we focus on ICT innovations related to home healthcare domain, in which patient safety and security
and user-friendly access control. 1 Introduction The high bandwidth connectivity provided by the Internet enables new services to support citizens in their daily lives.
Existing techniques address part of the trust and security requirements, for example tools for identity management and for encryption of connections.
There is a need for an integrated and easy to understand approach to trust in terms of security, privacy, and transparency
and user-friendly access control. The paper discusses the existing proposals in these areas and describes a research plan for enhancing the state-of the-art.
On the other hand, they are exposed to different security and safety threats as the patient is far from healthcare providers,
and it becomes simpler to collect, store, and search electronic health data, thereby endangering people's privacy. 3 Trusted Healthcare Services Electronic healthcare services offer important economic and social benefits for our society.
Standard Internet security techniques provide authentication and encryption of the communication with a service provider. However
It is important to have mechanisms in place that allow users to make an informed decision to trust a service provider on the basis of facts, such as reputation and security attributes.
The THECS project addresses the very important trust questions (transparency, privacy and security) for healthcare services.
and tools that visualize indicators for data reliability in a way that is understandable by end-users. 4. 3 User friendly advanced access control Healthcare services deal with very personal and sensitive information.
The protection of sensitive information is enforced usually using access control. Several access control models have been proposed in the literature (see 25 for a survey).
) In particular, access control for the healthcare domain has been studied intensively in 26-28. The challenge in designing an access control system for healthcare is that,
while posing strict constraints on the access to sensitive information, the system has to cope with the dynamic environment of healthcare
In this trend, content-based access control 29,30 and tag-based access control 31 32 has been proposed. For instance, content-based ap-proaches have been used for the protection of medical images 33.
Although these access control models are very expressive and allow the specification of a wide range of authorization policies,
The last years have seen an increasing interest in the development of user friendly privacy management and access control systems.
For instance, various enterprises designed platforms which allow users to set their privacy and access control policies.
they neither allow users to understand the effect of the specified policies nor ensure secure access control.
Pearson et al. 35 propose a client privacy management scheme based on data obfuscation (not necessarily using encryption) and user personas.
In conclusion, although several studies on access control have been carried out, no comprehensive studies on user friendly access control for healthcare exist.
The challenge is to define a novel access control model which guarantees an appropriate level of security and allows users to specify the policies regulating the exposure of their 4 http://code. w3. org/privacy-dashboard/wiki 5 https://www. privacyos. eu
/6 http://www. primelife. eu information to others. In addition, the model should be easy to use by end-users.
Ideally the access control system should not only allow users to define access rules to their data
but also support them in visualizing the effect of the defined access control policy and therefore in ensuring that the created policy reflects user's intentions.
The design of a user-friendly access control model demands to conceptually divide the access control model in two layers:
and user-friendly access control. Acknowledgements. This work has been done in the context of the THECS project
Proceedings of the 7th International Workshop on Security Measurements and Metrics, IEEE (2011) 17. Petkovic, M.,Prandi, D.,Zannone, N.:
Proceedings of the 3rd International Workshop on Security and Trust Management. 2008) 159 167 19.
Access control: Policies, models, and mechanisms. In: Foundations of Security Analysis and Design. LNCS 2171. Springer (2000) 137 196 26.
Zhang, L.,Ahn, G. J.,Chu, B. T.:A role-based delegation framework for healthcare information systems.
Proceedings of the 7th ACM Symposium on Access control Models and Technologies, ACM (2002) 125 134 27.
Proceedings of the 17th IEEE Workshop on Computer security Foundations, IEEE (2004) 139 154 28. Røstad, L.:
Access control in healthcare information systems. Phd thesis, Norwegian University of Science and Technology (2008) 29. Hart, M.,Johnson, R.,Stent, A.:
Access control in the Web 2. 0. In: Proceedings of the 1st Workshop on Online Social networks.
Role templates for content-based access control. In: Proceedings of the 2nd ACM Workshop on Role-Based Access control, ACM (1997) 153 159 31.
Hinrichs, T. L.,Garrison, W c.,Lee, A j.,Saunders, S.,Mitchell, J. C.:TBA: A Hybrid of Logic and Extensional Access control Systems.
In: Proceedings of the 8th International Workshop on Formal Aspects of Security and Trust. 2011) 32.
Levy, K.,Sargent, B.,Bai, Y.:A trust-aware tag-based privacy control for ehealth 2. 0. In:
A flexible content and context-based access control model for multimedia medical image database systems. In:
Proceedings of the 2001 Workshop on Multimedia and Security: New Challenges, ACM (2001) 52 55 34.
Security and Privacy Silver linings in the Cloud. IFIP Advances in Information and Communication Technology 330.
The flexibility of SMES, their simple organizational structure, their low risk and receptivity are the essential features facilitating them to be innovative (Harrison and Watson 1998.
62 2. 6. Privacy and security are crucial...66 References...69 6 TABLE OF CONTENTS IMPROVING HEALTH SECTOR EFFICIENCY:
104 4. 4. Addressing the challenges with the implementation of privacy and security requirements...106 References...
and risks associated with manual claims processing. In Australia, for example, electronic claiming over the internet has been available
providers investing in technological infrastructure face high risks of failure and poor returns. The ability to share information (interoperability) is also entirely dependent on the adoption of common standards and compliance with them. 3. Concerns about privacy and confidentiality:
or sharing the financial risk, and providing much more robust evidence on the advantages of health ICT can,
THE ROLE OF INFORMATION AND COMMUNICATION TECHNOLOGIES OECD 2010 Enabling robust and reliable privacy and security frameworks Health information can be extremely sensitive and professional ethics in health care demands a strict adherence
The implementation of privacy and security requirements is proving particularly challenging in the case of EHRS
Although health care organisations have a strong interest in maintaining privacy and security they also have to balance this interest against the need to ensure that information can be retrieved easily
when required for care, particularly in an emergency. Restoring public trust that has been undermined significantly is much more difficult than building it from the outset.
and this provides a critical window to address privacy and security issues. Conclusions The findings discussed in this report point to a number of practices
a robust and balanced approach to privacy and security is essential to establish the high degree of public confidence
and security frameworks and accountability mechanisms that both encourage and respond to innovation. Align incentives with health system priorities:
Tools that include alerts on a patient's potentially serious health condition or risk, and facilitate communication between providers have been cited as providing substantial benefits in health outcomes (Bates et al.,
THE ROLE OF INFORMATION AND COMMUNICATION TECHNOLOGIES OECD 2010 documented adherence to quality assurance criteria and the efficiency of surveillance, population and outcomes research (Kukafka et al.
providers investing in technological infrastructure face high risks of failure and poor returns. The ability to share information (interoperability) is also entirely dependent on the adoption of common standards and compliance with them.
because the physician does not bear the financial risk, the decision to finance and adopt ICT,
and the current risk-averse culture, public and private payers cannot simply rely on physicians willingness to pay for ICTS.
In so doing, they should give careful consideration to the possibility of sharing some of the risks and potential savings with health care providers.
2) clinical requirements (e g. reliability of patient records, and risk management. 2. 5. Lack of commonly defined and consistently implemented standards plagues interoperability Although,
there is no assurance that this information will be conveyed reliably across different vendor systems or enterprises. Given these problems along with the changes in the marketplace and the proliferation of proprietary ICT tools,
2005). 2. 6. Privacy and security are crucial How health care organisations handle their digital information environment affects the uptake of health ICTS.
Sharing sensitive patient data in a large and heterogeneous environment through the use of web-based applications raises a series of privacy and security issues.
In this process, the main challenge is to create a smooth interface between privacy and confidentiality policy and security requirements for defining access to and use of personal health care information.
THE ROLE OF INFORMATION AND COMMUNICATION TECHNOLOGIES OECD 2010 well-publicised serious lapses in existing systems and stories about security breaches.
and security procedures may not always be followed by those with access to their records. The survey also found a range of initiatives that could be used to allay many of these concerns.
or security breaches affecting the system. The case studies clearly indicate that appropriate privacy protection must be incorporated into the design of new health ICT systems and policies from the outset,
Although health care organisations have a strong interest in maintaining privacy and security, they also have to balance this interest against the need to ensure that information can be retrieved easily
when required for care, particularly in an emergency. 68 CHAPTER 2 . WHAT PREVENTS COUNTRIES FROM IMPROVING EFFICIENCY THROUGH ICTS?
Center for Democracy & Technology (2008), Comprehensive Privacy and Security: Critical for Health Information technology, Center for Democracy & Technology, Washington D c. Chaudhry, B. 2005), Health Information technology (HIT) Adoption Standards and Interoperability, RAND Health Working Paper.
by shifting or sharing financial risk, can therefore be expected to speed up ICT adoption. Not surprisingly, the range of financial incentives used in the various case study countries is broad,
part of the reimbursement or fees paid to the care provider is at risk. 76 CHAPTER 3. ALIGNING INCENTIVES WITH HEALTH SYSTEM PRIORITIES IMPROVING HEALTH SECTOR EFFICIENCY:
consisting of eight indicators across four service areas including cervical screening, child health surveillance, maternity services,
Privacy and security tutorials. Post-implementation review. Added-up, the basket of the PITO premiums is substantial,
Potential further widening of this gap through loss of productivity during the early implementation stages carries a risk that EHR will not be adopted.
therefore, taking on a substantial share of the financial risk. This level of government intervention also reflects the public good nature of the initiative.
Partnerships lower the intervention costs (and risks) for any one health care organisation and increases the likelihood of effectiveness and sustainability of interventions.
and security concerns Federal government Control costs, Improve quality Favourable Financial, organisational State/local governments Control costs, improve quality Favourable Financial, organisational Hospitals/Physicians/Providers Accurate patient information at point of care Favourable but constrained by lack
and enabling solutions for privacy and IT SECURITY) setting the conditions for the development of interoperable EHR systems across Canada.
Among the various instruments available to governments, certification helps mitigate risks and increases the confidence of users that the purchased systems will indeed provide required capabilities (e g. ensuring security
and confidentiality) including interoperability with emerging local and national health information infrastructures (Classen et al.,2007).
and simultaneously reduce the risks facing health ICT purchasers, thus acting as a two-stroke catalyst to accelerate adoption.
In 2006, the commission certified the first 37 ambulatory or clinician office-based electronic health record products as meeting baseline criteria for functionality, security, and interoperability.
as well as describing technical, interoperability, security, privacy and other requirements. In Canada, the only case study country currently setting VCURS, the process is targeted a effort within the context of a specific health ICT incentive programme rather than a broad product certification scheme,
Reducing the risk of data loss in physician offices caused by human, hardware or software failure.
2007). 4. 4. Addressing the challenges with the implementation of privacy and security requirements Once technical challenges are overcome
the risk increases that stigmatising disclosures could affect areas such as employment status, access to health insurance and other forms of insurance,
Interpretation of privacy and security requirements are determined still often locally within countries and vary significantly between countries.
The implementation of security requirements is proving particularly challenging (and cumbersome) in the context of EHRS,
security/privacy issues have been the biggest challenge. Officials from every CHAPTER 4. ENABLING A SECURE EXCHANGE OF INFORMATION 107 IMPROVING HEALTH SECTOR EFFICIENCY:
and security concerns were an overriding factor in every aspect of the technology deployment from start to finish.
Both approaches have risks and benefits. The MAEHC decided to use a global opt-in approach for patient participation in the HIE.
The risk that large numbers of patients would refuse to opt in had been an issue in other countries (e g. the United kingdom
THE ROLE OF INFORMATION AND COMMUNICATION TECHNOLOGIES OECD 2010 Box 4. 4. MAEHC turned consent to demand Following extensive discussion within the MAEHC's own privacy and security committee
convenience and data security. Instead of making security concerns the main feature of the patient brochures, the MAEHC placed these issues in a familiar context,
by comparing HIE security provisions to what banking institutions have in place today (Tripathi et al.,2009). 110 CHAPTER 4. ENABLING A SECURE EXCHANGE OF INFORMATION IMPROVING HEALTH SECTOR EFFICIENCY:
THE ROLE OF INFORMATION AND COMMUNICATION TECHNOLOGIES OECD 2010 References Beckerman, J. Z. et al. 2008), Health Information Privacy, Patient Safety, and Health care Quality:
Privacy and security measures; Adoption and use of standards for interoperability; Adoption of organisational change management initiatives;
Institute of Medicine (2006), Hospital-Based Emergency Care: At the Breaking point, National Academy Press, Washington, D c. Johnston, D. et al.
Reduction in the risk of clinical errors through improved legibility and reduced double-entry of patient information.
This is further complicated by a number of uncertainties inherent in complying with a diverse range of legal obligations i) on privacy and security and ii) on clinical protocols.
THE ROLE OF INFORMATION AND COMMUNICATION TECHNOLOGIES OECD 2010 Addressing privacy and security concerns A dedicated privacy
and security committee worked in conjunction with communities and consumer councils to make final determinations for privacy and security policies.
A global opt-in approach was used in which patients are asked specifically to agree to as needed electronic exchange of their clinical data between clinical sites (however,
and the benefits of HIE participation were touted to encourage patient participation rather than making security a major concern.
which was previously unavailable tissue plasminogen activator (tpa) within the first three hours after onset of symptoms can effectively reduce the risk of death and severe disability).
Convenience, enhanced security in the dispensing process, and timesavings are the features most appreciated by users today.
and security measures to allow access to certain national databases, e g. National Pharmacy Register. Progress in hospital deployment has been limited due to competing interests of physicians and hospital administrators.
Robust privacy and security frameworks In The netherlands individuals are able to exercise, to a significant degree, control over their health information.
and cannot be accessed in an emergency). They can also request the provider to conceal or mask discrete data items in their medical record by withholding authorisation
The identifier is identical to the social security number. This number does not provide any information and vest any right.
run the risk of a loss. A migration to an ASP was recommended, therefore. Use of the WDH,
and security requirements and to keep records in accordance with the ADEMD guidelines. All these tasks are considered important by physicians,
yet achieves greater security and cost savings through decentralisation. ANNEX B. PROJECT BACKGROUND AND METHODOLOGY 153 IMPROVING HEALTH SECTOR EFFICIENCY:
For the stimulation of demand of innovation-public organisations can play an important role as visionary risk-taking and demanding reference customers.
Measures addressing information symmetries and risk assessment tools and systems are examples of government initiatives that can stimulate private initiatives.
How to stimulate demand of innovation Public organisations can play an important role as visionary risk-taking and demanding reference customers
and non-funding support that reduces risks and improves innovation management skills. Complement procurement processes with funding support that accelerates the scaling
as well as connected with a potential risk (they are vulnerable to loss of staff and knowledge and quality is often based on the quality of individual advisers).
Overtext Web Module V3.0 Alpha
Copyright Semantic-Knowledge, 1994-2011