A significant issue in health related applications is protecting a patient’s profile data from unauthorized access. In the case of telemedicine systems a patient’s medical profile and other medical information is transferred over the network from the examination lab to the doctor’s office in order for the doctor to be able to perform a diagnosis. The medical information transferred across the network should be encrypted, secured and protected until it reaches its final destination. Patients’ medical profiles should be accessible by their doctors in order to support diagnosis and care, but must also be protected from other patients, medical companies and others who are not certified by the patient to access his medical data. A very important element of virtual communities is trust. Trust should be built upon the same specifications for secure data transfer and leveled access with medical information. Furthermore, trust requires a strict policy based mechanism, which defines roles, access rights and limitation among community members, as well as a flexible identification mechanism, which allows anonymity of patients, while in the same time guarantees the truthfulness of doctors’ identity and expertise.
The Web offers access to many databases that contain medical information, and has significantly changed the way patients seek medical help. According to recent surveys, 50% of patients access medical information via the internet before visiting their doctor and this information affects their choice of treatment (Ferguson, 2002). The assistant role of virtual communities for patients who search for medical help and advice is undeniable. Researchers, practitioners, medical industry and patients jointly contribute their findings, products and experiences, to the community’s knowledge base. The information transferred inside a health related virtual community and the stockpiled knowledge must be carefully protected from unauthorized use and validated in order to be qualitative and useful.
The issues of security, which traditionally applies to telecommunication applications, and confidentiality, which applies to healthcare applications, smoothly converge towards trust, which is the basis and apex of communities (Mezgar, 2005). This chapter examines various aspects of a health related virtual community always under the prism of information security and user protection. We provide several paradigms where patient information may be at risk and others where the integrity of the exchanged information can be questionable due to security faults.
The following section provides an introduction to the main community concepts and defines the structure of a typical health related virtual community. The critical features of communities (aim, limits, roles, services) are examined in the scope of a health related community. The third section deals with health information in general and with the security issues, which might arise when using medical services from distance. In the third section, we argue for the need to protect medical data on access, in transit and in storage, we summarize the possible security risks and state the need for an integrated security management system. The last section, uses an fictitious example in order to demonstrate the use of security policies, which can be help virtual communities to protect knowledge and information sharing and guarantee integrity.
Our objective in writing this chapter is:
To enlighten the public in the security and integrity issues inside community,
To raise the level of security awareness: a) of IT professionals, who develop, maintain or contribute to health related communities, b) of patients that reveal their privacy to a “virtual doctor” and make use of medical advices shared by other community members,
To propose a set of technologies, which can under circumstances ensure that patients and doctors benefit from using community services without the fear of being a pray for phishers, spammers, hackers and crackers,
To define the steps for building a trustful health related virtual community.
This section provides a short introduction to the role of virtual communities in healthcare giving emphasis to the community structure and presenting the critical features of a healthcare community (aim, limits, roles, services). The section concludes with issues such as confidentiality and integrity of the community services and content.
Key Terms in this Chapter
Unauthorized Access: A malicious user manages to infiltrate the community site and gains access to all these data that the community needs to protect.
Trust: The most important factor for a long-living community. Trust can be deep, thick and swift depending on the strength of relation between community members.
Healthcare Virtual Communities: Virtual communities comprising members from the healthcare domain. Members join the community in order to discuss health related subject, give or receive medical advice and support etc.
Sensitive Personal Data: Data referring to a person, which cannot be revealed to anybody. In a health related virtual community, such data may refer to a person’s health situation, nutritional restrictions, history of examinations and surgeries etc.
Confidentiality, Integrity and Availability: Medical data is confidential, must be accurate and available during all times and is protected by Data Protection Laws.
Eavesdropping: A malicious user is spying information exchanged between community members and collects useful information.
Intrusion Prevention System: A system which is able to block any suspicious traffic based on the characteristics of the received data and guarantees authorized access to the community information and services