Abstract
This chapter discusses security and privacy aspects for medical application scenario. The chapter analyze what kind security and privacy enforcements would be needed and how it can be achieved by technological means. Authors reviewed cryptographic mechanisms and solutions that can be useful in this context.
TopPatient Confidentiality
The confidentiality of the patient is a focal point of importance. The same applies to patients’ medical records that may contain very sensitive information such as AIDS/HIV status, sexual transmittable diseases, emotional problems, psychiatric illnesses, genetic predispositions to diseases, drug addictions, etc. Electronic medical databases and networking provide an efficient data management and availability but may create needs for strengthening ethical and legal requirements correspondingly.
Key Terms in this Chapter
Public Key Cryptography: A form of cryptography in which the key used to encrypt a message differs from the key used to decrypt it.
Group-Oriented Cryptography: A class of cryptographic schemes to provide security in scenarios where a group of participants can communicate securely over some computer network in such a way that the exchanged messages would be unintelligible for outsiders and non-pertaining users.
Electronic Patient Records (EPRs): An individual patient’s medical record in digital format.
Threshold Cryptosystem: A cryptosystem where in order to decrypt an encrypted message a number of parties exceeding a threshold is required to cooperate.
Key Management: Any method in information security by which cryptographic keys are exchanged or established between users based use of some cryptographic schemes.
Secret Key Cryptography: A form of cryptography in which the key used to encrypt a message is identical (or trivially related) to the key used to decrypt it.
Information privacy: The ability of an individual or group to control revealing information about them.
Access Control: This includes authentication, authorization and audit with measures such as physical devices, biometric control and monitoring.
Threshold Cryptosystem: A cryptosystem where in order to decrypt an encrypted message a number of parties exceeding a threshold is required to cooperate.
Public Key Cryptography: A form of cryptography in which the key used to encrypt a message differs from the key used to decrypt it.
Anonymity: The property of not being identifiable that is personal identity, or personally identifiable information of that person that can be used to identify that person is not known.
Information Security: A set of means for protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Secret Key Cryptography: A form of cryptography in which the key used to encrypt a message is identical (or trivially related) to the key used to decrypt it.
Group-Oriented Cryptography: A class of cryptographic schemes to provide security in scenarios where a group of participants can communicate securely over some computer network in such a way that the exchanged messages would be unintelligible for outsiders and non-pertaining users.
Anonymity: The property of not being identifiable that is personal identity, or personally identifiable information of that person that can be used to identify that person is not known.
Information Security: A set of means for protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Electronic Patient Records (EPRs): An individual patient’s medical record in digital format.
Key Management: Any method in information security by which cryptographic keys are exchanged or established between users based use of some cryptographic schemes.
Access Control: This includes authentication, authorization and audit with measures such as physical devices, biometric control and monitoring.
Patient Consent: This principle means that patients have a right to choose whether or not to accept your advice or treatment, and control access to his/her private medical data.
Information privacy: The ability of an individual or group to control revealing information about them.
Patient Consent: This principle means that patients have a right to choose whether or not to accept your advice or treatment, and control access to his/her private medical data.