Abstract
Privacy and integrity of medical records is expected by patients. This privacy and integrity is often mandated by regulations. Traditionally, the security of medical records has been based on physical lock and key. As the storage of patient record information shifts from paper to digital, new security concerns arise. Digital cryptographic methods provide solutions to many of these new concerns. In this article we give an overview of new security concerns, new legislation mandating secure medical records and solutions providing security.
Key Words: security, medical records, cryptography, teleratiology, digital signatures, certificates, RSA, smartcard, radiology, computers
Full Text
The Full Text of this article is available as a PDF (1.8 MB).
References
- 1.Lafrance S, Krok S, Moore R, et al. Proceedings of the 1996 Annual HIMSS Conference. Chicago, IL: Heathcare Information and Management Systems Society; 1996. Security vs. Access: A New Health Care Dilemma; pp. 1–9. [Google Scholar]
- 2.Wong S. A Cryptologic Based Trust Center for Medical Images. JAMIA. 1996;3:410–421. doi: 10.1136/jamia.1996.97084514. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 3.Smith J. Authentication of Digital Medical Images with Digital Signature Technology. Radiology. 1995;194:771–774. doi: 10.1148/radiology.194.3.7862977. [DOI] [PubMed] [Google Scholar]
- 4.McCurley K: Protecting Privacy and Information Integrity of Computerized Medical Information. http://www.cs.sandia.gov/≈mccurly/health.html
- 5.Schneier B. Applied Cryptography. ed 2. New York, NY: John Wiley & Sons; 1996. [Google Scholar]
- 6.Stinson D. Cryptography—Theory and Practice. Boca Raton, FL: CRC Press; 1995. [Google Scholar]
- 7.Bach E, Bellouin S, Bemstein D: Cryptography-FAQ. http://www.cs.ruu.nl/wais/html/na-dir/cryptography-faq/.html
- 8.Menezes A, Oorschot P, Vanstone S. Handbook of Applied CRYPTOGRAPHY. Boca Raton, FL: CRC Press; 1997. pp. 9–10. [Google Scholar]
- 9.Rivest R, Shamir A, Adleman L. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM. 1978;21(2):120–126. doi: 10.1145/359340.359342. [DOI] [Google Scholar]
- 10.Schneier B. Applied Cryptography. ed 2. New York, NY: Wiley; 1996. pp. 258–258. [Google Scholar]
- 11.SSL 3.0 specification. Netscape, Sunnyvale, CA. http://www.jp.netscape.com/eng/ss13/,March 1996
- 12.JavaCard API Specification Version 1.0. Sun Microsystems Inc, Mountain View, CA. http://java.sun.com/products/commerce/doc.javacard.ps, October 1996
- 13.Schneier B. Applied Cryptography. ed 2. New York, NY: Wiley; 1996. pp. 153–153. [Google Scholar]
- 14.Dam K, Lin H. Cryptography’s Role in Securing the Information Society. Washington, DC: National Academy Press; 1996. [Google Scholar]
- 15.Auston I, Humphreys B, Clayton P: Confidentiality of electronic health data: methods for protecting personally identifiable information. Washington, DC, National Library of Medicine, US Department of Health and Human Services. http://www.nlm.nih.gov/pubs/cbm/confiden.html
- 16.Schneier B. Applied Cryptography. ed 2. New York, NY: Wiley; 1996. pp. 597–618. [Google Scholar]
- 17.US Department of State: International Traffic in Arms Regulations (ITAR), 22 CFR 120–130 (Office of Munitions Control, 1989)
- 18.Recommendation X.509, in The Directory-Authentication Framework. Geneva, Switzerland: International Telecommunications Union; 1989. [Google Scholar]
- 19.Pollack A: Counterfeiters of a New Stripe Give Japan One More Worry: Fake Cards Thwart Efforts to End Pinball Scams. New York Times, Thursday June 20, 1996 (col. 2, pg. 1, sec. D)
- 20.Schneier B. Applied Cryptography. ed 2. New York, NY: Wiley; 1996. pp. 191–193. [Google Scholar]