Análisis de seguridad para el manejo de la información médica en telemedicina
Resumen
La Telemedicina hace posible realizar de forma remota, varios procedimientos médicos y clínicos como: exámenes, diagnósticos y supervisión de tratamientos, utilizando recursos tele informáticos como computadores, servidores, equipos de procesamiento de imágenes, Internet y equipos de transmisión y recepción de información. La transmisión de la información de los pacientes crece día con día, vinculando otra serie de problemas relacionados con el tráfico y seguridad de los datos. En el tema de la seguridad, aún existe divergencia en los criterios de almacenamiento, acceso y transmisión de información de los pacientes porque los requerimientos físicos y lógicos varían para cada empresa, equipo desarrollador o intereses particulares. El presente trabajo hace un análisis respecto del tema de la seguridad informática sobre una red de Telemedicina. Incluye un análisis sobre los procedimientos de los servicios de Telemedicina más característicos y sus requerimientos de seguridad. Los requerimientos fueron estudiados y seleccionados a partir de los estándares internacionales regulatorios que se adapten a las necesidades básicas de seguridad de los servicios de Telemedicina.Descargas
Lenguajes:
esAgencias de apoyo:
Universidad Militar Nueva GranadaReferencias bibliográficas
Komiya, R. A proposal for Tele-medicine reference model for future standardization. HEALTHCOM 2005. Proceedings of 7th International Workshop.
Yajiong, Xue and Huigang, Liang. Analysis of Tele-medicine Diffusion:The Case of China. IEEE transactions on information technology in biomedicine. Vol. 11(2), march 2007.
Health Insurance Portability and Accountability Act (HIPAA). Reassessing Your Security Practices in a Health IT Environment: A Guide for Small Health Care Practices 1996.
Caldicott, Dame Fiona Report on the review of patient-identifiable information Department on Heath and British Medical association, December 1997.
Ferrante, F. Maintaining Security and Privacy of Patient Information. Proceedings of the 28th IEEE EMBS Annual International Conference New York, aug 30 - sept 3, 2006. http://dx.doi.org/10.1109/iembs.2006.259655
Maji, A.K., Mukhoty, A., Majumdar, A.K. ; Mukhopadhyay, J., Shamik, Sural, Paul, S., and Majumdar, B. Security analysis and implementation of web-based Tele-medicine services with a four-tier architecture Proceedings of the 2nd International Conference on Pervasive Computing Technologies for Healthcare 2008.
En: http://www.phiprivacy.net/?p=6389
Estándar ISO/TR 16056-1. Health Informatics: Interoperability of Tele-health Systems and Networks ISO Press.
Rosenberg J., Schulzrinne H., Camarillo G., Johnston A., Peterson J., Sparks R., Handley M., and Schooler E. SIP: Session Initiation Protocol IETF RFC 3261, junio 2002.
International Tele-communication Union (ITU) Recomendación ITU-T H.323, diciembre de 2009.
Postel J. User Datagram Protocol IETF RFC 768, agosto 1980.
Documentación de Digital Imaging and communications in Medicine En: http://dicom.nema.org/
Documentación Health Level 7 (HL7).En: http://www.hl7.org/
Sheng, O., Hu, P., Chih-Ping, W., and Pai-Chun, Ma. Organizational management of Tele-medicine technology: conquering time and space boundaries in health care services. Engineering Management, IEEE Transactions, 2002.
Miserque N. Programa Galaxia Fundación Cardiovascular de Colombia Floridablanca – Santander. Departamento Nacional de Medicina Área de Telemedicina. En: Revista eSalud. Vol. 1. Fesalud. 2005.
Centro de Telemedicina de Colombia. En : http://www.colombianTelemed.com/content/blogcategory/1/2/lang,spanish/
Zhang G. H., Carmen, C. Poon Y., Member, IEEE, Ye. Li, and Zhang Y. T. A Biometric Method to Secure Tele-medicine Systems. 31st Annual International Conference of the IEEE EMBS Minneapolis, september 2-6, 2009.
Wallauer Jader, von Wangenheim Aldo, Andrade Rafael, Macedo Douglas D. J. de, A Telemedicine Network Using Secure Techniques and Intelligent User Access Control, 21st IEEE International Symposium on Computer-Based Medical Systems, pp. 1-3.
Bingyi Hu, Jing Bai, and Datian, Ye. An internet based communication server for Telemedicine. The Department of Electrical Engineering, The School of Life Science and Engineering Tsinghua University, Beijing. Proceedings-19th International Conference - IEEE/EMB, oct. 30 - nov. 2, 1997 Chicago.
Shaikh, Asadullah y Misbahuddin, Muhammad. A system design for a Tele-medicine health care system, Tesis de Maestría en Ingeniería de Software y Gestión. University of Goteborg. Department of Applied information Technology, 2007.
Zvikhachevskaya, Anna, Markarian, Garik, and Mihaylova, Lyudmila. Quality of Service consideration for the wireless Tele-medicine and e-healt services WCNC 2009 proceedings, IEEE, 2009.
Yajiong, Xue and Huigang, Liang. Analysis of Tele-medicine Diffusion:The Case of China. IEEE transactions on information technology in biomedicine, Vol. 11 (2), march 2007.
Sicurello, Francesco Some Aspects on Tele-medicine and Health Network Referent of Italian Ministry of Foreign Affairs for Tele-medicine, CNR- Institute of Biomedical Advanced Technology, Milan.
Toninelli, Alessandra Montanari, Rebecca, and Corradi Antonio, Enabling secure service discovery in mobile healthcare enterprise networks. University of Bologna. In: IEEE Wireless Communications Magazine june 2009.
Sicurello Francesco Some Aspects on Tele-medicine and Health Network Referent of Italian Ministry of Foreign Affairs for Tele-medicine. CNR- Institute of Biomedical Advanced Technology, Milan.
Organización Panamericana de la Salud OPS/OMS, ORAS-CONHU Organismo Andino de Salud. Aplicaciones de Tele-comunicaciones en la salud en la Subregión Andina. Serie Documentos Institucionales, 2000.
Guillén, E., y Ramírez, Leonardo. Validación de Políticas de Seguridad en la Práctica Social. Universidad Militar Nueva Granada, 2010.
Andriyan B., Suksmono U., Sastrokusumo L.R., Overview of Telemedicine Activities in Indonesia: Progress and Constraints. IEEE 2004.
Fliedner T.M., Weiss, M., Grossmann, H.P., Pieper B., Akleyev, A.V., and Varfolomeyeva, T.A. Tele-consultation in Radiation Medicine Results of regular Tele-medicine consultations between the Health Sciences Centre of the University of Ulm, Germany and Urals Research Centre for Radiation Medicine, Chelyabinsk, 2002.
Grupo de Investigación GITEM Manual de estándares de las condiciones tecnológicas mínimas para las prestación de servicios de salud por Telemedicina Universidad Distrital Francisco José de Caldas, 2004.
Baos G. Tele-oftalmología: Telemedicina en Oftalmología. En: Archivo de la Sociedad Espa-ola de Oftalmología, 2. 1998.
Heneghan C., Sclafani A.P, Stern J., Ginsburg J., Tele-medicine applications in otolaryngology. In: Engineering in Medicine and Biology Magazine. IEEE, 1999.
Reddy N.P, and Gupta V., Computerized biofeedback systems for home care and Teletherapy. In: Engineering in Medicine and Biology, 1999. http://dx.doi.org/10.1109/iembs.1999.803839
F. da Costa Dias, De Azevedo R.R., Rodríguez C., Danas E, Dias G., and De Barros R. Onto sic: Leveraging the Knowledge in the Treatment and Diagnosis of Tele-psychiatry. Network and System Security. 4th International Conference, 2010.
Foo Siang Fook V., Zhuo Hao S., Phyo Wai A., Jayachandran M., Biswas J., Siew Yee L., and Yap P., Innovative platform for Tele-physiotherapy. In: E-health Networking, Applications and Services. HealthCom 2008. 10th International Conference.
Observatorio Regional de la Sociedad de la Información (ORSI). La Telemedicina al servicio de la Sociedad del Conocimiento. Estrategia Regional para la Sociedad Digital del Conocimiento de Castilla y León (ERSDI), 2007.
Knisley J.R., and. Werchan H.A. Tele-metry: enhancing tactical network management tactical Communications Conference, 1994. Vol. 1. Digital Technology for the Tactical Communicator, 1994.
Ozen N., and Karli B., A Tele-cardiology system design with real-time diagnosis and Teleconsultation. Applications of Digital Information and Web Technologies, 2008. ICADIWT 2008. First International Conference, 2008.
Alfaro L., AlviraM., M. Coma, Ferrer O., y García M. Manual de Tele-patología. Club de Informática Aplicada de la Sociedad Espa-ola de Anatomía Patológica Pamplona, 2001.
International Tele-communication Union. UIT-T International Tele-communication Union – Tele-communication Sector, 1993.
Health Insurance Portability and Accountability Act (HIPAA) Reassessing Your Security Practices in a Health IT Environment: A Guide for Small Health Care Practices, 1996.
Brand, Koen & Boonen, Harry, "IT Governance based on COBIT 4.0: a management guide Van Haren Publishing, 2004.
Caldicott, Dame Fiona. Report on the review of patient-idetifiable information Department on Heath and British Medical association, December, 1997.
International Organization for Standardization ISO and International Electro technical Commission IEC International Standard ISO/IEC 27000:2009..
International Tele-communication Union UIT-T International Tele-communication Union – Tele-communication Sector, 1993.
CALDICOTT, Dame Fiona. Report on the review of patient-idetifiable information Department on Heath and British Medical association, diciembre, 1997.
Williams, A. The confidentiality, security and sharing of personal data Policy and Procedures for the local health community Version 1.3 Compiled,. 2001.
Melczer H. Security and Privacy Workgroup. 45 CFR PART 160 –general administrative requirements and 45 CFR PART 164 – security and privacy, 2003.
Brand, Koen & Boonen, Harry IT Governance based on COBIT 4.0: a management guide Van Haren Publishing, 2004.
International Tele-communication Union UIT-T International Tele-communication Union – Tele-communication Sector, 1993.
Amiya K. Maji, Arpita Mukhoty, Arun K. Majumdar, Jayanta Mukhopadhyay, Shamik Sural, Soubhik Paul, Bandana Majumdar. Security Analysis and Implementation of Web-based
Maglogiannis Ilias and Zafiropoulos Elias. Modeling Risk in Distributed Healthcare Information Systems. Proceedings of the 28th IEEE EMBS. Annual International Conference New York City, aug 30- sept 3.
Dillar, Kurt y Pfost, Jared. Guía de administración de riesgos de seguridad. Capítulo 4: Evaluación del riesgo. Microsoft Corporation, 2004.
Echeverry, Juan. Metodología para el diagnóstico continuo de la seguridad informática de la red de datos de la Universidad Militar Nueva Granada. Trabajo de grado. Programa de Ingeniería en Telecomunicaciones, 2009.
Ministerio de la Protección Social. Resolución 1448, 8 de mayo de 2006. En: http://www.fcv.org/Portal/telemedicina/normatividad/1448.pdf (24 de marzo 2012)
Ministerio de la Protección Social Resolución 3763, 18 de octubre de 2007. En: http://www.fcv.org/Portal/telemedicina/normatividad/3763.pdf (24 de marzo de 2012)
International Telecommunication Union, ITU-T Study Group 16: e-health and standardization. En: http://www.itu.int/ITU-/studygroups/com16/index.asp
International Telecommunication Union, ITU-T Study Group 17 Security En: http://www.itu.int/ITU-T/studygroups/com17/index.asp
International Telecommunication Union, ITU-D: ICT Applications for e-health. En: http://www.itu.int/ITU-D/cyb/app/e-health.html
Weinstein, Ira M. Security for videoconferencing A guide to understanding, planning, and implementing secure compliant ISDN &IP videoconferencing security, .2004.
Mahmoud, Y. Information security strategy in Telemedicine and e-Health systems: A case study of England's Shared Electronic Health Record System. 2010.
Stubblebine, Stuart G. Security Services for Multimedia Conferencing" USC Information Sciences Institute, 1998.
Kovacevic, S., Kovac, M., and Knezovic, J. System for Secure Data Exchange in Telemedicine Faculty of Electrical Engineerign and Computing, Zagreb. 9 International Conference on Telecommunication 2007.
Stallings, W. Cryptography and Network Security, 4th ed. Pearson Prentice Hall, 2006.
Kaufman Charlie, Perlman Radia, and Speciner Mike. Network Security, Private Communication in a Public World, 2nd ed. Prentice Hall, 2002.
Blagosklonov, O., Itti, E., Sabbah, R., and Guiderdoni, P. High-secured cardiac imaging network: Imaging CardioWeb Institute In: cardiology 2002, pp. 345-346.
Itti, R, and Guiderdoni P. Internet nuclear cardiac image circulation, processing and storage: The Cardioweb project. In: Radiology 2000, 217 suppl.:704.
Institute for security and open methodologies. P. Herzog. Open Source Security Testing Methodology Manual. OSSTMM 2.1, 2003.
