SecMD (Secure Medical Database)
Abstract
This paper describes an architecture to enforce security and privacy of patients’ medical data called SecMD. A novel data representation scheme called Data Capsule (DC) is used to support such model. Data using DC’s are represented as objects containing all the security parameters necessary to enforce a secure policy. The management of medical records, including their transfer from one entity to another (e.g., from Hospital A to Hospital B) becomes only a matter of managing objects. Security policies, auditing data, and all security enforcement data, which are part of a DC, are bound to the raw data, ensuring that security policies are always enforced.References
US Department of Health and Human Services – DHHS (2006), Public Law 104-191, “Health Insurance Portability and Accountability Act of 1996,” Available in Online: [link]
A. M. Snyder (2003), "Performance Measurement and Workflow Impact of Securing Medical Data Using HIPAA Compliant Encryption in a .NET Environment", Master Thesis, University of Virginia, USA.
HIPAA Advisory (2006) “Status of HIPAA Regulations Compliance Calendar”, Available Online in: [link]
R. J. Feiertag, K. N. Levitt, and L. Robinson (1977), "Proving multilevel security of a system design", ACM Symposium on Operating Systems Principles, P. 57 - 65, ACM Press New York, NY, USA
President's Information Technology Advisory Committee (2005), “Cyber Security: A Crisis of Prioritization”, Available online at: [link]
R. Simpson (1996) Security Threats are Usually an Inside Job, Nursing Management, 27(12): 43.
T. Rindfleisch (1997) Privacy, Information Technology and Health Care, Communications ACM, 40(8): 93-100.
T. Connolly, C. Begg, and A. Strachan (1998), "Database Systems: A Practical Approach to Design, Implementation, and Management", Addison Wesley Publishing, USA
Don E. Detmer (2003). "Building the national health information infrastructure or personal health, health care services, public health and research". BioMed Central Medical Informatics and Decision Making, 3(1):1.
Ross J. Anderson (1996). “A Security Policy Model for Clinical Information Systems,” in Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy, pp. 30–43, IEEE Computer Society Press, Los Alamitos, CA
D. E. Bell and L. J. LaPadula. Secure computer systems: Mathematical foundations and model. Technical Report MTR 2547 v2, MITRE Corporation, 1973.
D. D. Clark and D. R. Wilson. A comparison of commercial and military computer security policies. In IEEE Symposium on Security and Privacy, pages 184{194, Oakland, April 1987.
Kenneth D. Mandl, Peter Szolovits, and Isaac S. Kohane (2001) “Public standards and patients’ control: How to keep electronic medical records accessible but private,” British Med. J., vol. 322, pp. 283–287.
Roderick Neame (1997). Smart cards: the key to trustworthy health information systems. BMJ 1997;314:573–7.
Gérard Comyn (2006) “Connected Health: Quality and Safety for European Citizens”, Report of the Unit ICT for Health in collaboration with the i2010 sub-group on eHealth (formerly known as the eHealth working group) and the eHealth stakeholders’ group.
Khin T. Win (2005). "A review of security of electronic health records. Health Information Management"; 34(1): 13-8.
André dos Santos (2000), “Safe Areas of Computation (SAC) for secure computing,” PhD dissertation, University of California Santa Barbara, Online at [link].
Snyder, Andrew Morgan (2003) “Performance Measurement and Workflow Impact of Securing Medical Data Using HIPAACompliant Encryption in a .NET Environment,” Master’s thesis, University of Virginia, USA
DeFrances, Carol J. and Hall, Margaret J. (2007) "2005 National Hospital Discharge Survey", Advanced Data from Vital and Health Statistics #385, US Center for Disease Control and prevention (CDC), Division of Health Care Statistics, USA
A. M. Snyder (2003), "Performance Measurement and Workflow Impact of Securing Medical Data Using HIPAA Compliant Encryption in a .NET Environment", Master Thesis, University of Virginia, USA.
HIPAA Advisory (2006) “Status of HIPAA Regulations Compliance Calendar”, Available Online in: [link]
R. J. Feiertag, K. N. Levitt, and L. Robinson (1977), "Proving multilevel security of a system design", ACM Symposium on Operating Systems Principles, P. 57 - 65, ACM Press New York, NY, USA
President's Information Technology Advisory Committee (2005), “Cyber Security: A Crisis of Prioritization”, Available online at: [link]
R. Simpson (1996) Security Threats are Usually an Inside Job, Nursing Management, 27(12): 43.
T. Rindfleisch (1997) Privacy, Information Technology and Health Care, Communications ACM, 40(8): 93-100.
T. Connolly, C. Begg, and A. Strachan (1998), "Database Systems: A Practical Approach to Design, Implementation, and Management", Addison Wesley Publishing, USA
Don E. Detmer (2003). "Building the national health information infrastructure or personal health, health care services, public health and research". BioMed Central Medical Informatics and Decision Making, 3(1):1.
Ross J. Anderson (1996). “A Security Policy Model for Clinical Information Systems,” in Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy, pp. 30–43, IEEE Computer Society Press, Los Alamitos, CA
D. E. Bell and L. J. LaPadula. Secure computer systems: Mathematical foundations and model. Technical Report MTR 2547 v2, MITRE Corporation, 1973.
D. D. Clark and D. R. Wilson. A comparison of commercial and military computer security policies. In IEEE Symposium on Security and Privacy, pages 184{194, Oakland, April 1987.
Kenneth D. Mandl, Peter Szolovits, and Isaac S. Kohane (2001) “Public standards and patients’ control: How to keep electronic medical records accessible but private,” British Med. J., vol. 322, pp. 283–287.
Roderick Neame (1997). Smart cards: the key to trustworthy health information systems. BMJ 1997;314:573–7.
Gérard Comyn (2006) “Connected Health: Quality and Safety for European Citizens”, Report of the Unit ICT for Health in collaboration with the i2010 sub-group on eHealth (formerly known as the eHealth working group) and the eHealth stakeholders’ group.
Khin T. Win (2005). "A review of security of electronic health records. Health Information Management"; 34(1): 13-8.
André dos Santos (2000), “Safe Areas of Computation (SAC) for secure computing,” PhD dissertation, University of California Santa Barbara, Online at [link].
Snyder, Andrew Morgan (2003) “Performance Measurement and Workflow Impact of Securing Medical Data Using HIPAACompliant Encryption in a .NET Environment,” Master’s thesis, University of Virginia, USA
DeFrances, Carol J. and Hall, Margaret J. (2007) "2005 National Hospital Discharge Survey", Advanced Data from Vital and Health Statistics #385, US Center for Disease Control and prevention (CDC), Division of Health Care Statistics, USA
Published
2008-07-12
How to Cite
XIMENES, Pablo; SANTOS, André dos; CELESTINO JR., Joaquim.
SecMD (Secure Medical Database). In: BRAZILIAN SYMPOSIUM ON COMPUTING APPLIED TO HEALTH (SBCAS), 8. , 2008, Belém/PA.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2008
.
p. 141-150.
ISSN 2763-8952.
