Security analysis of the German healthcare telematics

Proceedings of the 10th International Conference on Enterprise Information Systems (ICEIS 2008), 2008

Based on ISO 27001 for Information Security Management Systems, this paper introduces a newly developed security analysis approach, suitable for technical security analyses in general. This approach is used for a security analysis of several components and processes of the Health Care Telematics in Germany. Besides the results of the analysis, basics for further analysis and verification activities is given.

Proceedings of the 3rd International Conference on Health Informatics (HealthInf 2010), 2010

Developments in German healthcare telematics aim at connecting existing information systems of various service providers and health insurers via a common network. Such a linking of different systems and infrastructure elements creates a complex situation that has to deal with high priority requirements for data security, data safety, and data integrity as it concerns sensitive data such as personal medical information or administrative operational data. This paper provides a security analysis of the German healthcare telematics infrastructure under development and derives security measures to overcome the identified vulnerabilities. This analysis of open issues in the security concept of German healthcare telematics might be helpful for both future research and practice in healthcare information systems security.

roceedings of the International Conference on Health Informatics (HealthInf 2011), 2011

Germany is about to introduce a nation-wide healthcare telematics system, intending to connect existing information systems of all stakeholders. This could result in new threats to highly sensitive medical data. In this paper we shortly describe the security concept itself and point out a few possible problems at reaching the goals of information security.

2012

Germany is currently introducing a nation-wide health information infrastructure. This infrastructure connects existing information systems of various service providers and health insurances via a common network. An essential step towards the implementation of this system will be the introduction of an electronic health care smart card (eHC) for patients and a counterpart health professional card (HPC) for care providers. This article provides a risk analysis on the handling of these cards by both patients and physicians from an organizational point of view. On the basis of the information security audit methodology of the Federal Office for Information Security (BSI), the current security status of German healthcare telematics on the clinical side is evaluated. For this purpose, an appropriate framework specifically designed for the clinical area is first developed and explained in detail.Based on these perceptions it is possible to precisely check the workflows “patient admission”, “accessing emergency data” and “prescription of medicine” for inherent organizational threats. As a result, we pro-posed appropriate steps to mitigate potential risks and derived valuable hints for future process re-engineering by the introduction of the new smart cards in hospitals.

Proceedings of the 12th International Conference on Enterprise Information Systems (ICEIS 2010), 2010

This paper focuses on functional issues within the peripheral parts of the German health information infrastructure, which compromise security and patient’s information safety or might violate law. Our findings demonstrate that a misuse of existing functionality is possible. With examples and detailed use cases we show that the health infrastructure can be used for more than just ordinary electronic health care services. In order to investigate this evidence from the laboratory, we tested all attack scenarios in a typical German physician’s practice. Furthermore, security measures are provided to overcome the identified threats and questions regarding these issues are discussed.

Proceedings of the 11th International Conference on Enterprise Information Systems (ICEIS 2009), 2009

This paper describes a technical security analysis which is based on experiments done in a laboratory and verified in a physician’s practice. The health care telematics infrastructure in Germany stipulates every physician and every patient to automatically be given an electronic health smart card (for patients) and a corresponding health professional card (for health care providers). We analyzed these cards and the peripheral parts of the telematics infrastructure according to the ISO 27001 security standard. The introduced attack scenarios show that there are several security issues in the peripheral parts of the German health care telematics. Based on discovered vulnerabilities we provide corresponding security measures to overcome these open issues and derive conceivable consequences for the nation-wide introduction of electronic health card in Germany.

2012

Compilación de la propuesta de ruta de la Secretaria de Educación Pública para México, como respuesta a los Objetivos del Milenio. En 2011, se han seleccionado las metas por bloque de acuerdo a la edad de los estudiantes del Educación Primaria.