Data Privacy and Data Security in Telemedicine Applica5ons. Patrick Harpes it.lu

Transcription

1 Data Privacy and Data Security in Telemedicine Applica5ons Patrick Harpes it.lu

2 Agenda Right to privacy security Data security measures Risks using telemedicine of a telemedicine system Risks pa@ent side Risks communica@on channel Risks monitoring center Ques@ons

3 Right to privacy Personal is more that Name, first name, social security number.. It includes Medical diagnoses, shopping habits, work history, credit score, etc The right to privacy refers to having control over this personal It is the ability to limit who has this how this is kept and what can be done with it.

4 Data security Data security means and systems from unauthorized access and use unauthorized disclosure unauthorized or data loss Data security is to guaranty privacy rights.

5 Measures for data security Data loss Backup, security copies Decentralized data storage Secure data centers Physical access power supply against fire, flood and storm against terror aoacks Backup data center Access and from internal employees Backup Coaching of the employees Efficient access roles

6 Measures for data security disclosure and use of data provoked by external people Establish efficient security systems Firewalls Intrusion systems Infrastructure monitoring Up to date Virus scanner and SPAM Filters Data Efficient key management measures Password management Log file check Secure access to physical resources (Data center, servers, backup tapes) Coaching of employees Raise safety awareness

7 Risks using telemedicine of a telemedicine system Risks pa@ent side Risks communica@on channel Risks datacenter Risks monitoring center Risks physician side

8 of a telemedicine system Communica@on Channel Pa@ent at home Internet PSTN GPRS/UMTS SMS Datacenter Physician Monitoring center

9 Risks side Risk Wrong of the devices Devices to complicate for elderly and disabled measurement devices Complicated menu driven handling User interface not adapted to the target group Display to small BuOons to small Small touch screen Wrong Intended Accidently Measure Coaching of the Devices with minimum of user input One device that integrates all measurements and data transfer Device with big buoons and large display Speech driven user guidance Unambiguous Fingerprint Electronic key coaching

10 Risks side Risk Hacker Problem of Virus Mobile phone and PDA virus coming up Windows Third party so^ware System Measure from outside Integrated Firewall Password management Security patches Intrusion Systems Virus scanner No access to the OS Remove all so^ware not necessary for telemedicine No possibility for the user to install so^ware No possibility for the user to change

11 Demo Monitor it HOME Device Integrated device to measure ECG Curve SPO2 Curve Pulse NIBP Heart Rate Weight Data transfer UMTS/GPRS (integrated) Prototype

12 Risks channel Risk Man in the middle aoack data of data SMS problem Measure Key using an official Authority

13 Risks datacenter Risk Data loss/ data unavailable Server failure Power failure Hacker Wrong Physical unauthorized access Fire, water, terror aoack Infrastructure failure Broken network Power Cooling Measure Backup decentralized Security systems Firewall, IDS, monitoring, etc. Coaching Restricted and managed access rights Hide address of data center fire Backup center Redundant power lines Redundant network lines Redundant cooling system Disaster recovery master plan

14 Risks monitoring center Risk Wrong Passwords Access Virus, SPAM 3 rd party so^ware Measure Coaching Password management Raise safety awareness Actual virus scanner Clear security policies for employees

15