• International Journal of Computer Science & Network Security
• /
• v.22 no.6
• /
• pp.75-82
• /
• 2022

Medical data is one of the data that must be kept in safe containers, far from intrusion, viewing and modification. With the technological developments in hospital systems and the use of cloud computing, it has become necessary to save, encrypt and even hide data from the eyes of attackers. Medical data includes medical images, whether they are x-ray images of patients or others, or even documents that have been saved in the image format. In this review, we review the latest research and the latest tools and algorithms that are used to protect, encrypt and hide these images, and discuss the most important challenges facing these areas.

• Convergence Security Journal
• /
• v.9 no.2
• /
• pp.49-58
• /
• 2009

In medical Institution, Electronic Health Record (EHR) is "must access information" to medical staff considering it as medical information. However, this unnecessary exploration of personal information must be treated confidentially because the information is highly related to other's private concerns. It is necessary that medical workers should be also restricted to their access to EHR depending on their roles and duties. As the result, this article explains that "EHR access control will be executed by differentiating authorized medical staff from non medical-related staff as well as EHR access will be only permitted to authorized medical staff depending on their work status conditions. By using Advanced RBAC model on medical situation, we expect to minimize unnecessary leak of EHR information; especially, emergency medical care is needed, access control is highly required depending on a person in charge of the cases or not, and restricted medical information defined by the patient one-self is only allowed to be accessed.

• Convergence Security Journal
• /
• v.12 no.3
• /
• pp.107-113
• /
• 2012

Due to the development of communications technology, it is now possible to be offered online from remote places. This kind of communications technology can be applied to the medical field. The medical treatment appointments in hospitals can be its typical example. But still, in most of hospitals, patient or guardian have to physically visit or call to the hospital to set up an appointment for the medical treatment. In addition, they have to wait in line in order to pay after receiving the medical treatment. The patient or guardian, after paying, receive a paper prescription and they go to a nearby pharmacy to take the medicines. They must wait in line again there in order to receive the medicine from the pharmacy. In this paper, we would like to suggest a smart medical treatment system in order to solve the problems discussed above. With this proposed system, the user will be able to make an appointment, make payments and receive medication quickly and easily without spending extra time. Also, there will be no need for paper prescriptions with this system. We discuss about the security of medical information for this proposed smart medical treatment system proposed.

• The Journal of Information Systems
• /
• v.29 no.1
• /
• pp.93-111
• /
• 2020

Purpose The purpose of this paper is to observe the relative priorities of importances among the modified versions of Block chain system, being based on AHP decision support model which should be also proposed in this paper. Design/methodology/approach Four versions modified from the beginning of Block chain were divided into Public& Permissionless, Private&Permissionless, Public&Permissioned and Private&Permissioned types. Five criteria for evaluating the four versions whether the version were suitable for Medical information system were introduced from five factors of Technologies Accept Model, which were Security, Availability, Variety, Reliability and Economical efficiency. We designed Decision support model based on AHP which would select the best alternative version suitable for introducing the Block chain technology into the medical information systems. We established the objective of the AHP model into finding the best choice among the four modified versions. First low layer of the model contains the five factors which consisted of Security, Availability, Variety, Reliability and Economical efficiency. Second low layer of the model contains the four modified versions which consisted Public&Permissionless, Private&Permissionless, Public&Permissioned and Private& Permissioned types. The structural questionnaire based on the AHP decision support model was designed and used to survey experts of medical areas. The collected data by the question investigation was analyzed by AHP analysis technique. Findings The importance priority of Security was highest among five factors of Technologies Accept Mode in the first layer. The importance priority of Private&Permissioned type was highest among four modified versions of Block chain technologies in second low layer. The second importance priority was Private&Permissionless type. The strong point of Private&Permissioned type is to be able to protect personal information and have faster processing speeds. The advantage of Private& Permissionless type is to be also able to protect personal information as well as from forging and altering transaction data. We recognized that it should be necessary to develop new Block chain technologies that would enable to have faster processing speeds as well as from forging and altering transaction data.

• Korea Journal of Hospital Management
• /
• v.10 no.4
• /
• pp.98-112
• /
• 2005

The purpose of this study is to develop a framework for evaluating security levels in hospitals. We classify security indicators into administrative, technical and physical safeguards. The security evaluation model for hospital information systems was applied to three general hospitals. The analysis of the results showed a low security level in information systems. In particular, requirements for administrative and physical safeguards were very low. Hospitals need strict security policies more than other organizations because their information systems contain patients' highly confidential data. The evaluation model developed in this study can be used for guidelines and as a checklist for hospitals. The security evaluation in hospital informational systems needs to be an essential element of hospital evaluation.

• Journal of Digital Convergence
• /
• v.11 no.11
• /
• pp.747-751
• /
• 2013

Researches on U-Healthcare service integrating medical information and IT technologies are actively conducted. U-Healthcare service is the next generation's medical paradigm that ensures conveniences to many users so that the society recognizes the importance and attempts for commercialization through various business model are performed. To form such U-Healthcare service market safely, various policies on the social structure should be established through the standard and the medical law to systemize of the medical information led by the governmen. Especially, the government's security policy to ensure the safety for the government leading visualization of U-Healthcare should be firmly established. Firstly, this paper presents U-healthcare Service and policy guideline. Secondly, it analyzes security threatening factors for the safe U-Healthcare service. By classifying the analyzed security threatening factors based on three major elements of the security, Confidentiality, Integrity and Availability of security policy for each element is proposed.

• International Journal of Computer Science & Network Security
• /
• v.23 no.6
• /
• pp.155-161
• /
• 2023

In the process of remarkable progress in the medical and technical field and activating the role of technology in health care services and applications, and since the safety of medical data and its protection from security violations plays a major role in assessing the security of health facilities and the safety of medical servers Thus, it is necessary to know the cyber vulnerabilities in health information systems and other related services to prevent and address them in addition to obtaining the best solutions and practices to reach a high level of cybersecurity against attackers, especially due to the digital transformation of health care systems and the rest of the dealings. This research is about what cyberattacks are and the purpose of them, in addition to the methods of penetration. Then challenges, solutions and some of the security issues will be discussed in general, and a special highlight will be given to obtaining a safe infrastructure to enjoy safe systems in return.

• Review of KIISC
• /
• v.25 no.5
• /
• pp.81-89
• /
• 2015

현재 의료기관간의 의료정보 공유는, 상호 협의된 의료기관간 DICOM(Digital Imaging and Communication in Medicine) 및 HL7(Health Level 7)에서 제시한 표준 Protocol을 사용하거나 각 기관별 별도의 Protocol을 사용하고 있다.[1] 현재의 의료정보공유는 특정 의료기관들 끼리만 이루어지며, 해당 기관 간 전송구간 보안은 대부분 IPSec VPN을 적용하고 있다. 법적으로 요구되는 보안 요구사항을 만족하기 위해 사전 보안 제휴를 맺은 의료기관들만 의료정보를 공유하고 있기 때문인데, 이는 의료정보교류 범위를 제한하기 때문에 의료서비스의 발전을 보안이 저해하고 있다고 판단 할 수 있다. 본 논문은 의료정보공유 서비스와 의료정보 전송데이터 보호기술을 조사하여, 현재의 문제점을 확인 후 범국가적인 의료정보공유 서비스에 대한 전송데이터 보안 아키텍처의 수립을 지원하는데 그 목적이 있다.

• Korea Journal of Hospital Management
• /
• v.24 no.2
• /
• pp.56-66
• /
• 2019

PURPOSE: To demonstrate that the training of information protection for members at medical institutions increases the information protection activities of employees. METHODS: We used the chi-square test and the logistic regression model to analyze the data of the "Healthcare Information and Communication Status Survey in 2017" (n = 2002) conducted by the Korea Health Industry Development Institute RESULTS: As a result of the analysis, the information protection activity increased when the education was received and the number of received more than the education was not received. Especially, when the management receives education, it affects the information protection activities of the employees. CONCLUSION: In order to protect medical information, medical institutions need to provide education on information protection for management and employees.

• Journal of Advanced Navigation Technology
• /
• v.16 no.1
• /
• pp.103-108
• /
• 2012

The basic service model is to be process transmting patient health information from various medical devices to evacuation hospital through gateway collecting it in aerial emergency medicine environments. In this paper, we study on the most secure transmission scheme in case that personal patient informations are transmitted from medical devices to gateway. Moreover we compare and analyze existing methods on secure transmission and suggest an optimal alternative on the basis of international standard, ISO/IEEE 11073.