Confidentiality of Electronic Health Data: Methods for Protecting Personally Identifiable Information. Access CONTROL/ Authentication

07/03/1996

Birkegaard N. User authorization in distributed hospital information systems. In: Commission of the European Communities DG XIII/F AIM. Data protection and confidentiality in health informatics: handling health data in Europe in the future. Washington: IOS Press; 1991. p. 285-95. (Studies in health technology and informatics; vol. 1).

Biskup J. Protection of privacy and confidentiality in medical information systems: problems and guidelines. In: Spooner DL, Landwehr C, editors. Database Security, 3: Status and Prospects. Results of the IFIP WG 11.3 workshop; 1989 Sep 5-7; Monterey, CA.

Amsterdam: North-Holland; 1990. p. 13-23.

Biskup J, Eckert C. [Secure delegation in information systems]. In: Weck G, Horster P, editors. Proceedings of VIS '93; 1993 May 11-13; Munich, Germany. Wiesbaden: Vieweg; 1993. p. 107-33. (Ger).

Bobis KG. Implementing right to know security in the computer-based patient record. In: Proceedings of the IEEE 13th Annual International Phoenix Conference on Computers and Communications; 1994 Apr 12-15; Phoenix, AZ. Piscataway (NJ): IEEE; 1994. p. 156-60.

Brannigan VM. A framework for Need to Know authorizations in medical computer systems: responding to the constitutional requirements. Proc Annu Symp Comput Appl Med Care 1994;18:392-6.

Dargahi R, Classen DW, Bobroff RB, Petermann CA, Moreau DR, Beck JR, Buffone GJ. The development of a data security model for the Collaborative Social and Medical Services System. Proc Annu Symp Comput Appl Med Care 1994;18:349-53.

Decoster C. [Data protection within the Ministry of Public Health and in the hospitals]. Acta Hosp 1994;34(1):87- 91. (Dut).

Eichenwald S. Information technologies. Physician- hospital networks. J AHIMA 1992 Mar;63(3):50-1.

Gritzalis D, Katsikas S, Keklikoglou J, Tomaras A. Data security in medical information systems: technical aspects of a proposed legislation. Med Inf (Lond) 1991 Oct-Dec;16(4):371-83.

Henkind SJ, Orlowski JM, Skarulis PC. Application of a multilevel access model in the development of a security infrastructure for a clinical information system. Proc Annu Symp Comput Appl Med Care 1993;17:64-8.

High-tech privacy issues in health care: Hearings Before the Subcomm. on Technology and the Law of the Senate Comm. on the Judiciary, 103d Congress, 1st and 2d Sess. (October 27, 1993, and January 27, 1994). Washington: U.S. Government Printing Office; 1994. 137 p. Available from: US GPO, Washington; Y 4.J 89/1; Y 4.J 89/22:S.HRG.103-836.

Kohler CO. [Medical documentation in the 'new health care system']. Nachr Dok 1994 May-Jun;45(3):135-42. (Ger).

Lonquet P, Barthier S, Leport C, Bompis B, Guilloy Y, Vlide JL. Assessement of a written procedure to improve the protection of confidentiality for hospitalized patients. Int Conf AIDS 1991 Jun 16-21;7(1):424. Abstract no. M.D.4138.

Morris P, McDermid J. The structure of permissions: a normative framework for access rights. In: Database Security, 5: Status and Prospects. Results of the IFIP WG 11.3 workshop; 1991 Nov 4-7; Shepherdstown, WV. [Amsterdam?: North Holland?]; 1992. p. 77-97. (IFIP transactions A (computer science and technology); vol.A- 6).

Murphy G, Anderson EM. An organizational model for data access and management--work in progress. J AHIMA 1994 Aug;65(8):50-2, 54.

National Institute of Standards and Technology (US), Computer Systems Laboratory. Automated password generator (APG). Gaithersburg (MD): The Institute; 1993 Oct. (Federal information processing standards; FIPS PUB 181). Available from: NTIS, Springfield, VA.

National Institute of Standards and Technology (US), Computer Systems Laboratory. Guideline for the use of advanced authentication technology alternatives. Gaithersburg (MD): The Institute; 1994 Sep. (Federal information processing standards; FIPS PUB 190). Available from: NTIS, Springfield, VA.

National Institute of Standards and Technology (US), Computer Systems Laboratory. Standard on password usage. Gaithersburg (MD): The Institute; 1985 May. (Federal information processing standards; FIPS PUB 112). Available from: NTIS, Springfield, VA.

Notargiacomo LA, Graubart RD, Jajodia S, Landwehr CE. Health delivery: the problem solved? In: Database Security, 4. Status and Prospects. Results of the IFIP WG 11.3 workshop; 1990 Sep 18-21; Halifax, UK. Amsterdam: North-Holland; 1991. p. 13-26.

Orr GA, Brantley BA Jr. Development of a model of information security requirements for enterprise-wide medical information systems. Proc Annu Symp Comput Appl Med Care 1992;16:287-91.

Pangalos G, Khair M, Bozios L. Enhancing medical database security. J Med Syst 1994 Aug;18(4):159-71.

Pangalos GJ. Medical database security policies. Methods Inf Med 1993 Nov;32(5):349-56; discussion 357.

Peterson HE. Management and staff issues in data protection. In: Commission of the European Communities DG XIII/F AIM. Data protection and confidentiality in health informatics: handling health data in Europe in the future. Washington: IOS Press; 1991. p. 315-23. (Studies in health technology and informatics; vol. 1).

Pinkert JR. Contemporary issues in HIM. Kerberos--security for sensitive data. J AHIMA 1994 Jun;65(6):22-4, 26-8.

Quisquater JJ, Bouckaert A. Zero-knowledge procedures for confidential access to medical records. In: Quisquater JJ, Vandewalle J, editors. Advances in cryptology - EUROCRYPT '89. Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques; 1989 Apr 10-13; Houthalen, Belgium. Berlin: Springer-Verlag; 1990. p. 662-4.

Rihaczek K. Data protection in networks. In: Commission of the European Communities DG XIII/F AIM. Data protection and confidentiality in health informatics: handling health data in Europe in the future. Washington: IOS Press; 1991. p. 249-70. (Studies in health technology and informatics; vol. 1).

Riley WD. Safe as a bank. LAN Technol 1992 May;8(5):29-31.

Safran C, Rind D, Citroen M, Bakker AR, Slack WV, Bleich HL. Protection of confidentiality in the computer- based patient record. MD Comput 1995 May-Jun;12(3):187-92.

Sandhu RS, Coyne EJ, Feinstein HL, Youman CE. Role-based access control models. Computer 1996 Feb;29(2):38-47.

Shimaoka A. Security evaluation for the information system of Oita Medical University Hospital [abstract]. Annu Meet Int Soc Technol Assess Health Care 1994;10:Abstract no. 131.

Wear LL, Pinkert JR. Computer security. J AHIMA 1993 Sep;64(9):30-2, 34, 36-7.

Yamamoto K, Ishikawa K, Miyaji M, Nakamura Y, Nishi S, Sasaki T, Tsuji K, Watanabe R. Necessity to improve common understanding about the security issues among hospitals in Japan and some feasible approaches. Int J Biomed Comput 1994 Feb;35 Suppl:205-12.