Varovanje osebnih podatkov v telemedicinskih storitvah

Rok Bernik; Marija Petek Šter

doi:10.6016/ZdravVestn.3131

Authors

Rok Bernik Faculty of Medicine, University of Ljubljana, Ljubljana, Slovenia
Marija Petek Šter Department of Family Medicine, Faculty of Medicine, University of Ljubljana, Ljubljana, Slovenia https://orcid.org/0000-0003-1736-2377

DOI:

https://doi.org/10.6016/ZdravVestn.3131

Keywords:

data compromising, videoconferencing, electronic mail, remote monitoring, security measures

Abstract

Telemedicine is a rapidly evolving field that presents an effective way of providing healthcare services. As its use, likewise everyday clinical practice, involves handling of sensitive personal data, it is necessary to be aware of the dangers posed by cybercrime and ways of protection against such attacks. The field of personal data protection is well defined in the Slovenian and European legislation, but there are some unresolved issues in the telemedicine field. Telemedicine services are divided into synchronous (real-time, e.g. videoconferencing), asynchronous (with a delay in communication, e.g. e-mail) and remote monitoring of patient health parameters (arterial pressure, blood sugar, etc.). Each of these areas has its own security features and peculiarities. The protection of personal data in telemedicine services must be ensured at the systemic and individual levels. Every healthcare employee who uses telemedicine services must ensure data security at their work. It is especially important to conduct regular training on the topic of information security. A relatively large number of telemedicine projects have already been implemented in Slovenia, some of which have been put into regular use. One of the most extensive healthcare projects in Slovenia is the eHealth project, which also includes some telemedicine services (TeleKap, Teleradiologija, ePosvet).

Downloads

Download data is not yet available.

References

1. Russell D, Boisvert S, Borg DJ, Burke ME, McCord D, Heathcote S, et al. Telemedicine Risk Management Considerations. Chicago (IL): American Society for Health Care Risk Management; 2018. [cited 2020 Jun 3]. Available from: <a href="https://www.ashrm.org/sites/default/files/ashrm/TELEMEDICINE-WHITE-PAPER.pdf">https://www.ashrm.org/sites/default/files/ashrm/TELEMEDICINE-WHITE-PAPER.pdf</a>.
2. American Telemedicine Association. Telemedicine, Telehealth, and Health Information Technology. Geneva: World health organization; 2006 [cited 2020 Jun 8]. Available from: <a href="https://www.who.int/goe/policies/countries/usa_support_tele.pdf?ua=1">https://www.who.int/goe/policies/countries/usa_support_tele.pdf?ua=1</a>.
3. Baloh T. Veliko podatkovje in zasebnost v medicini: (magistrsko diplomsko delo). Ljubljana: Pravna fakulteta; 2018.
4. Das S, Mukhopadhyay A. Security and Privacy Challenges in Telemedicine. CSI Commun. 2011;35:20-2.
5. Prelesnik M. Letno poročilo informacijskega pooblaščenca za leto 2019. Ljubljana: Informacijski pooblaščenec Republike Slovenije; 2019 [cited 2020 Aug 26]. Available from: <a href="https://www.ip-rs.si/fileadmin/user_upload/Pdf/porocila/LetnoPorocilo2019.pdf/">https://www.ip-rs.si/fileadmin/user_upload/Pdf/porocila/LetnoPorocilo2019.pdf/</a>.
6. Prelesnik M. Letno poročilo informacijskega pooblaščenca za leto 2016. Ljubljana: Informacijski pooblaščenec Republike Slovenije; 2016 [cited 2020 Aug 26]. Available from: <a href="https://www.ip-rs.si/fileadmin/user_upload/Pdf/porocila/Letno_porocilo_2016_web.pdf">https://www.ip-rs.si/fileadmin/user_upload/Pdf/porocila/Letno_porocilo_2016_web.pdf</a>.
7. Sporočilo Komisije Evropskemu parlamentu, Svetu, Evropskemu ekonomsko-socialnemu odboru in Odboru regij o koristih telemedicine za paciente, zdravstvene sisteme in družbo. Brussels: EUR-Lex; 2008 [cited 2020 May 15]. Available from: <a href="https://eur-lex.europa.eu/legal-content/sl/ALL/?uri=CELEX:52008DC0689">https://eur-lex.europa.eu/legal-content/sl/ALL/?uri=CELEX:52008DC0689</a>.
8. Direktiva (EU) 2015/1535 Evropskega parlamenta in Sveta z dne 9. septembra 2015 o določitvi postopka za zbiranje informacij na področju tehničnih predpisov in pravil za storitve informacijske družbe. Brussels: EUR-Lex; 2008 [cited 2020 May 15]. Available from: <a href="https://eur-lex.europa.eu/legal-content/SL/TXT/?uri=CELEX%3A32015L1535">https://eur-lex.europa.eu/legal-content/SL/TXT/?uri=CELEX%3A32015L1535</a>.
9. Zakon o spremembah in dopolnitvah Zakona o zdravstveni dejavnosti. UL RS. 2017(64).
10. Nacionalni odzivni center za kibernetsko varnost. Ljubljana: Si-cert; 2017 [cited 2020 May 15]. Available from: <a href="https://www.cert.si/">https://www.cert.si/</a>.
11. Lihtenvalner J, Flerin U, Dinevski D. Varnost osebnih podatkov v (tele)medicini. Infor Med Slov. 2014;19(1-2):29-43.
12. Zakon o varstvu osebnih podatkov. UL RS. 2004(94).
13. Ilovar E. Vpliv razvoja tehnologije na zdravstveni sistem v Sloveniji: (Magistrsko delo). Ljubljana: Pravna fakulteta; 2018.
14. Kersnik J, Tušek-Bunc K. Zdravnik kot lastnik in posrednik zdravstvene dokumentacije. Med Razgl. 2007;47(1):155-62.
15. Zakon o informacijski varnosti. UL RS. 2018(30).
16. Pesante L. Introduction to Information Security. Pittsburgh: Carnegie Mellon University; 2008. Available from: <a href="https://us-cert.cisa.gov/sites/default/files/publications/infosecuritybasics.pdf">https://us-cert.cisa.gov/sites/default/files/publications/infosecuritybasics.pdf</a>.
17. Hudomalj E. Varnost informacij. Lecture presented at: Uvod v medicino - informatika. Ljubljana: Medicinska fakulteta; 2019 [cited 2020 May 15]. Available from: <a href="https://pouk.mf.uni-lj.si/mod/resource/view.php?id=19">https://pouk.mf.uni-lj.si/mod/resource/view.php?id=19</a>.
18. Zain J, Clarke M. Security in Telemedicine: Issues in Watermarking Medical Images. SETIT 2005: 3rd international conference: Sciences of Electronics, Technologies of Information and Telecommunications; 2005 March 27-32; Tunisia. New Jersey: IEEE; 2005 [cited 2020 May 21]. Available from: <a href="https://www.researchgate.net/publication/228576599_Security_in_Telemedicine_Issues_in_Watermarking_Medical_Images">https://www.researchgate.net/publication/228576599_Security_in_Telemedicine_Issues_in_Watermarking_Medical_Images</a>.
19. Potokar M. Telemedicina z vidika varstva osebnih podatkov. In: Štrancar Fatur K, Golob P, eds. Telemedicina – Izzivi v urgenci in na čezmejnem območju; 2014 Jun 20. Portorož, Slovenija. Izola: Splošna bolnišnica Izola, projekt InergAid; 2014. pp. 44-52.
20. Smith Y. Types of Telemedicine. S.l.: News Medical Life Sciences; 2005 [cited 2020 May 26]. Available from: <a href="https://www.news-medical.net/health/Types-of-Telemedicine.aspx">https://www.news-medical.net/health/Types-of-Telemedicine.aspx</a>.
21. Schlachta-Fairchild L, Rocca M, Elfrink Cordi V, Haught A, Castelli D, MacMahon K, et al. Telehealth and Applications for Delivering Care at a Distance. In: Nelson R, Staggers N, eds. Health Informatics - E-Book: An Interprofessional Approach. St. Louis: Elsevier Health Sciences; 2014. pp. 125-46.
22. Wainstein L. Cloud-Based Telehealth Defined: Advantages, Applications, and Security. Arizona: University of Arizona Health Sciences; 2018 [cited 2020 May 27]. Available from: <a href="https://telemedicine.arizona.edu/blog/cloud-based-telehealth-defined-advantages-applications-and-security">https://telemedicine.arizona.edu/blog/cloud-based-telehealth-defined-advantages-applications-and-security</a>.
23. Royal Australian College of General Practitioners. Using email in general pracice. Melbourn: RACGP; 2020 [cited 2020 May 27]. Available from: <a href="https://www.racgp.org.au/FSDEDEV/media/documents/Running%20a%20practice/Security/Using-email-in-general-practice-fact-sheet.pdf">https://www.racgp.org.au/FSDEDEV/media/documents/Running%20a%20practice/Security/Using-email-in-general-practice-fact-sheet.pdf</a>.
24. SecurityMetrics Inc. Sending HIPAA Compliant Emails 101. Orem (UT): SM Inc; 2019 [cited 2020 Jun 3]. Available from: <a href="https://www.securitymetrics.com/static/resources/orange/HIPAA_Compliant_Emails_White_Paper.pdf">https://www.securitymetrics.com/static/resources/orange/HIPAA_Compliant_Emails_White_Paper.pdf</a>.
25. Kreindler DM. Email security in clinical practice: ensuring patient confidentiality. Open Med. 2008;2(2):e54-9. PMID: <a href="https://pubmed.ncbi.nlm.nih.gov/21602943">21602943</a>
26. Li Y. Thinking of Emailing Medical Records? Thing Again. S.l.: Electronic health reporter; 2019 [cited 2020 Jun 3]. Available from: <a href="https://electronichealthreporter.com/thinking-of-emailing-medical-records-think-again/">https://electronichealthreporter.com/thinking-of-emailing-medical-records-think-again/</a>.
27. Hadeed GJ, Holcomb M, Latifi R. Communication Technologies: An Overview of Telemedicine Connectivity. In: Latifi R, ed. Telemedicine for Trauma, Emergencies, and Disaster Management. Norwood (MA): Artech House; 2011. pp. 37-50.
28. Trend Micro Incorporated. How to Secure Video Conferencing Apps. Irving: TMI; 2020 [cited 2020 May 24]. Available from: <a href="https://www.trendmicro.com/vinfo/us/security/news/security-technology/how-to-secure-video-conferencing-apps">https://www.trendmicro.com/vinfo/us/security/news/security-technology/how-to-secure-video-conferencing-apps</a>.
29. Winder D. Zoom Gets Stuffed: Here’s How Hackers Got Hold Of 500,000 Passwords. Jersey City (NY): Forbes; 2020 [cited 2020 May 24]. Available from: <a href="https://www.forbes.com/sites/daveywinder/2020/04/28/zoom-gets-stuffed-heres-how-hackers-got-hold-of-500000-passwords/#7938b2165cdc">https://www.forbes.com/sites/daveywinder/2020/04/28/zoom-gets-stuffed-heres-how-hackers-got-hold-of-500000-passwords/#7938b2165cdc</a>.
30. Bode K. Zoom Is Full of Security Flaws — But You Can Protect Yourself. San Francisco (CA): Medium; 2020 [cited 2020 May 26]. Available from: <a href="https://onezero.medium.com/zoom-is-full-of-security-flaws-but-you-can-protect-yourself-f153f078ecbf">https://onezero.medium.com/zoom-is-full-of-security-flaws-but-you-can-protect-yourself-f153f078ecbf</a>.
31. National Security Agency (US). Selecting and Safely Using Collaboration Services for Telework. Fort Meade (MD): NSA (US); 2020 [cited 2020 May 26]. Available from: <a href="https://www.nsa.gov/News-Features/News-Stories/Article-View/Article/2163484/working-from-home-select-and-use-collaboration-services-more-securely/">https://www.nsa.gov/News-Features/News-Stories/Article-View/Article/2163484/working-from-home-select-and-use-collaboration-services-more-securely/</a>.
32. Cimpanu C. NSA security guide: How to choose safe conferencing and collaboration tools. San Francisco (CA): CBS Interactive; 2020 [cited 2020 May 26]. Available from: <a href="https://www.zdnet.com/article/heres-the-nsas-guide-for-choosing-a-safe-text-chat-and-video-conferencing-service/">https://www.zdnet.com/article/heres-the-nsas-guide-for-choosing-a-safe-text-chat-and-video-conferencing-service/</a>.
33. Partala J, Keranen N, Sarestoniemi M, Hamalainen M, Iinatti J, Jamsa T, et al. Security threats against the transmission chain of a medical health monitoring system. In: 2013 IEEE 15th International Conference on e-Health Networking, Applications and Services; 2013 Oct 9-12. Lisbon, Portugal. S.l.: Institute of Electrical and Electronics Engineers; 2013 [cited 2020 May 26]. Available from: <a href="https://ieeexplore.ieee.org/document/6720675?arnumber=6720675&tag=1">https://ieeexplore.ieee.org/document/6720675?arnumber=6720675&tag=1</a>. DOI: <a href="https://doi.org/10.1109/HealthCom.2013.6720675">10.1109/HealthCom.2013.6720675</a>
34. Ondiege B, Clarke M, Mapp G. Exploring a New Security Framework for Remote Patient Monitoring Devices. Computers. 2017;6(1):11. DOI: <a href="https://doi.org/10.3390/computers6010011">10.3390/computers6010011</a>
35. Evropski ekonomsko-socialni odbor. Mnenje Evropskega ekonomsko-socialnega odbora o Sporočilu Komisije Evropskemu parlamentu, Svetu, Evropskemu ekonomsko-socialnemu odboru in Odboru regij o koristih telemedicine za paciente, zdravstvene sisteme in družbo (COM(2008) 689 konč.). Brussels: EUR-Lex; 2020 [cited 2020 May 22]. Available from: <a href="https://eur-lex.europa.eu/legal-content/SL/TXT/?uri=CELEX%3A52009AE1197">https://eur-lex.europa.eu/legal-content/SL/TXT/?uri=CELEX%3A52009AE1197</a>.
36. Miliard M. Telehealth privacy and security: Investment and education are key, attorney says. Portland (OR): Healthcare IT News; 2020 [cited 2020 May 25]. Available from: <a href="https://www.healthcareitnews.com/news/telehealth-privacy-and-security-investment-and-education-are-key-attorney-say">/news/telehealth-privacy-and-security-investment-and-education-are-key-attorney-say</a>.
37. SUVI. Ljubljana: Ministrstvo za zdravje; 2019 [cited 2020 Aug 28]. Available from: <a href="http://www.ezdrav.si/category/projekti/suvi/">http://www.ezdrav.si/category/projekti/suvi/</a>.
38. zNET. Ljubljana: Ministrstvo za zdravje; 2019 [cited 2020 Aug 28]. Available from: <a href="http://www.ezdrav.si/category/projekti/znet/">http://www.ezdrav.si/category/projekti/znet/</a>.
39. Pravilnik o pogojih, rokih, načinu vključitve in uporabe eZdravja za obvezne uporabnike. UL RS. 2015(69).
40. Drnovšek S, Bucaj Ž, Šinkovec M, Ladinik J, Černe M, Breznik K, et al. Študija izvedljivosti projekta eZdravje – predinvesticijska zasnova in investicijski program s študijo izvedbe: Definicije podprojektov. Ljubljana: Ministrstvo za zdravje; 2019 [cited 2020 Aug 29]. Available from: <a href="http://mz.arhiv-spletisc.gov.si/fileadmin/mz.gov.si/pageuploads/eZdravje/predstavitev/studija/definicija_projektov.pdf">http://mz.arhiv-spletisc.gov.si/fileadmin/mz.gov.si/pageuploads/eZdravje/predstavitev/studija/definicija_projektov.pdf</a>.
41. Žele M. Predstavitev varnostnih politik [PowerPoint slides]. Lecture presented at: Informativni dan informacijske varnosti; Jun 2010. Ljubljana: Medicinska fakulteta; 2010 [cited 2020 Aug 29]. Available from: <a href="http://mz.arhiv‑spletisc.gov.si/fileadmin/mz.gov.si/pageuploads/eZdravje/predstavitev/Predstavitev_politik.pdf">http://mz.arhiv‑spletisc.gov.si/fileadmin/mz.gov.si/pageuploads/eZdravje/predstavitev/Predstavitev_politik.pdf</a>.
42. Keown A. Cyberattacks on Health Care Groups Increase During COVID-19 Pandemic. Urbandale: Biospace; c1985-2020 [cited 2020 Jun 22]. Available from: <a href="https://www.biospace.com/article/pandemic-creates-opportunities-for-cyberattacks-on-healthcare-groups-report-shows/">https://www.biospace.com/article/pandemic-creates-opportunities-for-cyberattacks-on-healthcare-groups-report-shows/</a>.
43. European Union Agency for Cybersecurity. Cybersecurity in the healthcare sector during COVID-19 pandemic. Athens: The Agency; c2005-2020 [cited 2020 Jun 22]. Available from: <a href="https://www.enisa.europa.eu/news/enisa-news/cybersecurity-in-the-healthcare-sector-during-covid-19-pandemic">https://www.enisa.europa.eu/news/enisa-news/cybersecurity-in-the-healthcare-sector-during-covid-19-pandemic</a>.

Personal data security in telemedicine services

Authors

DOI:

Keywords:

Abstract

Downloads

References

Downloads

Published

Issue

Section

License

How to Cite

Most read articles by the same author(s)

Language

cc_license

90letzv

Information

Keywords