Varovanje osebnih podatkov v telemedicinskih storitvah

Rok Bernik; Marija Petek Šter

doi:10.6016/ZdravVestn.3131

Avtorji

Rok Bernik Medicinska fakulteta, Univerza v Ljubljani, Ljubljana, Slovenija
Marija Petek Šter Katedra za družinsko medicino, Medicinska fakulteta, Univerza v Ljubljani, Ljubljana, Slovenija https://orcid.org/0000-0003-1736-2377

DOI:

https://doi.org/10.6016/ZdravVestn.3131

Ključne besede:

informacijske nevarnosti, videokonferenca, elektronska pošta, spremljanje na daljavo, varnostni ukrepi

Povzetek

Telemedicina je hitro razvijajoče se področje, ki na učinkovit način zagotavlja zdravstvene storitve. Ker se pri telemedicini, tako kot v vsakdanji običajni klinični praksi, rokuje z občutljivimi osebnimi podatki, se je treba zavedati nevarnosti spletnega kriminala ter spoznati načine za zaščito pred takimi napadi. Področje varovanja osebnih podatkov je slovenski in evropski pravni prostor dobro opredelil, obstajajo pa odprta še nekatera nerazrešena vprašanja na področju telemedicine. Telemedicinske storitve delimo na sinhrone (v realnem času, npr. videokonference) in asinhrone (z zaostankom v komunikaciji, npr. spletna pošta) ter na spremljanje parametrov zdravja na daljavo (spremljanje arterijskega tlaka, krvnega sladkorja ipd.). Vsako od teh področij ima svoje varnostne značilnosti in posebnosti. Varovanje osebnih podatkov je pri telemedicinskih storitvah potrebno zagotoviti na sistemski in individualni ravni. Vsak zaposleni v zdravstvu, ki izvaja storitve na področju telemedicine, mora pri svojem delu skrbeti za varnost podatkov. Posebej pomembno se je redno izobraževati na temo informacijske varnosti. Tudi v Sloveniji se izvaja že sorazmerno veliko telemedicinskih projektov, med katerimi jih je nekaj tudi prešlo v redno uporabo. Eden najobsežnejših zdravstvenih projektov pri nas je projekt eZdravje, ki med drugim vključuje tudi nekatere telemedicinske storitve (TeleKap, Teleradiologija, ePosvet).

Prenosi

Podatki o prenosih še niso na voljo.

Literatura

1. Russell D, Boisvert S, Borg DJ, Burke ME, McCord D, Heathcote S, et al. Telemedicine Risk Management Considerations. Chicago (IL): American Society for Health Care Risk Management; 2018. [cited 2020 Jun 3]. Available from: <a href="https://www.ashrm.org/sites/default/files/ashrm/TELEMEDICINE-WHITE-PAPER.pdf">https://www.ashrm.org/sites/default/files/ashrm/TELEMEDICINE-WHITE-PAPER.pdf</a>.
2. American Telemedicine Association. Telemedicine, Telehealth, and Health Information Technology. Geneva: World health organization; 2006 [cited 2020 Jun 8]. Available from: <a href="https://www.who.int/goe/policies/countries/usa_support_tele.pdf?ua=1">https://www.who.int/goe/policies/countries/usa_support_tele.pdf?ua=1</a>.
3. Baloh T. Veliko podatkovje in zasebnost v medicini: (magistrsko diplomsko delo). Ljubljana: Pravna fakulteta; 2018.
4. Das S, Mukhopadhyay A. Security and Privacy Challenges in Telemedicine. CSI Commun. 2011;35:20-2.
5. Prelesnik M. Letno poročilo informacijskega pooblaščenca za leto 2019. Ljubljana: Informacijski pooblaščenec Republike Slovenije; 2019 [cited 2020 Aug 26]. Available from: <a href="https://www.ip-rs.si/fileadmin/user_upload/Pdf/porocila/LetnoPorocilo2019.pdf/">https://www.ip-rs.si/fileadmin/user_upload/Pdf/porocila/LetnoPorocilo2019.pdf/</a>.
6. Prelesnik M. Letno poročilo informacijskega pooblaščenca za leto 2016. Ljubljana: Informacijski pooblaščenec Republike Slovenije; 2016 [cited 2020 Aug 26]. Available from: <a href="https://www.ip-rs.si/fileadmin/user_upload/Pdf/porocila/Letno_porocilo_2016_web.pdf">https://www.ip-rs.si/fileadmin/user_upload/Pdf/porocila/Letno_porocilo_2016_web.pdf</a>.
7. Sporočilo Komisije Evropskemu parlamentu, Svetu, Evropskemu ekonomsko-socialnemu odboru in Odboru regij o koristih telemedicine za paciente, zdravstvene sisteme in družbo. Brussels: EUR-Lex; 2008 [cited 2020 May 15]. Available from: <a href="https://eur-lex.europa.eu/legal-content/sl/ALL/?uri=CELEX:52008DC0689">https://eur-lex.europa.eu/legal-content/sl/ALL/?uri=CELEX:52008DC0689</a>.
8. Direktiva (EU) 2015/1535 Evropskega parlamenta in Sveta z dne 9. septembra 2015 o določitvi postopka za zbiranje informacij na področju tehničnih predpisov in pravil za storitve informacijske družbe. Brussels: EUR-Lex; 2008 [cited 2020 May 15]. Available from: <a href="https://eur-lex.europa.eu/legal-content/SL/TXT/?uri=CELEX%3A32015L1535">https://eur-lex.europa.eu/legal-content/SL/TXT/?uri=CELEX%3A32015L1535</a>.
9. Zakon o spremembah in dopolnitvah Zakona o zdravstveni dejavnosti. UL RS. 2017(64).
10. Nacionalni odzivni center za kibernetsko varnost. Ljubljana: Si-cert; 2017 [cited 2020 May 15]. Available from: <a href="https://www.cert.si/">https://www.cert.si/</a>.
11. Lihtenvalner J, Flerin U, Dinevski D. Varnost osebnih podatkov v (tele)medicini. Infor Med Slov. 2014;19(1-2):29-43.
12. Zakon o varstvu osebnih podatkov. UL RS. 2004(94).
13. Ilovar E. Vpliv razvoja tehnologije na zdravstveni sistem v Sloveniji: (Magistrsko delo). Ljubljana: Pravna fakulteta; 2018.
14. Kersnik J, Tušek-Bunc K. Zdravnik kot lastnik in posrednik zdravstvene dokumentacije. Med Razgl. 2007;47(1):155-62.
15. Zakon o informacijski varnosti. UL RS. 2018(30).
16. Pesante L. Introduction to Information Security. Pittsburgh: Carnegie Mellon University; 2008. Available from: <a href="https://us-cert.cisa.gov/sites/default/files/publications/infosecuritybasics.pdf">https://us-cert.cisa.gov/sites/default/files/publications/infosecuritybasics.pdf</a>.
17. Hudomalj E. Varnost informacij. Lecture presented at: Uvod v medicino - informatika. Ljubljana: Medicinska fakulteta; 2019 [cited 2020 May 15]. Available from: <a href="https://pouk.mf.uni-lj.si/mod/resource/view.php?id=19">https://pouk.mf.uni-lj.si/mod/resource/view.php?id=19</a>.
18. Zain J, Clarke M. Security in Telemedicine: Issues in Watermarking Medical Images. SETIT 2005: 3rd international conference: Sciences of Electronics, Technologies of Information and Telecommunications; 2005 March 27-32; Tunisia. New Jersey: IEEE; 2005 [cited 2020 May 21]. Available from: <a href="https://www.researchgate.net/publication/228576599_Security_in_Telemedicine_Issues_in_Watermarking_Medical_Images">https://www.researchgate.net/publication/228576599_Security_in_Telemedicine_Issues_in_Watermarking_Medical_Images</a>.
19. Potokar M. Telemedicina z vidika varstva osebnih podatkov. In: Štrancar Fatur K, Golob P, eds. Telemedicina – Izzivi v urgenci in na čezmejnem območju; 2014 Jun 20. Portorož, Slovenija. Izola: Splošna bolnišnica Izola, projekt InergAid; 2014. pp. 44-52.
20. Smith Y. Types of Telemedicine. S.l.: News Medical Life Sciences; 2005 [cited 2020 May 26]. Available from: <a href="https://www.news-medical.net/health/Types-of-Telemedicine.aspx">https://www.news-medical.net/health/Types-of-Telemedicine.aspx</a>.
21. Schlachta-Fairchild L, Rocca M, Elfrink Cordi V, Haught A, Castelli D, MacMahon K, et al. Telehealth and Applications for Delivering Care at a Distance. In: Nelson R, Staggers N, eds. Health Informatics - E-Book: An Interprofessional Approach. St. Louis: Elsevier Health Sciences; 2014. pp. 125-46.
22. Wainstein L. Cloud-Based Telehealth Defined: Advantages, Applications, and Security. Arizona: University of Arizona Health Sciences; 2018 [cited 2020 May 27]. Available from: <a href="https://telemedicine.arizona.edu/blog/cloud-based-telehealth-defined-advantages-applications-and-security">https://telemedicine.arizona.edu/blog/cloud-based-telehealth-defined-advantages-applications-and-security</a>.
23. Royal Australian College of General Practitioners. Using email in general pracice. Melbourn: RACGP; 2020 [cited 2020 May 27]. Available from: <a href="https://www.racgp.org.au/FSDEDEV/media/documents/Running%20a%20practice/Security/Using-email-in-general-practice-fact-sheet.pdf">https://www.racgp.org.au/FSDEDEV/media/documents/Running%20a%20practice/Security/Using-email-in-general-practice-fact-sheet.pdf</a>.
24. SecurityMetrics Inc. Sending HIPAA Compliant Emails 101. Orem (UT): SM Inc; 2019 [cited 2020 Jun 3]. Available from: <a href="https://www.securitymetrics.com/static/resources/orange/HIPAA_Compliant_Emails_White_Paper.pdf">https://www.securitymetrics.com/static/resources/orange/HIPAA_Compliant_Emails_White_Paper.pdf</a>.
25. Kreindler DM. Email security in clinical practice: ensuring patient confidentiality. Open Med. 2008;2(2):e54-9. PMID: <a href="https://pubmed.ncbi.nlm.nih.gov/21602943">21602943</a>
26. Li Y. Thinking of Emailing Medical Records? Thing Again. S.l.: Electronic health reporter; 2019 [cited 2020 Jun 3]. Available from: <a href="https://electronichealthreporter.com/thinking-of-emailing-medical-records-think-again/">https://electronichealthreporter.com/thinking-of-emailing-medical-records-think-again/</a>.
27. Hadeed GJ, Holcomb M, Latifi R. Communication Technologies: An Overview of Telemedicine Connectivity. In: Latifi R, ed. Telemedicine for Trauma, Emergencies, and Disaster Management. Norwood (MA): Artech House; 2011. pp. 37-50.
28. Trend Micro Incorporated. How to Secure Video Conferencing Apps. Irving: TMI; 2020 [cited 2020 May 24]. Available from: <a href="https://www.trendmicro.com/vinfo/us/security/news/security-technology/how-to-secure-video-conferencing-apps">https://www.trendmicro.com/vinfo/us/security/news/security-technology/how-to-secure-video-conferencing-apps</a>.
29. Winder D. Zoom Gets Stuffed: Here’s How Hackers Got Hold Of 500,000 Passwords. Jersey City (NY): Forbes; 2020 [cited 2020 May 24]. Available from: <a href="https://www.forbes.com/sites/daveywinder/2020/04/28/zoom-gets-stuffed-heres-how-hackers-got-hold-of-500000-passwords/#7938b2165cdc">https://www.forbes.com/sites/daveywinder/2020/04/28/zoom-gets-stuffed-heres-how-hackers-got-hold-of-500000-passwords/#7938b2165cdc</a>.
30. Bode K. Zoom Is Full of Security Flaws — But You Can Protect Yourself. San Francisco (CA): Medium; 2020 [cited 2020 May 26]. Available from: <a href="https://onezero.medium.com/zoom-is-full-of-security-flaws-but-you-can-protect-yourself-f153f078ecbf">https://onezero.medium.com/zoom-is-full-of-security-flaws-but-you-can-protect-yourself-f153f078ecbf</a>.
31. National Security Agency (US). Selecting and Safely Using Collaboration Services for Telework. Fort Meade (MD): NSA (US); 2020 [cited 2020 May 26]. Available from: <a href="https://www.nsa.gov/News-Features/News-Stories/Article-View/Article/2163484/working-from-home-select-and-use-collaboration-services-more-securely/">https://www.nsa.gov/News-Features/News-Stories/Article-View/Article/2163484/working-from-home-select-and-use-collaboration-services-more-securely/</a>.
32. Cimpanu C. NSA security guide: How to choose safe conferencing and collaboration tools. San Francisco (CA): CBS Interactive; 2020 [cited 2020 May 26]. Available from: <a href="https://www.zdnet.com/article/heres-the-nsas-guide-for-choosing-a-safe-text-chat-and-video-conferencing-service/">https://www.zdnet.com/article/heres-the-nsas-guide-for-choosing-a-safe-text-chat-and-video-conferencing-service/</a>.
33. Partala J, Keranen N, Sarestoniemi M, Hamalainen M, Iinatti J, Jamsa T, et al. Security threats against the transmission chain of a medical health monitoring system. In: 2013 IEEE 15th International Conference on e-Health Networking, Applications and Services; 2013 Oct 9-12. Lisbon, Portugal. S.l.: Institute of Electrical and Electronics Engineers; 2013 [cited 2020 May 26]. Available from: <a href="https://ieeexplore.ieee.org/document/6720675?arnumber=6720675&tag=1">https://ieeexplore.ieee.org/document/6720675?arnumber=6720675&tag=1</a>. DOI: <a href="https://doi.org/10.1109/HealthCom.2013.6720675">10.1109/HealthCom.2013.6720675</a>
34. Ondiege B, Clarke M, Mapp G. Exploring a New Security Framework for Remote Patient Monitoring Devices. Computers. 2017;6(1):11. DOI: <a href="https://doi.org/10.3390/computers6010011">10.3390/computers6010011</a>
35. Evropski ekonomsko-socialni odbor. Mnenje Evropskega ekonomsko-socialnega odbora o Sporočilu Komisije Evropskemu parlamentu, Svetu, Evropskemu ekonomsko-socialnemu odboru in Odboru regij o koristih telemedicine za paciente, zdravstvene sisteme in družbo (COM(2008) 689 konč.). Brussels: EUR-Lex; 2020 [cited 2020 May 22]. Available from: <a href="https://eur-lex.europa.eu/legal-content/SL/TXT/?uri=CELEX%3A52009AE1197">https://eur-lex.europa.eu/legal-content/SL/TXT/?uri=CELEX%3A52009AE1197</a>.
36. Miliard M. Telehealth privacy and security: Investment and education are key, attorney says. Portland (OR): Healthcare IT News; 2020 [cited 2020 May 25]. Available from: <a href="https://www.healthcareitnews.com/news/telehealth-privacy-and-security-investment-and-education-are-key-attorney-say">/news/telehealth-privacy-and-security-investment-and-education-are-key-attorney-say</a>.
37. SUVI. Ljubljana: Ministrstvo za zdravje; 2019 [cited 2020 Aug 28]. Available from: <a href="http://www.ezdrav.si/category/projekti/suvi/">http://www.ezdrav.si/category/projekti/suvi/</a>.
38. zNET. Ljubljana: Ministrstvo za zdravje; 2019 [cited 2020 Aug 28]. Available from: <a href="http://www.ezdrav.si/category/projekti/znet/">http://www.ezdrav.si/category/projekti/znet/</a>.
39. Pravilnik o pogojih, rokih, načinu vključitve in uporabe eZdravja za obvezne uporabnike. UL RS. 2015(69).
40. Drnovšek S, Bucaj Ž, Šinkovec M, Ladinik J, Černe M, Breznik K, et al. Študija izvedljivosti projekta eZdravje – predinvesticijska zasnova in investicijski program s študijo izvedbe: Definicije podprojektov. Ljubljana: Ministrstvo za zdravje; 2019 [cited 2020 Aug 29]. Available from: <a href="http://mz.arhiv-spletisc.gov.si/fileadmin/mz.gov.si/pageuploads/eZdravje/predstavitev/studija/definicija_projektov.pdf">http://mz.arhiv-spletisc.gov.si/fileadmin/mz.gov.si/pageuploads/eZdravje/predstavitev/studija/definicija_projektov.pdf</a>.
41. Žele M. Predstavitev varnostnih politik [PowerPoint slides]. Lecture presented at: Informativni dan informacijske varnosti; Jun 2010. Ljubljana: Medicinska fakulteta; 2010 [cited 2020 Aug 29]. Available from: <a href="http://mz.arhiv‑spletisc.gov.si/fileadmin/mz.gov.si/pageuploads/eZdravje/predstavitev/Predstavitev_politik.pdf">http://mz.arhiv‑spletisc.gov.si/fileadmin/mz.gov.si/pageuploads/eZdravje/predstavitev/Predstavitev_politik.pdf</a>.
42. Keown A. Cyberattacks on Health Care Groups Increase During COVID-19 Pandemic. Urbandale: Biospace; c1985-2020 [cited 2020 Jun 22]. Available from: <a href="https://www.biospace.com/article/pandemic-creates-opportunities-for-cyberattacks-on-healthcare-groups-report-shows/">https://www.biospace.com/article/pandemic-creates-opportunities-for-cyberattacks-on-healthcare-groups-report-shows/</a>.
43. European Union Agency for Cybersecurity. Cybersecurity in the healthcare sector during COVID-19 pandemic. Athens: The Agency; c2005-2020 [cited 2020 Jun 22]. Available from: <a href="https://www.enisa.europa.eu/news/enisa-news/cybersecurity-in-the-healthcare-sector-during-covid-19-pandemic">https://www.enisa.europa.eu/news/enisa-news/cybersecurity-in-the-healthcare-sector-during-covid-19-pandemic</a>.

Varovanje osebnih podatkov v telemedicinskih storitvah

Avtorji

DOI:

Ključne besede:

Povzetek

Prenosi

Literatura

Prenosi

Objavljeno

Številka

Rubrika

Licenca

Kako citirati

Najbolj brani prispevki istega avtorja(jev)

Jezik

cc_license

90letzv

Informacije

Ključne besede