engleski

A Security Assessment Framework for e-Health: A Croatian Perspective

E-health aims to improve health of citizens, productivity and efficiency in healthcare delivery, and the social and economic value of health by using information and communication technologies. It encompasses various interoperability approaches and mechanisms among health services, products and processes combined with organizational change in healthcare systems, covering interaction between patients and health-service providers, institution-to-institution transmission of data, or peer-to-peer communication between patients and/or health professionals. Since inappropriate use or misuse of medical information can lead to undesirable outcomes, medicine and health are considered as very sensitive areas in terms of human life and work. Therefore, security polices, practices and procedures must be in place as well as utilization of cyber security and defense technologies, which help to protect e-health systems against attacks, detect abnormal activities and to have proven contingency plans in place. This work presents a framework for security assessment of national e-health systems, allowing country-level practices and perspectives on cyber defense, information security and data protection in e-health to be considered in a holistic manner. The framework covers assessment criteria on different levels: from national security and critical infrastructures to personal data protection and user and information privacy, as well as dealing with various cyber security aspects in government-to-government, government-to-citizen and government-to-business categories of e-government ecosystem. Security assessment criteria are grouped into and analyzed through four interoperability aspects: legal, technical, semantic and organizational. The evidence for security assessment process conducted by using the framework was provided on Croatian e-Health showcase, with advantages given and limitations commented.

security assessment, e-health, critical infrastructure protection, information security, cyber defense

DOI 10.3233/978-1-61499-716-0-293