Laws and Standards for Secure e-Healthcare Information

  • Charles A. Shoniregun
  • Kudakwashe Dube
  • Fredrick Mtenzi
Part of the Advances in Information Security book series (ADIS, volume 53)


The legal developments in healthcare have been driven by the public concern for personal privacy and confidentiality within the context of an increasingly connected world centred on the Internet. The developments in standardisation within e-Healthcare have been influenced by the two key paradigms of patient-centred and managed care that necessitated demands for lowering costs and increasing quality of patient care. The technical challenge of these paradigm shifts is inter-operability for supporting the delivery of care at multiple locations by multiple carers who need to share the patient health record.


European Union Advance Encryption Standard Extensible Authentication Protocol Privacy Rule Security Standard 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Agrawal R, Johnson C (2007) Securing electronic health records without impeding the flow of information. International Journal of Medical Informatics 76:471–479, DOI 10.1016/j.ijmedinf.2006.09.015CrossRefGoogle Scholar
  2. ALRC (2007) (australian law reform commission), lrc discussion paper 72 - review of australian privacy law, vol. 1-2. Tech. rep., Commonwealth of Australia, URL
  3. ALRC (2008) (australian law reform commission), australian privacy law and practice report, vol. 1-3. Tech. Rep. 1, Commonwealth of AustraliaGoogle Scholar
  4. Armitage J, Souhami R, Friedman L, Hilbrich L, Holland J, Muhlbaier LH, Shannon J, Nie AV (2008) The impact of privacy and confidentiality laws on the conduct of clinical trials. Clinical Trials (London, England) 5(1):70–4, DOI 5/1/70, pMID: 18283083CrossRefGoogle Scholar
  5. Baker D, Masys D (1999) Pcasso: a design for secure communication of personal health information via the internet. Int J Med Inform 54(2):97–104, URL CrossRefGoogle Scholar
  6. Bales S (2005) [the introduction of the electronic health card in germany]. Bundesgesundheitsblatt, Gesundheitsforschung, Gesundheitsschutz 48(7):727–31, DOI 10.1007/s00103-005-1080-z, URL, pMID: 16003565
  7. Barlette Y, Fomin VV (2008) Exploring the suitability of is security management standards for smes. hicss 0:308, DOI
  8. Berman JJ (2004) Zero-check: a zero-knowledge protocol for reconciling patient identities across institutions. Archives of Pathology & Laboratory 128(3):344–6, DOI 14987147, URL , pMID: 14987147Google Scholar
  9. Bicakci K, Baykal N (2003) Survivable authentication for health information systems. AMIA Annual Symposium Proceedings / AMIA Symposium AMIA Symposium p 791, DOI 14728296, URL, pMID: 14728296
  10. Blobel B (2001) Trustworthiness in distributed electronic healthcare records-basis for shared care. In: ACSAC, pp 433–441, DOI, URL Google Scholar
  11. Blobel B (2004) Authorisation and access control for electronic health record systems. International Journal of Medical Informatics 73:251257CrossRefGoogle Scholar
  12. Blobel B, Pharow P, Spiegel V, Engel K, Engelbrecht R (2001) Securing interoperability between chip card based medical information systems and health networks. International Journal of Medical Informatics 64(2-3):401–15, DOI 11734401, URL, pMID: 11734401CrossRefGoogle Scholar
  13. Bomba B, Cooper J, Miller M (1995) Working towards a national health information system in australia. Medinfo 1995 8:Pt 2:1633, DOI
  14. Broek LVD, Sikkel AJ (eds) (1997) Health Cards ’97. IOS PressGoogle Scholar
  15. Brous EA (2007) Hipaa vs. law enforcement. a nurses’ guide to managing conflicting responsibilities. The American Journal of Nursing 107:60–3, DOI 10.1097/ 01.NAJ.0000282298.26312.3c, pMID: 17667394Google Scholar
  16. den Bumen T SI (2007) Human genetic data from a data protection law perspective, [article in german].BundesgesundheitsblattGesundheitsforschungGesundheitsschutz 50(2):200–8, URL
  17. Calcutt D (1990) Report of the committee on privacy and related matters, cm 1 102 (london, hmso, 1990)Google Scholar
  18. Chen X, Zhang J, Wu D, Han R (2005) Hippa’s compliant auditing system for medical imaging system. Conference Proceedings: Annual International Conference of the IEEE Engineering in Medicine and Biology Society IEEE Engineering in Medicine and Biology Society Conference 1:562–3, DOI 17282242, pMID: 17282242Google Scholar
  19. Courtois N, Bard GV (2007) Algebraic cryptanalysis of the data encryption standard. In: 11-th IMA Conference, Cirencester, UK, URL Google Scholar
  20. Daemen J, Rijmen V (2002) The Design of Rijndael. Springer, ISBN 3-540-42580-2zbMATHGoogle Scholar
  21. Damiani E, Vimercati SDC, Jajodia S, Paraboschi S, Samarati P (2003) Balancing confidentiality and efficiency in untrusted relational dbmss. ACM, Washington D.C., USA, pp 93–102, DOI 10.1145/948109.948124,URL Google Scholar
  22. Davis D, Having K (2006) Compliance with hipaa security standards in u.s. hospitals. Journal of Healthcare Information Management: JHIM 20(2):108–15, DOI 16669594, pMID: 16669594 References 97Google Scholar
  23. Edlin M, Johns S (2006) High standards. a decade after the law went into effect, there is still debate about the pros and cons of the hipaa privacy and electronic transaction regulations. AHIP Coverage 47(6):26–9, DOI AHIP Coverage, pMID: 17175737Google Scholar
  24. Falcao-Reis F, Costa-Pereira A, Correia ME (2008) Access and privacy rights using web security standards to increase patient empowerment. Studies in Health Technology and Informatics 137:275–85, DOI 18560089, pMID: 18560089Google Scholar
  25. FederalRegister (2004) Hipaa administrative simplification: standard unique health identifier for health care providers. final rule. Federal Register 69(15):3433–68, DOI 14968800, pMID: 14968800Google Scholar
  26. Fisher B, Fitton R, Poirier C, Stables D (2006) Patient record access–the time has come. Studies in Health Technology and Informatics 121:162–7, DOI 17095813, pMID: 17095813Google Scholar
  27. Garon G, Outerbridge R (1991) Des watch: an examination of the sufficiency of the data encryption standard for financial institution information security in the 1990s. SIGSAC Rev 9:29–45, DOI 10.1145/126569.127016, URL CrossRefGoogle Scholar
  28. Garson K, Adams C (2008) Security and privacy system architecture for an ehospital environment. ACM, Gaithersburg, Maryland, pp 122–130,DOI 10.1145/ 1373290.1373306, URL Google Scholar
  29. Gritzalis D, Lambrinoudakis C (2004) A security architecture for interconnecting health information systems. International Journal of Medical Informatics 73(3):305–9, DOI 15066563, pMID: 15066563CrossRefGoogle Scholar
  30. Halamka J, Juels A, Stubblefield A, Westhues J (2006) The security implications of verichip cloning. Journal of the American Medical Informatics Association: JAMIA 13(6):601–7, DOI M2143, pMID: 16929037CrossRefGoogle Scholar
  31. Hale M, RunningtonC (1820) The History of the Common Lawof England:And An Analysis of the Civil Part of the Law. H. Butterworth, URL
  32. Hashiyada M (2004) Development of biometric dna ink for authentication security. The Tohoku Journal of Experimental Medicine 204(2):109–17, DOI 15383691, pMID: 15383691CrossRefGoogle Scholar
  33. Hassinen M, Laitinen P (2005) End-to-end encryption for sms messages in the health care domain. Studies in Health Technology and Informatics 116:316–21, DOI 16160278, pMID: 16160278Google Scholar
  34. Honan B (2008) Data on over 170,000 irish blood donors and patients lost; security watch, bh consultings security watch blog, february 20th, 2008,; accessed: 2008-07-17. Online, URL
  35. Hughes G, Dawson S, Brookes T (2008) Considering new privacy laws in australia. Security & Privacy, IEEE 6(3):57–59, DOI 10.1109/MSP.2008.60CrossRefGoogle Scholar
  36. Istepanian RSH, Laxminarayan S, Pattichis CS (eds) (2006) M-Health: Emerging Mobile Health Systems. Topics in Biomedical Engineering (Int. Book Series), Springer 98 3 Laws and Standards for Secure e-Healthcare InformationGoogle Scholar
  37. Kalra D (2006) Electronic health record standards. Yearbook of Medical Informatics pp 136–44, DOI me06010136, pMID: 17051307Google Scholar
  38. Karygiannis T, Eydt B, Barber G, Bunn L, Phillips T (2007) Guidelines for securing radio frequency identification (rfid) systems: Recommendations of the national institute of standards and technology. Tech. rep., National Institute of Standards and Technology (NIST), Depatment of Commerce, USA Government, URL, nIST Special Publication 800-98Google Scholar
  39. Kleinebreil L, Saba R, Razafindramanana N (2003) Health cards as a part of french health telematics. Studies in Health Technology and Informatics 96:224–8, DOI 15061549, URL, pMID: 15061549Google Scholar
  40. Kohler CO, Rienhoff O, Schaefer OP (1996) Health Cards ’95: Proceedings of the Health Cards ’95 Conference, Frankfurt, Germany, 23-26 October 1995. IOS PressGoogle Scholar
  41. Lennon P (2005) Protecting PersonalHealth Information in Ireland: Law & Practice. Oak Tree PressGoogle Scholar
  42. Levine C (2006) Hipaa and talking with family caregivers: what does the law really say? The American Journal of Nursing 106:51–3, DOI 00000446-200608000-00022, pMID: 16905933Google Scholar
  43. LRC TLRC (1998) Report on privacy: Surveillance and the interception of communications (lrc 571998). Tech. rep., The Law Reform Commission, IRELAND, URL
  44. Luna J, Dikaiakos MD, Kyprianou T, Bilas A, Marazakis M (2008) Data privacy considerations in intensive care grids. Studies in Health Technology and Informatics 138:178–87, DOI 18560120, pMID: 18560120Google Scholar
  45. McMahon BME, Binchy W (2000) Irish Law of Torts, 3rd edn. BUTTERWORTHS/Tottel PublishingGoogle Scholar
  46. Moore C (2004) The growing trend of government involvement in it security. In: InfoSecCD ’04: Proceedings of the 1st annual conference on Information security curriculum development, ACM, New York, NY, USA, pp 119–123, DOI CrossRefGoogle Scholar
  47. Mordini E, Ottolini C (2007) Body identification, biometrics and medicine: ethical and social considerations. Annali dell’Istituto Superiore Di Sanit 43(1):51–60, DOI 17536154, pMID: 17536154Google Scholar
  48. Morimoto S, Shigematsu S, Goto Y, Cheng J (2006) A security specification verification technique based on the international standard iso/iec 15408. ACM, Dijon, France, pp 1802–1803, DOI 10.1145/1141277.1141701, URL Google Scholar
  49. NIST (2001) Fips-197: Advanced encryption standard, national institute of standards and technology (nist). NIST Website,, accessed 20 August 2008, URL References 99 100 3 Laws and Standards for Secure e-Healthcare Information
  50. Okamoto E (2004) [encryption technique for linkable anonymizing]. Nippon Ksh Eisei Zasshi] Japanese Journal of Public Health 51(6):445–51, DOI 15296025, pMID: 15296025Google Scholar
  51. openEHR F (2007) openehr architecture - architecture overview, revision 1.1, pages: 87. Specification Release,, URL\#1121809
  52. Orfanidis L, Bamidis PD, Eaglestone B (2007) A simulation-based performance analysis of a national electronic health record system. Medinfo MEDINFO 12:302–6, DOI 17911727, pMID: 17911727Google Scholar
  53. Pharow P, Blobel B (2006) Benefits and weaknesses of health cards used in health information systems. Studies in Health Technology and Informatics 124:320–5, DOI 17108543, pMID: 17108543Google Scholar
  54. Posthumus L (2004) Use of the iso/iec 17799 framework in healthcare information security management. Studies in Health Technology and Informatics 103:447–52, DOI 15747954, pMID: 15747954Google Scholar
  55. Riedl B, Grascher V, Neubauer T (2007) Applying a threshold scheme to the pseudonymization of health data. In: PRDC, pp 397–400, URL Google Scholar
  56. Ruotsalainen P, Manning B (2007) A notary archive model for secure preservation and distribution of electrically signed patient documents. International Journal of Medical Informatics 76(5-6):449–53, DOI S1386-5056(06)00216-4, pMID: 17118701CrossRefGoogle Scholar
  57. Sax U, Kohane I, Mandl KD (2005) Wireless technology infrastructures for authentication of patients: Pki that rings. Journal of the American Medical Informatics Association: JAMIA 12(3):263–8, DOI M1681, pMID: 15684133 CrossRefGoogle Scholar
  58. Schütze B, Kämmerer M, Klos G, Mildenberger P (2006) The public-keyinfrastructure of the radiological society of germany. European Journal of Radiology 57(3):323–8, DOI S0720-048X(05)00342-6, pMID: 16324813CrossRefGoogle Scholar
  59. Torres E, de Alfonso C, Blanquer I, Hernndez V (2006) Privacy protection in healthgrid: distributing encryption management over the vo. Studies in Health Technology and Informatics 120:131–41, DOI 16823130, pMID: 16823130Google Scholar
  60. Urien P, Pujolle G (2008) Security and privacy for the next wireless generation. Int J Netw Manag 18:129–145,URL CrossRefGoogle Scholar
  61. Warren SD, Brandeis LD (1890-91) Right to privacy. Harvard Law Review IV(5):193–220, URL CrossRefGoogle Scholar
  62. Weaver AC, III SJD, Snyder AM, Dyke JV, Hu J, Chen X, Mulholland T, Marshall A (2003) Federated, secure trust networks for distributed healthcare it services. Industrial Informatics, 2003 INDIN 2003 Proceedings IEEE International Conference on pp 162–169Google Scholar
  63. Weerasinghe D, Elmufti K, Rajarajan M, Rakocevic V (2007) Securing electronic health records with novel mobile encryption schemes. International Journal of Electronic Healthcare 3(4):395–416, DOI 83M62814353865H8, pMID: 18048274CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  • Charles A. Shoniregun
    • 1
  • Kudakwashe Dube
    • 2
  • Fredrick Mtenzi
    • 3
  1. 1.Infonomics SocietyUnited Kingdom and Ireland
  2. 2.Computer Science and Information Technology School of Engineering & Advanced Technology (SEAT)Massey UniversityNew Zealand
  3. 3.Dublin Institute of TechnologyIreland

Personalised recommendations