산업공학 (IE interfaces)

  • 제20권2호
  • /
  • Pages.177-185
  • /
  • 2007
  • /
  • 1225-0996(pISSN)
  • /
  • 2234-6465(eISSN)
대한산업공학회 (Korean Institute of Industrial Engineers)
권호 표지

u-Health 환경에서의 정보보호 수준제고를 위한 보안 표준 개발

Development of an Information Security Standard for Protecting Health Information in u-Health Environment

  • 김동수 (숭실대학교 산업.정보시스템공학과) ;
  • 김민수 (부경대학교 시스템경영공학과)
  • Kim, Dong-Soo (Department of Industrial and Information Systems Engineering, Soongsil University) ;
  • Kim, Min-Soo (Department of Systems Management and Engineering, Pukyong National University)
  • 투고 : 20061200
  • 심사 : 20070300
  • 발행 : 2007.06.30
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

e-Business in healthcare sector has been called e-Health, which is evolving into u-Health with advances of ubiquitous technologies. Seamless information sharing among health organizations is being discussed in many nations including USA, UK, Australia and Korea. Efforts for establishing the electronic health record (EHR) system and a nation-wide information sharing environment are called NHII (National Health Information Infrastructure) initiatives. With the advent of u-Health and progress of health information systems, information security issues in healthcare sector have become a very significant problem. In this paper, we analyze several issues on health information security occurring in u-Health environment and develop an information security standard for protecting health information. It is expected that the standard proposed in this work could be established as a national standard after sufficient reviews by information security experts, stakeholders in healthcare sector, and health professionals. Health organizations can establish comprehensive information security systems and protect health information more effectively using the standard. The result of this paper also contributes to relieving worries about privacy and security of individually identifiable health information brought by NHII implementation and u-Health systems.

키워드

참고문헌

  1. Ahern, D. K., Kreslake, J. M., and Phalen, J. M. (2006), What Is eHealth (6): Perspectives on the Evolution of eHealth Research, Journal of Medical Internet Research, 8(1)
  2. Chae, Y-M. (2005), Establishing Laws and Regulations for e-Healtb Promotion, Project Report of MOHW, Seoul, Korea
  3. Efraim Turban and David King (2003), Introduction to e-Commerce, Prentice Hall, New Jersey
  4. Eng, T. R. (2001), The eHealth Landscape, A terrain map of emerging information and communication technologies in health and health care, Princeton, NJ: The Robert Wood Johnson Foundation
  5. Eysenbach, G. (2001), What is e-health?, Journal of Medical Internet Research, 3(2)
  6. Jim, Moynihan, The Basics of Healthcare EDI/EC, HIPAA Summit West II, March 14, 2002. Available at www.ehcca.com/presentations/HIPAAWest2/1_01.pdf
  7. Joan, Hash et al. (2005), An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act(HIPAA) Security Rule, NIST Special Publication 800-66
  8. KHIDI (2004), Privacy and Security Standard for Electronic Medical Record, Research Report, Seoul, Korea
  9. Kim, D. and Kim, M. (2006), Issues on Privacy and Security of Health Information in u-Health IT Service Environment, Proc. 2006 Spring Conf. of Korea Society of IT Services, 282-289
  10. Kim, D. and Park, H. (2003), A.Review.of.Hospital Information.Systems and e-Hospiral Strategy Development of Large-sized Hospitals, Informatization Policy, 11(3), 13-29
  11. Kim, T-J. and Kim, I-H. (2005), A Study on Individual Information Security Management System in Ubiquitous Environment, Security News, 10-15
  12. MOHW (2006), A Study on Health Information Security Standard; Project Report of MOHW, Seoul, Korea
  13. Oh, H., Rizo, C., Enkin, M., Jadad, A., Powell, J., and Pagliari, C (2005), What Is eHealth (3): A Systematic Review of Published Definitions, Journal of Medical Internet Research, 7(1)
  14. P&AB and Harris Interactive, Available at http://www.pandab.org/healthpr.html
  15. Pagliari, C., Sloan, D., Gregor, P., Sullivan, F., Detmer, D., Kahan, J. P., Oortwijn, W., MacGillivray, S., and Griffiths, F. (2005), What Is eHealth (4): A Scoping Exercise to Map the Field. Medical Internet Research, 7(1)
  16. United States Department of Health Human Service, Standards for Privacy of Individually Identifiable Health Information, Security Stands for the Protected Health Information, General Administrative Requirements Including, Civil Money Penalties, Regulation Test(45 CPR Parts 160 and 164)