• The Korean Society of Law and Medicine
• /
• v.22 no.4
• /
• pp.117-157
• /
• 2021

This research reviewed the HIPAA/HITECH, 21st Century Cures Act, Common Law, and private Guidances from the perspectives in protecting and utilitizing the medical data, while implications were followed. First, the standards for protection and utilization are relatively clearly regulated through single law on personal medical information in the United States. The HIPAA has been introduced in 1996 as fundamental act on protection of medical data. Medical data was divided into personally identifiable information, non-identifying information, and limited dataset under HIPAA. Regulations on de-identification measures for medical information, objects for deletion of limited data sets, and agreement on prohibition of data re-identification were stipulated. Moreover, in the 21st Century Cures Act regulated mutual compatibility for data sharing, prohibition of data blocking, and strengthening of accessibility of data subjects. Common Law introduced comprehensive consent system and clearly stipulates procedures. Second, the regulatory system is relatively simplified and clearly stipulated in the United States. To be specific, the expert consensus and the safe harbor system were introduced as an anonymity measure for identifiable medical information, which clearly defines the process while increasing trust. Third, the protection of the rights of the data subject is specified, the duty of explanation is specified in detail, while the information right of the consumer (opt-out procedure) for identification information is specified. For instance, the HHS rule and FDA regulations recognize the comprehensive consent system for human research, but the consent procedure, method, and requirements are stipulated through the common rule. Fourth, in the case of the United States, a trust-based system is being used throughout the health and medical data legislation. To be specific, Limited Data Sets are allowed to use in condition to the researcher's agreement to prohibit re-identification, and de-identification or consent process is simplified under the system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.155-165
• /
• 2018

As medical healthcare industry is growing up rapidly these days, providing various new healthcare service is considered carefully. Health information is considered to be more important than financial information; therefore, protecting health information becomes a very significant task. Ransomware is now targeting industry groups that have high information value. Especially, ransomware has grown in various ways since entering maturity in 2017. Healthcare industry is highly vulnerable to ransomeware since most healthcare organizations are configured in closed network with lack of malware protection. Only meeting the security criteria is not the solution. In the case of a successful attack, restoration process must be prepared to minimize damages as soon as possible. Ransomware is growing rapidly and becoming more complex that protection must be improved much faster. Based on ISO 27799 and 27002 standard, we extract and present security measures against advanced ransomware to maintain and manage healthcare system more effectively.

• The Korean Society of Law and Medicine
• /
• v.22 no.3
• /
• pp.31-55
• /
• 2021

The Personal Information Protection Act, one of the revised 3 Data Laws, established a special cases concerning pseudonymous data. As a result, a personal information controller may process pseudonymized information without the consent of data subjects for statistical purposes, scientific research purposes, and archiving purposes in the public interest, etc. In addition, as a follow-up to the revised Personal Information Protection Act, a 'Guidelines for Utilization of Healthcare Data' was prepared, which deals with the pseudonymization in the medical sector. The guidelines are meaningful in that they provide practical criteria for accomplices by defining specific interpretations and examples that take into account the characteristics of healthcare data. However, the guidelines need to clarify the purpose of using pseudonymous data and strengthen the fairness of the composition of the data deliberation committee. The guidelines also require establishing a healthcare data compensation framework and strengthening the protection of rights for vulnerable subjects. In addition, the guidelines need to be adjusted for inconsistency with the Bioethics and Safety Act and the Medical Service Act. It is expected that this study will contribute to the creation of a safe environment for the utilization of healthcare data as well as the improvement of related laws and systems.

• Journal of Korean Society of Archives and Records Management
• /
• v.13 no.3
• /
• pp.151-171
• /
• 2013

To comprehend the importance and necessity of record management metadata standard implemented in an electronic medical records system, a survey was undertaken to 50 medical records managers in charge of 5 major hospitals in Seoul. Analysis of the survey results was performed by averaging the responses given by those who answered the survey. SPSS was utilized for statistical analysis. Managers of medical records placed importance on metadata that are related to security of records, such as "levels of security", "types of access to medical records", "levels of authorization granted to personnel", and "users accessing medical records". It shows that these managers need the functions of privacy protection in ERMS. Metadata on "external disclosure" had the lowest level but those surveyed with more than 7 years of experience placed greater importance in this area more those surveyed with less than 7 years of experience in a hospital. This shows that managers need the functions of external disclosure to meet the needs of third partiesfor medical research and medical education.

• Journal of Radiation Protection and Research
• /
• v.40 no.3
• /
• pp.132-146
• /
• 2015

To develop tailored elementary, middle, and high school textbooks suitable for understanding the nuclear energy and radiation, quantitative and qualitative research was carried out in parallel, which included nine steps to ensure the validity of content and structure. The elementary, middle, and high school students wanted to acquire information used in their daily lives, including the definition of nuclear energy and radiation, principles and status of nuclear power generation, and information about irradiated food, medical radiation, and radiation in life. In the evaluation of the effects of textbook contents according to the educational requirements of each school level, high suitability frequencies (>80%) were shown for the human character, education goals, curriculum goals, evaluation method, and education time. At some levels, the high suitability frequencies (>70%) were shown for the education grade, education type, and textbook type.

• Convergence Security Journal
• /
• v.16 no.7
• /
• pp.21-29
• /
• 2016

Our society is currently exposed to environment of various information that is exchanged real time through networks. Especially regarding medical policy, the government rushes to practice remote medical treatment to improve the quality of medical services for citizens. The remote medical practice requires establishment of medical information based on big data for customized treatment regardless of where patients are. This study suggests establishment of regional medical cluster along with defense and protection cooperation models that in case service availability is harmed, and attacks occur, the attacks can be detected, and proper measures can be taken. For this, the study suggested forming networks with nationwide local government hospitals as regional virtual medical cluster bases by the same medical information system. The study also designed a mutual cooperation security model that can real time cope with IP Spoofing attack that can occur in the medical cluster and DDoS attacks accordingly, so that the limit that sole system and sole security policy have can be overcome.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.3
• /
• pp.958-979
• /
• 2023

Due to laws, regulations, privacy, etc., between 70-90 percent of providers do not share medical data, forming a "data island". It is essential to collaborate across multiple institutions without sharing patient data. Most existing methods adopt distributed learning and centralized federal architecture to solve this problem, but there are problems of resource heterogeneity and data heterogeneity in the practical application process. This paper proposes a collaborative deep learning modelling method based on the blockchain network. The training process uses encryption parameters to replace the original remote source data transmission to protect privacy. Hyperledger Fabric blockchain is adopted to realize that the parties are not restricted by the third-party authoritative verification end. To a certain extent, the distrust and single point of failure caused by the centralized system are avoided. The aggregation algorithm uses the FedProx algorithm to solve the problem of device heterogeneity and data heterogeneity. The experiments show that the maximum improvement of segmentation accuracy in the collaborative training mode proposed in this paper is 11.179% compared to local training. In the sequential training mode, the average accuracy improvement is greater than 7%. In the parallel training mode, the average accuracy improvement is greater than 8%. The experimental results show that the model proposed in this paper can solve the current problem of centralized modelling of multicenter data. In particular, it provides ideas to solve privacy protection and break "data silos", and protects all data.

• Proceedings of the KIEE Conference
• /
• 2003.07d
• /
• pp.2537-2539
• /
• 2003

본 논문에서는 의료 영상에 대한 저작권보호를 위한 새로운 워터마킹 알고리즘을 제안한다. 본 알고리즘에서는 이산 웨이블릿 변환 대신에 계산량이 적은 정수 웨이블릿 변환을 이용하였다. 본 논문에서는 정수 웨이블릿 공간에서 유사-잡음 수열을 워터마크로 삽입 하였다. 워터마크를 추출할 때 확산스펙트럼 기법을 이용하고 유사도는 공분산 수열에서 결정한다. 실험을 통하여 제안한 알고리즘이 노이즈, 압축 등 공격에 강인함을 보임을 확인하였다.

• The Korean Society of Law and Medicine
• /
• v.13 no.1
• /
• pp.295-329
• /
• 2012

A medical malpractice case requires special legal protection, considering its characteristics, such as seriousness and long term effects of its damages, medical information asymmetry between practitioners and patients, and difficulties in realization of liability. Taking the points above into consideration, Medical Malpractice Arbitration Act of 2012(MAA) has legislative intent to protect the rights of the injured from medical malpractice, while protecting the stability of medical practice by providing arbitration as an alternative dispute resolution. However, constitutional review is required for one new scheme of compensation for medical injuries during delivery, which is implemented in MAA of 2012, especially with regard to freedom to exercise occupation, property, equality under the Constitution. Two important aspects are 1. according to the law, absolute liability applies to compensation for damages during delivery without negligence of practitioners; and 2. the practitioner bears some portion of the cost, 30% in the law above. This article aims to analyze this new institution in various aspects of the Constitution, and, as a result, it does not comply with constitutional criteria.

• Smart Media Journal
• /
• v.5 no.4
• /
• pp.83-89
• /
• 2016

Guidelines for protecting personal information are already in progress in USA, UK and other countries and announced many guideline like HIPPA. However In Our national environment, we does not have specialized guideline in national medical industries. This thesis suggest De-indentification method in South Korea by referring 'bigdata De-identification Guideline by Ministry of Science, ICT and Future Planning (2015)', ICO in U. K and IHE, NIST, HIPPA in U. S. A. We suggest also correlation between Guidelines. Corelation means common techniques in three guidelines (IHE, NIST, HIPPA in U. S. A). As Point becomes closer five points, We recommend that technique to national medical institute for De-Identification. We hope this thesis makes the best use of personal information's development in National medical institute.