Annicka Gunnarsson; Eva Lindros; Jeff Winter , pp. 49. Inst. för programvaruteknik och datavetenskap/Dept. of Software Engineering and Computer Science, 2002.
Our assignment was to present a report to the radiology clinic at the County Hospital in Blekinge, evaluating the risks inherent in transferring patient information via Internet between the radiologist?s home and the hospital and presenting suggestions to the clinic for mechanisms by which the privacy and personal health of the patient can be ensured.
Our aim was to investigate how to maintain an acceptable level of security to ensure that the patient?s privacy and security are not threatened. We wanted to present a list of measures that the clinic should take to ensure that security is maintained.
We have used several different methods during our investigation: literature studies; a case study at Blekinge County Council?s x-ray clinic that includes interviews with the head of the clinic, the System Manager and System Administrators and e-mail interviews with other relevant personnel.
Using these methods, we have concluded that the present working method does not fulfil the requirements stated in the theories concerning medical security. To ensure a level of computer security in accordance with the recommendations made in this thesis, it is necessary to take certain measures, which we have listed here. These include the introduction of single session login, the formulation of explicit security policies, a program for user education, the encryption of transmissions, and the use of the audit trail to track system use.
All of these measures concern the intended new working method with the introduction of an outside connection; some of them concern the existing system and working method. A system fulfilling these measures will however always encompass risks, even in the safest distributed system. With today?s technologies is there always a risk that could threaten the patient?s privacy or security.
This does not mean that a sufficient security level cannot be reached. By following the recommendations presented in this thesis, the x-ray clinic can maintain an acceptable level of security, when the radiologists on back-up duty are viewing x-rays and making diagnoses from home.