3005 lines
136 KiB
HTML
3005 lines
136 KiB
HTML
|
|
|
|
|
|
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
|
|
|
|
<link href="/archive/styles/global.css" rel="stylesheet" title="default" type="text/css" />
|
|
<link href="/archive/styles/global_import.css" rel="stylesheet" media="all" title="default" type="text/css" />
|
|
|
|
|
|
<script type="text/javascript" src="/archive/scripts/archive.js"></script>
|
|
<style type="text/css" media="screen" title="default">
|
|
@import url("/archive/styles/global_import.css");
|
|
@import url("/archive/styles/level2_import.css");
|
|
SPAN.disclaimer{
|
|
text-align: right; font-style:italic;
|
|
}
|
|
</style>
|
|
|
|
<!--[if IE]>
|
|
<link rel="stylesheet" href="/archive/styles/global_print.css" type="text/css" title="printpreview" media="print" />
|
|
<link rel="stylesheet" href="/archive/styles/level2_print.css" type="text/css" title="printpreview" media="print" />
|
|
<![endif]-->
|
|
|
|
<style type="text/css" media="print" >
|
|
#screen-version{display:none;}
|
|
</style>
|
|
<link rel="stylesheet" href="/archive/styles/archive.css" type="text/css" title="default" />
|
|
<title>Confidentiality of Electronic Health Data (CBM 95-10)</title>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><link
|
|
title="The Dublin Core metadata Element Set"
|
|
"http://purl.org/dc/elements/1.1/"="http://purl.org/dc/elements/1.1/"" rel="schema.DC" /><!-- encoding = ISO-8859-1 -->
|
|
<META NAME="DC.Title" content="Current Bibliographies in Medicine 95-10">
|
|
<META NAME="DC.Publisher" content="U.S. National Library of Medicine" />
|
|
<META NAME="DC.Date.Issued" content="1996-12-31" />
|
|
<META NAME="DC.Date.Modified" content="1996-12-31" />
|
|
<META NAME="DC.Type" content="Bibliography">
|
|
<META NAME="DC.Rights" content="public domain" />
|
|
<META NAME="DC.Language" content="eng" />
|
|
<META NAME="DC.Identifier.URL" content="http://www.nlm.nih.gov/archive/20040829/pubs/cbm/confiden.html" />
|
|
<META NAME="DC.Description.Notes" content="archived" />
|
|
<META NAME="DC.Date.Archived" content="2004-08-29" />
|
|
<META NAME="DC.Contact.Email" content="refweb@nlm.nih.gov" />
|
|
<META NAME="NLMDC.Date.Expiration" content="2005-12-31" />
|
|
<META NAME="NLM.Permanence.Level" content="Permanent: Stable Content" />
|
|
<META NAME="NLM.Permanence.Guarantor" content="U.S. National Library of Medicine" />
|
|
<!-- BEGIN NLM HEADER -->
|
|
<meta content="MSHTML 6.00.2800.1458" name="GENERATOR" />
|
|
</head>
|
|
<body text=#000000 vLink=#960044 bgColor=#ffffff>
|
|
<!-- -->
|
|
<a href="#skip" style="color: red; display: none;">Skip to Content</a>
|
|
|
|
<div id="archeader" style="height:70px;">
|
|
|
|
<div style="float: left; background-color: black;" id="arcbanner"><img height="55" width="334" border="0" id="NLMBanner" usemap="#nlm_logo" alt="" src="/archive/images/head_left.gif"/></div>
|
|
|
|
<div style="background-color: black; float: left; margin-left: 95px; margin-top: 5px;" id="archivetext">Archives</div>
|
|
|
|
<div style="background-color: black; float: right;" id="arcsearch">
|
|
<form id="searchForm" name="searchForm" target="_self" action="http://search.nlm.nih.gov/homepage/query" method="get">
|
|
<label id="searchLabel" for="PARAMETER">Search NLM Web Site</label>
|
|
<input type="text" size="12" class="text" id="PARAMETER" name="PARAMETER"/>
|
|
<input align="absmiddle" type="image" class="gobutton" alt="Search" src="/archive/images/button_go.gif" name="imageField"/>
|
|
<span class="navbar"><a href="/">NLM Home</a> | <a href="/about/archives.html">About the Archives</a></span>
|
|
<input type="hidden" value="search" name="FUNCTION"/>
|
|
<input type="hidden" value="250" name="MAX"/>
|
|
<input type="hidden" value="true" name="DISAMBIGUATION"/>
|
|
</form></div>
|
|
|
|
</div>
|
|
|
|
<div id="breadcrumb" style="height:25px;">
|
|
|
|
<div style="float: left; width: 18%;" class="breadlinks" id="arccontainerheader"><a href="/index.html">Home</a> > <strong>NLM Archives</strong> >
|
|
</div>
|
|
|
|
<div style="text-align: right; float: right; width: 80%; margin-top: 5px;" id="disclaimerheader"><strong>Document content is not current. Links may be broken.</strong>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
<div class="clearer"></div>
|
|
<TABLE cellSpacing=0 cellPadding=0 width=640 border=0><!-- NLM LOGO BAR -->
|
|
<TBODY>
|
|
<TR>
|
|
<TD noWrap align=left><A title="Skip NLM Navigation"
|
|
href="http://www.nlm.nih.gov/pubs/cbm/confiden.html#skipNLMNav"><IMG
|
|
height=1 alt="Skip NLM Navigation" src="confiden_files/blank1.gif" width=1
|
|
border=0></A><A "http://www.nlm.nih.gov/nlmhome.html"><IMG height=60
|
|
alt="NLM Home Page" src="confiden_files/99subhead.gif" width=201
|
|
border=0></A><A "http://www.nlm.nih.gov/pubs/resources.html"><IMG
|
|
height=60 alt="Current Bibliographies in Medicine Home Page"
|
|
src="confiden_files/cbmhead.gif" width=428 border=0></A><BR><!-- FIRST NAVIGATION BAR (BLUE BAR) --><IMG height=1
|
|
alt="" src="confiden_files/blank1.gif" width=1 border=0><A
|
|
"http://www.nlm.nih.gov/pubs/resources.html"><IMG height=20
|
|
alt="CBM Home Page" src="confiden_files/cbmhm.gif" width=219
|
|
border=0></A><A "http://www.nlm.nih.gov/contacts/contact.html"><IMG
|
|
height=20 alt="Contact NLM" src="confiden_files/contactnlmblubar.gif"
|
|
width=99 border=0></A><A "http://www.nlm.nih.gov/siteindex.html"><IMG
|
|
height=20 alt="Site Index" src="confiden_files/siteindexblubar.gif"
|
|
width=81 border=0></A><A "http://www.nlm.nih.gov/search.html"><IMG
|
|
height=20 alt="Search Our Web Site" src="confiden_files/sowsblubar.gif"
|
|
width=151 border=0></A><A "http://www.nlm.nih.gov/nlmhome.html"><IMG
|
|
height=20 alt="NLM Home Page" src="confiden_files/nlmhomeblubar.gif"
|
|
width=90 border=0></A><BR><!-- SECOND NAVIGATION BAR --><IMG height=1
|
|
alt="" src="confiden_files/blank1.gif" width=1 border=0><A
|
|
"http://www.nlm.nih.gov/hinfo.html"><IMG height=20
|
|
alt="Health Information" src="confiden_files/hinavybar.gif" width=119
|
|
border=0></A><A "http://www.nlm.nih.gov/libserv.html"><IMG height=20
|
|
alt="Library Services" src="confiden_files/lsnavybar.gif" width=115
|
|
border=0></A><A "http://www.nlm.nih.gov/resprog.html"><IMG height=20
|
|
alt="Research Programs" src="confiden_files/rpnavybar.gif" width=134
|
|
border=0></A><A "http://www.nlm.nih.gov/nn.html"><IMG height=20
|
|
alt="New and Noteworthy" src="confiden_files/nnnavybar.gif" width=128
|
|
border=0></A><A "http://www.nlm.nih.gov/ginfo.html"><IMG height=20
|
|
alt="General Information" src="confiden_files/ginavybar.gif" width=130
|
|
border=0></A> </TD></TR>
|
|
<TR>
|
|
<TD><BR><!-- END NLM HEADER --><!-- Standard heading -->
|
|
<H2 id=skipNLMNav>Current Bibliographies in Medicine 95-10</H2><!-- ************************* Content start ************************* -->
|
|
<HR>
|
|
|
|
<H1>Confidentiality of Electronic Health Data</H1>
|
|
<HR>
|
|
<PRE>
|
|
<P>CBM 95-10</P>
|
|
|
|
<P>
|
|
<BR>
|
|
Confidentiality of Electronic Health Data:<BR>
|
|
Methods for Protecting Personally Identifiable Information</P>
|
|
|
|
<P>
|
|
January 1990 through March 1996</P>
|
|
|
|
<P>448 Selected Citations</P>
|
|
|
|
<P>
|
|
</P>
|
|
|
|
<P>Prepared by</P>
|
|
|
|
<P>
|
|
Ione Auston, M.L.S., National Library of Medicine</P>
|
|
|
|
<P>Betsy L. Humphreys, M.L.S., National Library of Medicine</P>
|
|
|
|
<P>Paul D. Clayton, Ph.D., Columbia-Presbyterian Medical Center</P>
|
|
|
|
<P>Isaac S. Kohane, M.D., Ph.D., Harvard Medical School </P>
|
|
|
|
<P>Lance J. Hoffman, Ph.D., George Washington University </P>
|
|
|
|
<P>Zdenka Geisslerova, National Library of Medicine</P>
|
|
|
|
<P>
|
|
</P>
|
|
|
|
<P>U.S. DEPARTMENT OF HEALTH<BR>
|
|
AND HUMAN SERVICES<BR>
|
|
Public Health Service<BR>
|
|
National Institutes of Health</P>
|
|
|
|
<P>
|
|
National Library of Medicine<BR>
|
|
Reference Section<BR>
|
|
8600 Rockville Pike<BR>
|
|
Bethesda, Maryland 20894</P>
|
|
|
|
<P>
|
|
1996</P>
|
|
|
|
<P>
|
|
<BR>
|
|
National Library of Medicine Cataloging in Publication</P>
|
|
|
|
<P>
|
|
<BR>
|
|
Confidentiality of electronic health data : methods for<BR>
|
|
protecting personally identifiable information : January<BR>
|
|
1990 through March 1996 : 448 selected citations / <BR>
|
|
prepared by Ione Auston ... [et al.]. -- Bethesda, Md.<BR>
|
|
(8600 Rockville Pike, Bethesda 20894) : U.S. Dept. of<BR>
|
|
Health and Human Services, Public Health Service, National<BR>
|
|
Institutes of Health, National Library of Medicine,<BR>
|
|
Reference Section ; Pittsburgh, PA : Sold by the Supt. of<BR>
|
|
Docs., U.S. G.P.O., 1996.<BR>
|
|
-- (Current bibliographies in medicine ; 95-10)</P>
|
|
|
|
<P> <BR>
|
|
1. Confidentiality - bibliography 2. Computer Security<BR>
|
|
- bibliography 3. Medical Informatics - bibliography I.<BR>
|
|
Auston, Ione II. National Library of Medicine (U.S.).<BR>
|
|
Reference Section III. Title IV. Series</P>
|
|
|
|
<P> 02NLM: ZW 1 N272 no.95-10</P>
|
|
|
|
<P>
|
|
</P>
|
|
|
|
<P>
|
|
</P>
|
|
|
|
<P>
|
|
</P>
|
|
|
|
<P>SERIES NOTE</P>
|
|
|
|
<P>
|
|
Current Bibliographies in Medicine (CBM) is a continuation in<BR>
|
|
part of theNational Library of Medicine's Literature Search<BR>
|
|
Series, which ceased in 1987 with No. 87-15. In 1989 it also<BR>
|
|
subsumed the Specialized Bibliography Series. Each bibliography<BR>
|
|
in the new series covers a distinct subject area of biomedicine<BR>
|
|
and is intended to fulfill a current awareness function. <BR>
|
|
Citations are usually derived from searching a variety of online<BR>
|
|
databases. NLM databases utilized include MEDLINE, AVLINE,<BR>
|
|
BIOETHICSLINE, CANCERLIT, CATLINE, HEALTH, POPLINE and TOXLINE. <BR>
|
|
The only criterion for the inclusion of a particular published<BR>
|
|
work is its relevance to the topic being presented; the format,<BR>
|
|
ownership, or location of the material is not considered.</P>
|
|
|
|
<P>Comments and suggestions on this series may be addressed to:</P>
|
|
|
|
<P> Karen Patrias, Editor<BR>
|
|
Current Bibliographies in Medicine<BR>
|
|
Reference Section<BR>
|
|
National Library of Medicine<BR>
|
|
Bethesda, MD 20894<BR>
|
|
Phone: 301-496-6097<BR>
|
|
Fax: 301-402-1384<BR>
|
|
Internet: patrias@nlm.nih.gov</P>
|
|
|
|
<P>This bibliography, CBM 95-10, is the last publication in this<BR>
|
|
series for calendar year 1995.</P>
|
|
|
|
<P>
|
|
Ordering Information:</P>
|
|
|
|
<P>Current Bibliographies in Medicine is sold by the Superintendent<BR>
|
|
of Documents, U.S. Government Printing Office, P.O. 371954,<BR>
|
|
Pittsburgh, PA 15250-7954. To order the entire CBM series for<BR>
|
|
calendar year 1996 (approximately 10 bibliographies), send $47.00<BR>
|
|
($58.75 foreign) to the Superintendent of Documents citing GPO<BR>
|
|
List ID: CBM96. For your convenience an order blank is given<BR>
|
|
inside the back cover. Orders for individual bibliographies in<BR>
|
|
the series ($5.50, $6.88 foreign) should be sent to the<BR>
|
|
Superintendent of Documents citing the title, CBM number, and the<BR>
|
|
GPO List ID given above.</P>
|
|
|
|
<P>
|
|
Internet Access:</P>
|
|
|
|
<P>The Current Bibliographies in Medicine series is also available<BR>
|
|
at no cost to anyone with Internet access through FTP (File<BR>
|
|
Transfer Protocol). FTP to nlmpubs.nlm.nih.gov and login as<BR>
|
|
anonymous. The index file in the "bibs" directory provides<BR>
|
|
information on the bibliographies available.</P>
|
|
|
|
<P>
|
|
<BR>
|
|
Use of funds for printing this periodical has been approved by<BR>
|
|
the Director of the Office of Management and Budget through<BR>
|
|
September 30, 1996. </P>
|
|
|
|
<P>
|
|
</P>
|
|
|
|
<P>
|
|
</P>
|
|
|
|
<P>
|
|
<BR>
|
|
FOREWORD</P>
|
|
|
|
<P> <BR>
|
|
In 1995, in response to a request from the Vice-President of the<BR>
|
|
United States of America, the Department of Health and Human<BR>
|
|
Services assumed a leadership role in addressing four major<BR>
|
|
issues surrounding the use of the National Information<BR>
|
|
Infrastructure to advance health care and the public health: (1)<BR>
|
|
telemedicine; (2) health data privacy; (3) health data standards;<BR>
|
|
and (4) consumer access to health information. One specific<BR>
|
|
health data privacy objective is the identification and<BR>
|
|
dissemination of information about current best practices for<BR>
|
|
ensuring the confidentiality of electronic health data. This<BR>
|
|
bibliography of information sources that provide concrete<BR>
|
|
guidance on the policies, procedures, and technologies useful in<BR>
|
|
safeguarding electronic health data is a first step toward that<BR>
|
|
objective. Although the bibliography contains many useful<BR>
|
|
references, the literature search conducted to produce it has<BR>
|
|
confirmed that published information about how to protect<BR>
|
|
electronic health data is fragmented and incomplete. Many<BR>
|
|
institutions are currently addressing the need for comprehensive<BR>
|
|
policies and procedures for safeguarding electronic health, but,<BR>
|
|
to date, few institutional documents have been completed and<BR>
|
|
released.</P>
|
|
|
|
<P>Materials cited in this bibliography have been one source of<BR>
|
|
input to a study of "best practices" for protecting the<BR>
|
|
confidentiality of electronic health care data that is currently<BR>
|
|
being undertaken by the Computer Sciences and Telecommunications<BR>
|
|
Board of the National Research Council, under the chairmanship of<BR>
|
|
Paul Clayton, Ph.D., Columbia-Presbyterian Medical Center. <BR>
|
|
Funded by the National Library of Medicine and the Warren G.<BR>
|
|
Magnuson Clinical Center, National Institutes of Health, DHHS,<BR>
|
|
the study is also collecting data through a series of site visits<BR>
|
|
to institutions with electronic health information systems. Its<BR>
|
|
final report, scheduled for release by January 1997, will bring<BR>
|
|
us a step closer to the goal of developing practical and coherent<BR>
|
|
guidelines for protecting the confidentiality of electronic<BR>
|
|
health data.</P>
|
|
|
|
<P>
|
|
Nan D. Hunter<BR>
|
|
Deputy General Counsel<BR>
|
|
U.S. Department of Health and Human Services<BR>
|
|
Chair, Interdepartmental Health Privacy Working Group</P>
|
|
|
|
<P>
|
|
</P>
|
|
|
|
<P>
|
|
</P>
|
|
|
|
<P>
|
|
</P>
|
|
|
|
<P>
|
|
CONFIDENTIALITY OF ELECTRONIC HEALTH DATA</P>
|
|
|
|
<P>
|
|
Electronic health data can improve the quality and efficiency of<BR>
|
|
health care, research, and public health surveillance and<BR>
|
|
interventions. To achieve these benefits without unacceptable<BR>
|
|
risk to patient confidentiality, electronic health data must be<BR>
|
|
created, used, transmitted, aggregated, and abstracted in ways<BR>
|
|
and in environments that maintain data security and accuracy;<BR>
|
|
prevent inadvertent or accidental release; prevent or deter<BR>
|
|
access by unauthorized users; and discourage, detect, and punish<BR>
|
|
inappropriate use of health data by unauthorized users.</P>
|
|
|
|
<P>This selective bibliography is primarily intended for those who<BR>
|
|
are responsible for protecting electronic health data and need<BR>
|
|
information on appropriate strategies for doing so. It includes<BR>
|
|
references to publications, organizations, and electronic sources<BR>
|
|
that address methods for preserving the confidentiality and<BR>
|
|
security of electronic health data. The methods covered include<BR>
|
|
technical approaches, institutional policies and procedures,<BR>
|
|
staff and patient education, and legal and regulatory<BR>
|
|
requirements. In addition to substantive discussions of measures<BR>
|
|
for preserving confidentiality and security of health data, the<BR>
|
|
bibliography also has references to some recent standards and<BR>
|
|
guidelines that apply to electronic data in general. Letters,<BR>
|
|
editorials, news items, and general descriptions of health<BR>
|
|
information systems in which security and privacy prevention are<BR>
|
|
mentioned briefly generally have been excluded.</P>
|
|
|
|
<P>The bibliography has a tight focus on how to protect electronic<BR>
|
|
health data and therefore also excludes references to the large<BR>
|
|
body of literature on related topics such as: the need to protect<BR>
|
|
privacy; the need for federal legislation; the potential privacy<BR>
|
|
and security problems associated with computer-based patient<BR>
|
|
records; the public's perceptions of privacy issues; special<BR>
|
|
ethical and privacy considerations associated with genetic<BR>
|
|
screening, AIDS testing, and occupational health records; the<BR>
|
|
conditions under which medical and psychiatric records must or<BR>
|
|
must not be disclosed to courts; the tension between privacy and<BR>
|
|
the public good in cases involving infectious disease, potential<BR>
|
|
violence, etc.; institutional review boards; and informed<BR>
|
|
consent, except as it relates directly to consent about use of<BR>
|
|
health data.</P>
|
|
|
|
<P>In general, publication dates for references included in this<BR>
|
|
bibliography range from January 1990 through March 1996, and<BR>
|
|
publications are primarily in English. Journal articles, books<BR>
|
|
and book chapters, conference proceedings and papers, meeting<BR>
|
|
abstracts, laws and legal documents, and technical reports, as<BR>
|
|
well as unpublished documents, have been surveyed and selected<BR>
|
|
for inclusion. Arrangement of the bibliography is by subject and<BR>
|
|
citations within each category are listed alphabetically by<BR>
|
|
author; a citation appears under only one category.</P>
|
|
|
|
<P>A number of Internet sites created by various organizations that<BR>
|
|
address confidentiality or computer security may be found by<BR>
|
|
using various world wide web searching tools. A selected list of<BR>
|
|
these are included in the Organizations section of this<BR>
|
|
bibliography. All Internet addresses were functional on the date<BR>
|
|
that this bibliography became available.</P>
|
|
|
|
<P>The compilers wish to thank Marlyn Schepartz, National Library of<BR>
|
|
Medicine, for her technical assistance with production of this<BR>
|
|
bibliography. </P>
|
|
|
|
<P>
|
|
</P>
|
|
|
|
<P>
|
|
</P>
|
|
|
|
<P>
|
|
</P>
|
|
|
|
<P>SEARCH STRATEGY</P>
|
|
|
|
<P>
|
|
A variety of online databases are usually searched in preparing<BR>
|
|
bibliographies in the CBM series. To assist you in updating or<BR>
|
|
otherwise manipulating the material in this search, the strategy<BR>
|
|
used for the NLM's MEDLINE database is given below. Please note<BR>
|
|
that the search strategies presented here differ from individual<BR>
|
|
demand searches in that they are generally broadly formulated and<BR>
|
|
irrelevant citations edited out prior to printing.</P>
|
|
|
|
<P>
|
|
SS 1 = CONFIDENTIALITY OR COMPUTER SECURITY OR PRIVACY (TW)</P>
|
|
|
|
<P>SS 2 = PATIENT IDENTIFICATION SYSTEMS OR <BR>
|
|
PUBLIC HEALTH ADMINISTRATION OR TELEMEDICINE OR <BR>
|
|
DATABASES, FACTUAL OR NURSING AUDIT OR <BR>
|
|
PEER REVIEW, HEALTH CARE OR <BR>
|
|
PROFESSIONAL REVIEW ORGANIZATIONS OR MEDICAID OR <BR>
|
|
SYSTEMS INTEGRATION OR JCAHO (MH)</P>
|
|
|
|
<P>SS 3 = *EPIDEMIOLOGIC METHODS (PX)</P>
|
|
|
|
<P>SS 4 = EXPLODE *MANAGEMENT INFORMATION SYSTEMS OR <BR>
|
|
EXPLODE *MEDICAL AUDIT OR EXPLODE *UTILIZATION REVIEW OR <BR>
|
|
EXPLODE MEDICARE OR EXPLODE CLINICAL TRIALS OR <BR>
|
|
EXPLODE *MEDICAL INFORMATICS </P>
|
|
|
|
<P>SS 5 = EXPLODE OFFICE MANAGEMENT OR EXPLODE *INSURANCE</P>
|
|
|
|
<P>SS 6 = 1 AND 2</P>
|
|
|
|
<P>SS 7 = 1 AND 3</P>
|
|
|
|
<P>SS 8 = 1 AND 4</P>
|
|
|
|
<P>SS 9 = 1 AND 5</P>
|
|
|
|
<P>SS 10 = 6 OR 7 OR 8 OR 9</P>
|
|
|
|
<P>
|
|
</P>
|
|
|
|
<P>GRATEFUL MED and INTERNET GRATEFUL MED</P>
|
|
|
|
<P>To make online searching easier and more efficient, the Library<BR>
|
|
offers GRATEFUL MED, microcomputer-based software that provides a<BR>
|
|
user-friendly interface to most NLM databases. This software was<BR>
|
|
specifically developed for health professionals and features<BR>
|
|
multiple choice menus and "fill in the blank" screens for easy<BR>
|
|
search preparation. GRATEFUL MED runs on an IBM PC (or<BR>
|
|
IBM-compatible) with DOS 2.0 or a Macintosh, and requires a Hayes<BR>
|
|
(or Hayes-compatible) modem. It may be purchased from the<BR>
|
|
National Technical Information Service in Springfield, Virginia,<BR>
|
|
for $29.95 (plus $3.00 per order for shipping). For your<BR>
|
|
convenience, an order blank has been enclosed at the back of this<BR>
|
|
bibliography.</P>
|
|
|
|
<P>INTERNET GRATEFUL MED is available from the World Wide Web. The<BR>
|
|
user with Internet access and an NLM user account need only point<BR>
|
|
a compatible Web browser (Netscape Navigator is strongly<BR>
|
|
recommended) to http://igm.nlm.nih.gov. No other software at<BR>
|
|
the user end is required. At present, MEDLINE is the only NLM<BR>
|
|
database available through INTERNET GRATEFUL MED, but the Library<BR>
|
|
expects to add access to other files rapidly.</P>
|
|
|
|
<P>
|
|
</P>
|
|
|
|
<P>
|
|
</P>
|
|
|
|
<P>
|
|
</P>
|
|
|
|
<P>SAMPLE CITATIONS</P>
|
|
|
|
<P>
|
|
Citations in this bibliographic series are formatted according to<BR>
|
|
the rules established for Index Medicus*. Sample journal and<BR>
|
|
monograph citations appear below. For journal articles written<BR>
|
|
in a foreign language, the English translation of the title is<BR>
|
|
placed in brackets; for monographs, the title is given in the<BR>
|
|
original language. In both cases the language of publication is<BR>
|
|
shown by a three letter abbreviation appearing at the end of the<BR>
|
|
citation.</P>
|
|
|
|
<P>
|
|
<BR>
|
|
Journal Article:</P>
|
|
|
|
<P> Authors Article Title</P>
|
|
|
|
<P>Barrows RC Jr, Clayton PD. Privacy, confidentiality, and<BR>
|
|
electronic medical records.<BR>
|
|
J Am Med Inform Assoc 1996 Mar-Apr;3(2):139-48. </P>
|
|
|
|
<P> Abbreviated Journal Date Volume Issue Pages<BR>
|
|
Title</P>
|
|
|
|
<P>
|
|
<BR>
|
|
Monograph:</P>
|
|
|
|
<P> Authors/Editors Title</P>
|
|
|
|
<P>Barber B, Treacher A, Louwerse CP, editors. Towards security on<BR>
|
|
medical telematics: legal and technical aspects. <BR>
|
|
Washington: IOS Press; 1996. 252 p.</P>
|
|
|
|
<P> Place of Publisher Date Total No.<BR>
|
|
Publication of Pages</P>
|
|
|
|
<P>
|
|
</P>
|
|
|
|
<P>_________________________________</P>
|
|
|
|
<P>*For details of the formats used for references, see the<BR>
|
|
following publication:</P>
|
|
|
|
<P>Patrias, Karen. National Library of Medicine recommended formats<BR>
|
|
for bibliographic citation. Bethesda (MD): The Library; 1991<BR>
|
|
Apr. Available from: NTIS, Springfield, VA; PB91-182030.</P>
|
|
|
|
<P>
|
|
</P>
|
|
|
|
<P>
|
|
</P>
|
|
|
|
<P>
|
|
<BR>
|
|
TABLE OF CONTENTS</P>
|
|
|
|
<P>
|
|
<BR>
|
|
</P>
|
|
|
|
<P>OVERVIEW<BR>
|
|
General <BR>
|
|
Health <BR>
|
|
POLICIES &amp; POSITION STATEMENTS<BR>
|
|
General <BR>
|
|
Health <BR>
|
|
Institutional <BR>
|
|
RISK ANALYSIS &amp; CONTINGENCY PLANNING <BR>
|
|
EDUCATION &amp; TRAINING <BR>
|
|
ACCESS CONTROL/AUTHENTICATION <BR>
|
|
PERSONAL IDENTIFIERS <BR>
|
|
AUDIT TRAILS <BR>
|
|
ELECTRONIC SIGNATURES <BR>
|
|
ENCRYPTION <BR>
|
|
SOFTWARE &amp; APPLICATION DESIGN/PROTECTION <BR>
|
|
NETWORK SECURITY <BR>
|
|
IMAGES &amp; TELEMEDICINE <BR>
|
|
SECONDARY USAGE OF HEALTH DATA<BR>
|
|
Research &amp; Quality Review <BR>
|
|
Statistics <BR>
|
|
SMART CARDS <BR>
|
|
LAWS, REGULATIONS, LEGAL ASPECTS<BR>
|
|
Federal<BR>
|
|
Laws, Bills, &amp; Regulations <BR>
|
|
Legal Aspects - Commentary <BR>
|
|
State<BR>
|
|
Laws, Bills, &amp; Regulations <BR>
|
|
Legal Aspects - Commentary <BR>
|
|
Other Countries<BR>
|
|
Laws, Bills, &amp; Regulations <BR>
|
|
Legal Aspects - Commentary <BR>
|
|
OTHER BIBLIOGRAPHIES <BR>
|
|
ORGANIZATIONS<BR>
|
|
General <BR>
|
|
Health </P>
|
|
|
|
<P>
|
|
</P>
|
|
|
|
<P>
|
|
OVERVIEW</P>
|
|
|
|
<P> General</P>
|
|
|
|
<P>
|
|
Bacard A. The computer privacy handbook. Berkeley (CA): Peachpit<BR>
|
|
Press; 1995.</P>
|
|
|
|
<P>Bowen J, Stavridou V. [Safety-critical systems. Formal methods<BR>
|
|
are standards]. Genie Log Syst Expert 1993 Mar;30:37-64. (Fre). </P>
|
|
|
|
<P>Castano S. Database security. Reading (MA): Addison-Wesley; 1994.</P>
|
|
|
|
<P>Clark DD, Wilson DR. A comparison of commercial and military<BR>
|
|
computer security policies. In: Proceedings of the 1987 IEEE<BR>
|
|
Symposium on Security and Privacy; 1987 Apr 27-29; Oakland, CA.<BR>
|
|
Washington: IEEE Computer Society Press; 1987. p. 184-94.<BR>
|
|
<BR>
|
|
Gilbert DM. Sample statements of work for federal computer<BR>
|
|
security services: for use in-house or contracting out. Lynch N,<BR>
|
|
editor. Gaithersburg (MD): National Institute of Standards and<BR>
|
|
Technology (US), Computer Systems Laboratory; 1991 Dec. Report<BR>
|
|
No.: NIST Internal Report (NISTIR) 4749. Available from: NTIS,<BR>
|
|
Springfield, VA; PB92-148261.<BR>
|
|
<BR>
|
|
Guttman B, Roback EA. An introduction to computer security: the<BR>
|
|
NIST handbook. Gaithersburg (MD): National Institute of Standards<BR>
|
|
and Technology (US); 1995 Oct. Report No.: NIST Special<BR>
|
|
Publication 800-12. 272 p. Available from: US GPO, Washington;<BR>
|
|
SN003-003-03374-0.<BR>
|
|
<BR>
|
|
National Institute of Standards and Technology (US); National<BR>
|
|
Computer Security Center (US). 17th National Computer Security<BR>
|
|
Conference; 1994 Oct 11-14; Baltimore, MD. [Ft. Meade (MD):<BR>
|
|
National Computer Security Center]; 1995. 2 vols. Available<BR>
|
|
from: National Security Agency, Publications Office, Ft. Meade,<BR>
|
|
MD (410/766-8729).<BR>
|
|
<BR>
|
|
National Institute of Standards and Technology (US), National<BR>
|
|
Computer Security Center (US). 18th National Information Systems<BR>
|
|
Security Conference); 1995 Oct 10-13; Baltimore. [Ft. Meade (MD):<BR>
|
|
National Computer Security Center]; 1996. 2 vols. Available<BR>
|
|
from: National Security Agency, Publications Office, Ft. Meade,<BR>
|
|
MD (410/766-8729). Formerly the National Computer Security<BR>
|
|
Conference.<BR>
|
|
<BR>
|
|
Nazario NA, editor. General procedures for registering computer<BR>
|
|
security objects. Gaithersburg (MD): National Institute of<BR>
|
|
Standards and Technology (US), Computer Systems Laboratory; 1993<BR>
|
|
Dec. Report No.: NIST Internal Report (NISTIR) 5308. Available<BR>
|
|
from: NTIS, Springfield, VA; PB94-134897. <BR>
|
|
<BR>
|
|
Saltman RG, editor. Good security practices for electronic<BR>
|
|
commerce, including electronic data interchange. Gaithersburg<BR>
|
|
(MD): National Institute of Standards and Technology (US),<BR>
|
|
Computer Systems Laboratory; 1993 Dec. Report No.: NIST Special<BR>
|
|
Publication 800-9. Available from: NTIS, Springfield, VA;<BR>
|
|
PB94-139045. </P>
|
|
|
|
<P>Saltman RG, editor. Workshop on Security Procedures for the<BR>
|
|
Interchange of Electronic Documents: selected papers and results.<BR>
|
|
Gaithersburg (MD): National Institute of Standards and Technology<BR>
|
|
(US), Computer Security Laboratory; 1993 Aug. Report No.: NIST<BR>
|
|
Internal Report (NISTIR) 5247. 128 p. Available from: NTIS,<BR>
|
|
Springfield, VA; PB94101854. <BR>
|
|
<BR>
|
|
SECURICOM 95. Proceedings of the 13th Worldwide Congress on<BR>
|
|
Computer and Communications Security and Protection; 1995 Jun<BR>
|
|
8-9; Paris, France. Paris: Manifestations &amp; Commun. Int.; 1995.<BR>
|
|
288 p. <BR>
|
|
<BR>
|
|
United States, Congress, Office of Technology Assessment. <BR>
|
|
Information security and privacy in network environments.<BR>
|
|
Washington: U.S. Government Printing Office; 1994 Sep. Report<BR>
|
|
No.: OTA-TCT-606. 244 p. <BR>
|
|
<BR>
|
|
United States, Congress, Office of Technology Assessment. Issue<BR>
|
|
update on information security and privacy in network<BR>
|
|
environments. Washington: U.S. Government Printing Office; 1995<BR>
|
|
Jun. Report No.: OTA-BP-ITC-147. 142 p. <BR>
|
|
</P>
|
|
|
|
<P> Health</P>
|
|
|
|
<P>
|
|
Bakker AR. Security in medical information systems. In: van<BR>
|
|
Bemmel JH, McCray AT, editors. Yearbook of medical informatics:<BR>
|
|
Stuttgart: Schattauer; 1993. p. 52-60. <BR>
|
|
<BR>
|
|
Barber B, Bakker A, Bengtsson S. Conclusions and<BR>
|
|
recommendations. Int J Biomed Comput 1994;35 Suppl:221-9. </P>
|
|
|
|
<P>Barber B, O'Moore R. The six safety first principles of health<BR>
|
|
information systems - Progress Report. In: Commission of the<BR>
|
|
European Communities DG XIII/F AIM. Data protection and<BR>
|
|
confidentiality in health informatics: handling health data in<BR>
|
|
Europe in the future. Washington: IOS Press; 1991. p. 308-14. <BR>
|
|
(Studies in health technology and informatics; vol. 1). <BR>
|
|
<BR>
|
|
Barrows RC Jr, Clayton PD. Privacy, confidentiality, and<BR>
|
|
electronic medical records. J Am Med Inform Assoc 1996<BR>
|
|
Mar-Apr;3(2):139-48. <BR>
|
|
<BR>
|
|
Benson T, Neame R. Healthcare computing: a guide to health<BR>
|
|
information management and systems. Harlow (Essex, UK): Longman<BR>
|
|
Group Ltd.; 1994. Chapter 11, Security and privacy; p. 143-63. </P>
|
|
|
|
<P>Biskup J, Bleumer G. Reflections on security of database and data<BR>
|
|
transfer systems in health care. In: Information processing '94.<BR>
|
|
Applications and impacts. Proceedings of the 13th IFIP World<BR>
|
|
Computer Congress; 1994 Aug 28-Sep 2; Hamburg, Germany.<BR>
|
|
Amsterdam: Elsevier Science Pub.; 1994. p. 549-56. (IFIP<BR>
|
|
transactions A (computer science and technology); vol.A-52). </P>
|
|
|
|
<P>Blum BI. Computer security in a clinical environment. In:<BR>
|
|
Jajodia S, Landwehr CE, editors. Database Security, 4: Status and<BR>
|
|
Prospects. Results of the IFIP WG 11.3 workshop; 1990 Sep 18-21;<BR>
|
|
Halifax, UK. Amsterdam: North-Holland; 1991. p. 1-12. <BR>
|
|
<BR>
|
|
Bruce JAC. Privacy and confidentiality of health care<BR>
|
|
information. 3rd ed. Chicago: American Hospital Pub.; Forthcoming<BR>
|
|
1996. <BR>
|
|
<BR>
|
|
Bunz H, Bertsch A, Jurecic M, Baum-Waidner B. Secure multimedia<BR>
|
|
applications and teleservices: security requirements and<BR>
|
|
prototype for health care. In: Steinmetz R, editor. Multimedia:<BR>
|
|
advanced teleservices and high-speed communication architectures. <BR>
|
|
Proceedings of the 2nd International Workshop, IWACA '94; 1994<BR>
|
|
Sep 26-28; Heidelberg, Germany. Berlin: Springer-Verlag; 1994. p.<BR>
|
|
224-36. <BR>
|
|
<BR>
|
|
Caring for Health Information - Safety, Security and Secrecy.<BR>
|
|
Results of a working conference of the International Medical<BR>
|
|
Informatics Association. Heemskerk, The Netherlands, 1993 Nov<BR>
|
|
13-16. Int J Biomed Comput 1994 Feb;35 Suppl:1-235. <BR>
|
|
<BR>
|
|
Commission of the European Communities DG XIII/F AIM. Data<BR>
|
|
protection and confidentiality in health informatics: handling<BR>
|
|
health data in Europe in the future. Washington: IOS Press; 1991. <BR>
|
|
Executive summary; p. 1-61. (Studies in health technology and<BR>
|
|
informatics; vol. 1). </P>
|
|
|
|
<P>Confidentiality and security measures for health care. Toward<BR>
|
|
Electron Patient Rec 1994 Jun-Jul;3(1):1-13. <BR>
|
|
<BR>
|
|
de Roulet D, Scherrer JR, editors. Data protection within a<BR>
|
|
hospital information system. In: SECURICOM 90. 8th Worldwide<BR>
|
|
Congress on Computer and Communications Security and Protection;<BR>
|
|
1990 Mar 14-16; Paris, France. Paris: SEDEP; 1990. p. 27-45. <BR>
|
|
<BR>
|
|
Dolezol W. System protection techniques within the hospital<BR>
|
|
information system at the hospitals of the University of<BR>
|
|
Wurzburg. MUG Q 1991 Sep;21(4):27-32. <BR>
|
|
<BR>
|
|
Furnell SM, Gaunt PN, Pangalos G, Sanders PW, Warren MJ. A<BR>
|
|
generic methodology for health care data security. Med Inf<BR>
|
|
(Lond) 1994 Jul-Sep;19(3):229-45. <BR>
|
|
<BR>
|
|
Gabrieli ER. Guidelines for minimal data security measures for<BR>
|
|
the protection of computer-based patient records. J Clin Comput<BR>
|
|
1993;22(1):1-48. </P>
|
|
|
|
<P>Hamilton DL. Identification and evaluation of the security<BR>
|
|
requirements in medical applications. Bristol (UK):<BR>
|
|
Hewlett-Packard Laboratory; 1992 Jun. Report No.: HPL-92-75. 11<BR>
|
|
p.<BR>
|
|
<BR>
|
|
Health Records: Social Needs and Personal Privacy. Conference<BR>
|
|
Proceedings; 1993 Feb 11-12; Washington, DC. Washington: U.S.<BR>
|
|
Government Printing Office; 1993 Feb. Also available from: NTIS,<BR>
|
|
Springfield, VA; PB94168192. </P>
|
|
|
|
<P>Hoffman LJ. Data security and privacy in health information<BR>
|
|
systems. Top Emerg Med 1995 Dec;17(4):24-6. <BR>
|
|
<BR>
|
|
Iversen KR. Security requirements for electronic patients<BR>
|
|
records: the Norwegian view. Int J Biomed Comput 1994 Feb;35<BR>
|
|
Suppl:51-6. <BR>
|
|
<BR>
|
|
Jurecic M, Bunz H. Exchange of patient records-prototype<BR>
|
|
implementation of a Security Attributes Service in X.500. In:<BR>
|
|
Proceedings of 2nd ACM Conference on Computer and Communications<BR>
|
|
Security; 1994 Nov 2-4; Fairfax, VA. New York: ACM; 1994. p.<BR>
|
|
30-8. <BR>
|
|
<BR>
|
|
Kaplan JG. Protecting sensitive medical information. In:<BR>
|
|
Database Security, 6: Status and Prospects. IFIP WG 11.3<BR>
|
|
workshop; 1992 Aug 19-21; Vancouver, BC, Canada. [Amsterdam?:<BR>
|
|
North Holland?]; 1993. p. 1-14. (IFIP transactions A (computer<BR>
|
|
science and technology); vol. A-21).<BR>
|
|
<BR>
|
|
Lincoln TL, Essin D. The computer-based patient record: issues of<BR>
|
|
organization, security and confidentiality. In: Database<BR>
|
|
Security, 5: Status and Prospects. Results of the IFIP WG 11.3<BR>
|
|
workshop; 1991 Nov 4-7; Shepherdstown, WV. [Amsterdam?: North<BR>
|
|
Holland?]; 1992. p. 1-19. (IFIP transactions A (computer science<BR>
|
|
and technology); vol.A-6). <BR>
|
|
<BR>
|
|
Louis Harris and Associates. Equifax-Harris consumer privacy<BR>
|
|
survey 1994. New York: The Associates; 1994. Available from:<BR>
|
|
Equifax, Inc., Atlanta, GA. <BR>
|
|
<BR>
|
|
Louis Harris and Associates. Equifax-Harris mid-decade consumer<BR>
|
|
privacy survey 1995. New York: The Associates; 1995. Available<BR>
|
|
from: Equifax, Inc., Atlanta, GA. <BR>
|
|
<BR>
|
|
Louis Harris and Associates. Health care information privacy: a<BR>
|
|
survey of the public and leaders. New York: The Associates; 1993. <BR>
|
|
Available from: Equifax, Inc., Atlanta, GA. <BR>
|
|
<BR>
|
|
Louwerse CP. The organisation and management of information<BR>
|
|
security issues in health care. Int J Biomed Comput 1994 Feb;35<BR>
|
|
Suppl:195-200. <BR>
|
|
<BR>
|
|
Meranda D. Administrative and security challenges with<BR>
|
|
electronic patient record systems. J AHIMA 1995 Mar;66(3):58-60. <BR>
|
|
<BR>
|
|
Moehr JR. Privacy and security requirements of distributed<BR>
|
|
computer based patient records. Int J Biomed Comput 1994 Feb;35<BR>
|
|
Suppl:57-64. <BR>
|
|
<BR>
|
|
O'Connor K. Confidentiality, privacy and security concerns in<BR>
|
|
the modern healthcare environment. Aust Comput J 1994<BR>
|
|
Aug;26(3):70-7. <BR>
|
|
<BR>
|
|
Pfitzmann A, Pfitzmann B. Technical aspects of data protection in<BR>
|
|
health care informatics. In: Noothoven van Goor J, Christensen<BR>
|
|
JP, editors. Advances in medical informatics: results of the AIM<BR>
|
|
Exploratory Action. Washington: IOS Press; 1992. p. 368-86.<BR>
|
|
(Studies in health technology and informatics; vol. 2). <BR>
|
|
<BR>
|
|
Schmaus D. Computer security and data confidentiality. AORN J<BR>
|
|
1991 Oct;54(4):885-90. <BR>
|
|
<BR>
|
|
Shea S, Sengupta S, Crosswell A, Clayton PD. Network information<BR>
|
|
security in a phase III Integrated Academic Information<BR>
|
|
Management System (IAIMS). Proc Annu Symp Comput Appl Med Care<BR>
|
|
1992;16:283-6. <BR>
|
|
<BR>
|
|
Task Force on the Privacy of Private-Sector Health Records. Final<BR>
|
|
report. Rockville (MD): Kunitz and Associates, Inc.; 1995 Sep. <BR>
|
|
Contract No.: HHS-100-91-0036. 128 p. plus appendices. <BR>
|
|
Sponsored by the U.S. Department of Health and Human Services. <BR>
|
|
<BR>
|
|
United States, Congress, Office of Technology Assessment. <BR>
|
|
Bringing health care online: the role of information<BR>
|
|
technologies. Washington: U.S. Government Printing Office; 1995<BR>
|
|
Sep. Report No: OTA-ITC-624. Chapter 3, Networks for health<BR>
|
|
information; p. 79-122. </P>
|
|
|
|
<P>United States, Congress, Office of Technology Assessment. <BR>
|
|
Protecting privacy in computerized medical information.<BR>
|
|
Washington: U.S. Government Printing Office; 1993 Sep. Report<BR>
|
|
No.: OTA-TCT-576. 157 p. <BR>
|
|
<BR>
|
|
Woodward B. The computer-based patient record and<BR>
|
|
confidentiality. N Engl J Med 1995 Nov 23;333(21):1419-22. <BR>
|
|
<BR>
|
|
Wright B. Security concerns of computer-based health care<BR>
|
|
information. Comput Secur J 1994 Spring;10(1):83-9. </P>
|
|
|
|
<P>
|
|
POLICIES &amp; POSITION STATEMENTS</P>
|
|
|
|
<P> General</P>
|
|
|
|
<P>
|
|
Bennett CJ. Regulating privacy: data protection and public policy<BR>
|
|
in Europe and the United States. Ithaca (NY): Cornell University<BR>
|
|
Press; 1992. <BR>
|
|
<BR>
|
|
Information and Privacy Commissioner/Ontario. Access and the<BR>
|
|
Canadian information highway: submission to the Information<BR>
|
|
Highway Advisory Council Secretariat in response to the<BR>
|
|
Discussion Paper entitled Access, Affordability and Universal<BR>
|
|
Service on the Canadian Information Highway. [Ottawa (Ontario,<BR>
|
|
Canada): The Commissioner]; 1995 Mar. 8 p. <BR>
|
|
<BR>
|
|
Information and Privacy Commissioner/Ontario. The information<BR>
|
|
highway: access and privacy principles. [Ottawa (Ontario,<BR>
|
|
Canada): The Commissioner]; 1994 Dec. 12 p. <BR>
|
|
<BR>
|
|
Information and Privacy Commissioner/Ontario. Privacy and the<BR>
|
|
Canadian information highway: submission to the Information<BR>
|
|
Highway Advisory Council Secretariat. [Ottawa (Ontario, Canada):<BR>
|
|
The Commissioner]; 1994 Dec. 12 p. <BR>
|
|
<BR>
|
|
Information Infrastructure Task Force (IITF), Information Policy<BR>
|
|
Committee, Privacy Working Group. Privacy and the National<BR>
|
|
Information Infrastructure: principles for providing and using<BR>
|
|
personal information. Final version. [Washington]: The Group;<BR>
|
|
1995 Oct. [13 p.] Available from: Office of Management and<BR>
|
|
Budget, Washington, DC. <BR>
|
|
<BR>
|
|
Information Infrastructure Task Force (IITF), National<BR>
|
|
Information Infrastructure Security Issues Forum. NII security:<BR>
|
|
the federal role. [Washington]: The Forum; 1995 Jun 5. [35 p.] <BR>
|
|
Available from: Office of Management and Budget, Washington, DC. <BR>
|
|
Draft report issued for public comment, June 14, 1995. <BR>
|
|
<BR>
|
|
Irving L, Farquhar MC, Brown KC, et al. Privacy and the NII. <BR>
|
|
Safeguarding telecommunications - related personal information.<BR>
|
|
[Washington]: Department of Commerce (US), National<BR>
|
|
Telecommunications and Information Administration; 1995 Oct. 28<BR>
|
|
p., Appendix A1-9.</P>
|
|
|
|
<P> <BR>
|
|
Health</P>
|
|
|
|
<P>
|
|
American College of Healthcare Executives. Ethical policy<BR>
|
|
statement. Medical records confidentiality. Healthc Exec 1994<BR>
|
|
May-Jun;9(3):43. </P>
|
|
|
|
<P>American Medical Association, Council on Ethical and Judicial<BR>
|
|
Affairs. Current opinions of the Council on Ethical and Judicial<BR>
|
|
Affairs. Chicago: The Association; 1992. Section 7.00, Opinions<BR>
|
|
on physician records; p. 32-3. <BR>
|
|
<BR>
|
|
American Medical Association, Council on Ethical and Judicial<BR>
|
|
Affairs. Current opinions of the Council on Ethical and Judicial<BR>
|
|
Affairs. Chicago: The Association; 1992. Sections 5.05-5.09,<BR>
|
|
Confidentiality; p. 25-8.<BR>
|
|
<BR>
|
|
Anderson RJ. Security in clinical information systems [monograph<BR>
|
|
online]. Cambridge (UK): University of Cambridge Computer<BR>
|
|
Laboratory; 1996 Jan 12. Available from: World Wide Web,<BR>
|
|
http://www.cl.cam.ac.uk/users/rja14/policy11/policy11.html. <BR>
|
|
Prepared for the British Medical Association. <BR>
|
|
<BR>
|
|
Barber B, Jensen OA, Lamberts H, Roger-France F, De Schouwer P,<BR>
|
|
Zöllner H. The six safety first principles of health information<BR>
|
|
systems: A programme of implementation: part 1 safety and<BR>
|
|
security. In: Commission of the European Communities DG XIII/F<BR>
|
|
AIM. Data protection and confidentiality in health informatics:<BR>
|
|
handling health data in Europe in the future. Washington: IOS<BR>
|
|
Press; 1991. p. 296-301. (Studies in health technology and<BR>
|
|
informatics; vol. 1). <BR>
|
|
<BR>
|
|
Barber B, Treacher A, Louwerse CP, editors. Towards security in<BR>
|
|
medical telematics: legal and technical aspects. Washington: IOS<BR>
|
|
Press; 1996. 252 p. (Studies in technology and informatics; vol.<BR>
|
|
27). <BR>
|
|
<BR>
|
|
Bengtsson S, Solheim BG. Enforcement of data protection, privacy<BR>
|
|
and security in medical informatics. In: Lun KC, Degoulet P,<BR>
|
|
Piemme TE, Rienhoff O, editors. MEDINFO 92. Proceedings of the<BR>
|
|
7th World Congress on Medical Informatics; 1992 Sep 6-10; Geneva,<BR>
|
|
Switzerland. Vol. 2. Amsterdam: North-Holland; 1992. p. 1561-5.<BR>
|
|
<BR>
|
|
Blair JS. Overview of standards related to the emerging health<BR>
|
|
care information infrastructure. Schaumburg (IL): The<BR>
|
|
Computer-based Patient Record Institute; 1995 Jan. Reprinted by<BR>
|
|
the Computer-based Patient Record Institute with permission of<BR>
|
|
CRC Press. </P>
|
|
|
|
<P>Brandt MD. Issue: disclosure of health information. A position<BR>
|
|
statement. Chicago: American Health Information Management<BR>
|
|
Association; 1993 Dec. 2 p. <BR>
|
|
<BR>
|
|
Brandt MD. Issue: disclosure of health information relating to<BR>
|
|
alcohol and drug abuse. A position statement. Chicago: American<BR>
|
|
Health Information Management Association; 1993 Dec. 1 p. </P>
|
|
|
|
<P>Brandt MD. Issue: facsimile transmission of health information. <BR>
|
|
A position statement. Chicago: American Health Information<BR>
|
|
Management Association; 1994 May. 3 p. <BR>
|
|
<BR>
|
|
Brandt MD. Issue: managing health information relating to<BR>
|
|
infection with the human immunodeficiency virus (HIV). A<BR>
|
|
position statement. Chicago: American Health Information<BR>
|
|
Management Association; 1994 Feb. 2 p. <BR>
|
|
<BR>
|
|
Brandt MD. Issue: patient cards. A position statement. Chicago:<BR>
|
|
American Health Information Management Association; 1993 Nov. 2<BR>
|
|
p. <BR>
|
|
<BR>
|
|
Brandt MD. Issue: protecting patient information after a closure. <BR>
|
|
A position statement. Chicago: American Health Information<BR>
|
|
Management Association; 1994 Apr. 4 p. <BR>
|
|
<BR>
|
|
Brandt MD. Issue: physician signatures on attestations. A<BR>
|
|
position statement. Chicago: American Health Information<BR>
|
|
Management Association; 1993 Nov. 1 p. <BR>
|
|
<BR>
|
|
Brandt MD. Issue: redisclosure of health information. A position<BR>
|
|
statement. Chicago: American Health Information Management<BR>
|
|
Association; 1993 Dec. 1 p. <BR>
|
|
<BR>
|
|
Brandt MD. Issue: retention of health information. A position<BR>
|
|
statement. Chicago: American Health Information Management<BR>
|
|
Association; 1994 Mar. 2 p. <BR>
|
|
<BR>
|
|
Brandt MD. Maintenance, disclosure, and redisclosure of health<BR>
|
|
information. Chicago: American Health Information Mangement<BR>
|
|
Association; 1993. 23 p. <BR>
|
|
<BR>
|
|
Canadian Medical Association. The medical record:<BR>
|
|
confidentiality, access and disclosure. [CMA policy summary]. <BR>
|
|
Can Med Assoc J 1992 Dec 15;147(12):1860A-1860B. (Eng, Fre). </P>
|
|
|
|
<P>Christensen JP, Villasante J. Data protection and confidentiality<BR>
|
|
in health care informatics. In: Noothoven van Goor J, Christensen<BR>
|
|
JP, editors. Advances in medical informatics: results of the AIM<BR>
|
|
Exploratory Action. Washington: IOS Press; 1992. p. 387-92.<BR>
|
|
(Studies in health technology and informatics; vol. 2). <BR>
|
|
<BR>
|
|
Computer-based Patient Record Institute (CPRI). Guidelines for<BR>
|
|
establishing information security policies at organizations using<BR>
|
|
computer-based patient record systems. Schaumburg (IL): The<BR>
|
|
Institute; 1995. Prepared by the CPRI Work Group on<BR>
|
|
Confidentiality, Privacy, and Security, 1995 Feb. <BR>
|
|
<BR>
|
|
Computer-based Patient Record Institute (CPRI). Position paper:<BR>
|
|
access to patient data. Schaumburg (IL): The Institute; 1994 Apr<BR>
|
|
15. <BR>
|
|
<BR>
|
|
Computer-based Patient Record Institute (CPRI). Position paper:<BR>
|
|
authentication in a computer-based patient record. Schaumburg<BR>
|
|
(IL): The Institute; 1993 Aug 11. <BR>
|
|
<BR>
|
|
Conference of Medical Royal Colleges and Their Faculties in the<BR>
|
|
United Kingdom. Interim guidelines on confidentiality and<BR>
|
|
medical audit. BMJ 1991 Dec 14;303(6816):1525. </P>
|
|
|
|
<P>Conference of Medical Royal Colleges and Their Faculties in the<BR>
|
|
United Kingdom, Audit Working Group. Access to medical records<BR>
|
|
for the purposes of medical audit. [Statement]. BMJ 1993 Apr<BR>
|
|
3;306(6882):896-7. </P>
|
|
|
|
<P>Council on Competitiveness. Highway to health: transforming U.S.<BR>
|
|
health care in the information age. Washington: The Council; 1996<BR>
|
|
Mar. Chapter 4, Integration of health information systems; p.<BR>
|
|
40-60. <BR>
|
|
<BR>
|
|
Data confidentiality--could this policy work for you? QRC Advis<BR>
|
|
1993 May;9(7):7-8. <BR>
|
|
<BR>
|
|
De Schouwer P, Barber B, Jensen OA, Lamberts H, Roger-France F,<BR>
|
|
Zöllner H. The six safety first principles of health information<BR>
|
|
systems: A programme of implementation: Part 2 the environment,<BR>
|
|
convenience and legal issues. In: Commission of the European<BR>
|
|
Communities DG XIII/F AIM. Data protection and confidentiality<BR>
|
|
in health informatics: handling health data in Europe in the<BR>
|
|
future. Washington: IOS Press; 1991. p. 302-07. (Studies in<BR>
|
|
health technology and informatics; vol. 1). <BR>
|
|
<BR>
|
|
Feasibility of ensuring confidentiality and security of<BR>
|
|
computer-based patient records. Council on Scientific Affairs,<BR>
|
|
American Medical Association. Arch Fam Med 1993 May;2(5):<BR>
|
|
556-60. <BR>
|
|
<BR>
|
|
Feste L. Issue: confidentiality of the computer-based patient<BR>
|
|
record. A position statement. Chicago: American Health<BR>
|
|
Information Management Association; 1992 Jul. 2 p. <BR>
|
|
<BR>
|
|
Feste LK. Issue: patient access to personal health information. <BR>
|
|
A position statement. Chicago: American Health Information<BR>
|
|
Management Association; 1992 Mar. 2 p. <BR>
|
|
<BR>
|
|
Guideline No. 4. Security of data held in computer systems.<BR>
|
|
Institute of Health Record Information and Management. IHRIM<BR>
|
|
1995 Feb;36(1 Suppl):1-2. <BR>
|
|
<BR>
|
|
Health care information: collection and privacy [microfiche] :<BR>
|
|
Hearing Before the Senate Comm. on Governmental Affairs, 103rd<BR>
|
|
Cong., 2d Sess. (May 6, 1994). Washington: U.S. Government<BR>
|
|
Printing Office; 1995. 125 p. Available from: US GPO,<BR>
|
|
Washington; Y 4.G 74/9:S.HRG. 103-100. <BR>
|
|
<BR>
|
|
Joint Commission on Accreditation of Healthcare Organizations.<BR>
|
|
1996 accreditation manual for hospitals. Vol.1, Standards. <BR>
|
|
Chicago: The Commission; 1996. Section 2, Management of<BR>
|
|
information; p. 171-90. <BR>
|
|
<BR>
|
|
Mayo Clinic Foundation, Information Security Subcommittee. Data<BR>
|
|
security policies and standards. Unpublished internal document<BR>
|
|
dated September 1994. <BR>
|
|
<BR>
|
|
Metzger JB, Stevens JM, Schwartz JE, Nelson R. Implications of<BR>
|
|
the JCAHO information management initiative for information<BR>
|
|
systems. Healthc Inf Manage 1994 Spring;8(2):23-30. <BR>
|
|
<BR>
|
|
National Healthcare Billing Audit Guidelines, adopted March 13,<BR>
|
|
1992. AHIMA, AHA, Association of Healthcare Internal Auditors,<BR>
|
|
Blue Cross and Blue Shield Association, HFMA, and HIAA. J AHIMA<BR>
|
|
1992 Jun;63(6):105-9. <BR>
|
|
<BR>
|
|
Pitman SC. Standards in the medical transcription service<BR>
|
|
industry. J Am Health Inf Manag Assoc 1992;63(7):75-7. <BR>
|
|
<BR>
|
|
Position statement: Confidentiality of the computer-based patient<BR>
|
|
record. American Health Information Management Association. J<BR>
|
|
AHIMA 1992 Sep;63(9):125-6. </P>
|
|
|
|
<P>Sommerville A. Confidentiality and medical records. In: British<BR>
|
|
Medical Association, Ethics Science and Information Division.<BR>
|
|
Medical ethics today: its practice and philosophy. London: BMJ<BR>
|
|
Publishing Group; 1993. p. 36-68, 339-40. <BR>
|
|
<BR>
|
|
Tiemann S. The individual, society and the protection of personal<BR>
|
|
data. In: Commission of the European Communities DG XIII/F AIM. <BR>
|
|
Data protection and confidentiality in health informatics:<BR>
|
|
handling health data in Europe in the future. Washington: IOS<BR>
|
|
Press; 1991. p. 62-4. (Studies in health technology and<BR>
|
|
informatics; vol. 1). <BR>
|
|
<BR>
|
|
United States, Congress, Office of Technology Assessment. <BR>
|
|
Genetic monitoring and screening in the workplace. Washington:<BR>
|
|
U.S. Government Printing Office; 1990 Oct. Report No.:<BR>
|
|
OTA-BA-455. 262 p. <BR>
|
|
<BR>
|
|
Users and uses of patient records. Report of the Council on<BR>
|
|
Scientific Affairs. Council on Scientific Affairs, American<BR>
|
|
Medical Association. Arch Fam Med 1993 Jun;2(6):678-81. </P>
|
|
|
|
<P>Wanerus P, Brandt MD. Issue: Managing health information in<BR>
|
|
facility mergers and acquisitions. A position statement. <BR>
|
|
Chicago: American Health Information Management Association; 1994<BR>
|
|
Apr. 4 p. <BR>
|
|
<BR>
|
|
Wogan MJ. Issue: HCFA's uniform clinical data set (UCDS). A<BR>
|
|
position statement. Chicago: American Health Information<BR>
|
|
Management Association; 1991 Nov. 2 p. <BR>
|
|
<BR>
|
|
Work Group on Computerization of Patient Records. Toward a<BR>
|
|
national health information infrastructure: report of the Work<BR>
|
|
Group on Computerization of Patient Records to the Secretary of<BR>
|
|
the U.S. Department of Health and Human Services. [Washington:<BR>
|
|
Department of Health and Human Services (US)]; 1993 Apr. <BR>
|
|
<BR>
|
|
Workgroup for Electronic Data Interchange (WEDI). The new<BR>
|
|
Workgroup for Electronic Interchange, summary report, April 1995.<BR>
|
|
[place unknown]: The Workgroup; 1995? <BR>
|
|
<BR>
|
|
Workgroup on Electronic Data Interchange (WEDI). Report, October<BR>
|
|
1993. [place unknown]: The Workgroup; 1993? </P>
|
|
|
|
<P>Workgroup for Electronic Data Interchange (WEDI). Report to<BR>
|
|
Secretary of U.S. Department of Health and Human Services, July<BR>
|
|
1992. [place unknown]: The Workgroup; 1992? </P>
|
|
|
|
<P>
|
|
Institutional </P>
|
|
|
|
<P>
|
|
Brandt M. Developing an information management plan. J AHIMA<BR>
|
|
1995 May;66(5):24-8, 30, 32-3.</P>
|
|
|
|
<P>Gramlich D. Confidentiality issues in the 90's. NAHAM Manag J<BR>
|
|
1992 Fall;18(2):6-8.<BR>
|
|
Hospital survey shows computer-based patient record protection<BR>
|
|
weaknesses. Inf Manag Bull 1994 Fall;7(3-4):5-6.</P>
|
|
|
|
<P>Katsikas SK, Gritzalis DA. The need for a security policy in<BR>
|
|
health care institutions. Int J Biomed Comput 1994 Feb;35<BR>
|
|
Suppl:73-80.</P>
|
|
|
|
<P>
|
|
RISK ANALYSIS &amp; CONTINGENCY PLANNING</P>
|
|
|
|
<P>
|
|
Bakker AR. Benefits and threats of new technologies. In:<BR>
|
|
Commission of the European Communities DG XIII/F AIM. Data<BR>
|
|
protection and confidentiality in health informatics: handling<BR>
|
|
health data in Europe in the future. Washington: IOS Press; 1991.<BR>
|
|
p. 191-6. (Studies in health technology and informatics; vol.<BR>
|
|
1).</P>
|
|
|
|
<P>Bakker AR. Computers in hospitals, vulnerability aspects. In:<BR>
|
|
Adlassnig KP, Grabner G, Bengtsson S, Hansen R, editors. Medical<BR>
|
|
Informatics Europe 1991. Proceedings; 1991 Aug 19-22; Vienna,<BR>
|
|
Austria. Berlin: Springer-Verlag; 1991. p. 62-6. (Lecture notes<BR>
|
|
in medical informatics; 45).</P>
|
|
|
|
<P>Barber B. Are your systems securely engineered? Br J Healthc<BR>
|
|
Comput Inf Manag 1995 Apr;12(3):30-1.</P>
|
|
|
|
<P>Barber B, Davey J. Approaching safe and secure health<BR>
|
|
information systems in Europe. Comput Methods Programs Biomed<BR>
|
|
1994 Jul;44(1):23-9.</P>
|
|
|
|
<P>Barber B, Davey J. The use of the CCTA risk analysis and<BR>
|
|
management methodology (CRAMM) in health information systems. <BR>
|
|
In: Lun KC, Degoulet P, Piemme TE, Rienhoff O, editors. MEDINFO<BR>
|
|
92. Proceedings of the 7th World Congress on Medical Informatics;<BR>
|
|
1992 Sep 6-10; Geneva, Switzerland. Vol. 2. Amsterdam:<BR>
|
|
North-Holland; 1992. p. 1589-93.</P>
|
|
|
|
<P>Barber B, Fairey M. Attack and defence: NHS security and data<BR>
|
|
protection programme. Br J Healthc Comput Inf Manag 1995<BR>
|
|
Jul;12(6):30-2.</P>
|
|
|
|
<P>Berleur J, Beardon C, Laufer R, editors. Proceedings of the IFIP<BR>
|
|
WG9.2 Working Conference on Facing the Challenge of Risk and<BR>
|
|
Vulnerability in an Information Society; 1993 May 20-22; Namur,<BR>
|
|
Belgium. Amsterdam: Elsevier Science Pub.; 1993. 311 p. (IFIP<BR>
|
|
Transactions A (Computer Science and Technology); vol.A-33).</P>
|
|
|
|
<P>Brandt M. Confidentiality today: where do you stand? J AHIMA<BR>
|
|
1993 Dec;64(12):59-62.</P>
|
|
|
|
<P>Cloud AC. An EDP audit with a twist. Inf Exec 1990<BR>
|
|
Fall;3(4):14-5.</P>
|
|
|
|
<P>Cox TP. The 'paperless' physician office: a risk management<BR>
|
|
perspective. J Healthc Risk Manag 1993 Fall;13(4):29-35.</P>
|
|
|
|
<P>Davey J. Risk analysis and management. In: Commission of the<BR>
|
|
European Communities DG XIII/F AIM. Data protection and<BR>
|
|
confidentiality in health informatics: handling health data in<BR>
|
|
Europe in the future. Washington: IOS Press; 1991. p. 350-9. <BR>
|
|
(Studies in health technology and informatics; vol. 1).</P>
|
|
|
|
<P>Eleazar PY. Risks associated with clinical databases. Top<BR>
|
|
Health Rec Manag 1991 Nov;12(2):49-58.</P>
|
|
|
|
<P>Ferraiolo DF, Gilbert DM, Lynch N. Assessing federal and<BR>
|
|
commercial information security needs. Gaithersburg (MD):<BR>
|
|
National Institute of Standards and Technology (US), Computer<BR>
|
|
Systems Laboratory; 1992 Nov. Report No: NIST Internal Report<BR>
|
|
(NISTIR) 4976. Available from: NTIS, Springfield, VA;<BR>
|
|
PB93-138956.</P>
|
|
|
|
<P>Furnell SM, Sanders PW, Stockel CT. An expert system for health<BR>
|
|
care data security: a conceptual outline. In: Ifeachor EC, Rosen<BR>
|
|
KG, editors. Proceedings of the International Conference on<BR>
|
|
Neural Networks and Expert Systems in Medicine and Healthcare.;<BR>
|
|
1994 Aug 23-26; Plymouth, UK. Plymouth (UK): Univ. of Plymouth;<BR>
|
|
1994. p. 346-52.</P>
|
|
|
|
<P>Gabrieli ER. Data security. J Clin Comput 1992;21(1-2):17-41.</P>
|
|
|
|
<P>Gritzalis D, Tomaras A, Katsikas S, Keklikoglou J. Data security<BR>
|
|
in medical information systems: the Greek case. Comput Secur<BR>
|
|
1991 Apr;10(2):141-59.</P>
|
|
|
|
<P>Liczbanski M. Protect your data! Data Based Advis 1992<BR>
|
|
May;10(5):114-24.</P>
|
|
|
|
<P>Louwerse CP. Practical aspects of handling data protection and<BR>
|
|
data security. In: Commission of the European Communities DG<BR>
|
|
XIII/F AIM. Data protection and confidentiality in health<BR>
|
|
informatics: handling health data in Europe in the future.<BR>
|
|
Washington: IOS Press; 1991. p. 324-33. (Studies in health<BR>
|
|
technology and informatics; vol. 1).</P>
|
|
|
|
<P>Miller D. Security, durability &amp; portable computers. Healthc<BR>
|
|
Inform 1993 May;10(5):72, 74.</P>
|
|
|
|
<P>Miller DW. Commonly overlooked information security issues. <BR>
|
|
Toward Electron Patient Rec 1994 May;2(10):1, 3-7.<BR>
|
|
Morris DC. It could never happen here! Comput Healthc 1990<BR>
|
|
Aug;11(8):38-44.</P>
|
|
|
|
<P>National Institute of Standards and Technology (US), Computer<BR>
|
|
Systems Laboratory. Guideline for the analysis of local area<BR>
|
|
network security. Gaithersburg (MD): The Institute; 1994 Nov.<BR>
|
|
(Federal information processing standards; FIPS PUB 191). <BR>
|
|
Available from: NTIS, Springfield, VA.</P>
|
|
|
|
<P>Pangalos GJ. Medical database security evaluation. Med Inf<BR>
|
|
(Lond) 1993 Oct-Dec;18(4):283-92.</P>
|
|
|
|
<P>Picukaric JM. The computer-based patient record: risks,<BR>
|
|
security, and the HIM role. J AHIMA 1992 Mar;63(3):78-84.</P>
|
|
|
|
<P>Skok R. Security systems: malpractice insurance for healthcare<BR>
|
|
organizations. J AHIMA 1993 Jan;64(1):51-2.</P>
|
|
|
|
<P>Warnock-Matheron A, Gruending DL, Hannah KJ. A risk management<BR>
|
|
approach to the security of hospital information systems. Can J<BR>
|
|
Nurs Adm 1993 May-Jun;6(2):22-4, 30.</P>
|
|
|
|
<P>Warren MJ, Sanders PW, Gaunt PN. Security criteria expert system<BR>
|
|
concept: the healthcare application. In: Ifeachor EC, Rosen KG,<BR>
|
|
editors. Proceedings of the International Conference on Neural<BR>
|
|
Networks and Expert Systems in Medicine and Healthcare; 1994 Aug<BR>
|
|
23-26; Plymouth, UK. Plymouth (UK): Univ. Plymouth; 1994. p.<BR>
|
|
146-53.</P>
|
|
|
|
<P>
|
|
EDUCATION &amp; TRAINING</P>
|
|
|
|
<P>
|
|
Brown MM. Building respect for confidentiality through<BR>
|
|
education. J AHIMA 1993 Dec;64(12):65-6.</P>
|
|
|
|
<P>Computer-based Patient Record Institute (CPRI). Guidelines for<BR>
|
|
information security education programs at organizations using<BR>
|
|
computer-based patient record systems. Schaumburg (IL): The<BR>
|
|
Institute; 1995. Prepared by the CPRI Work Group on<BR>
|
|
Confidentiality, Privacy, and Security, 1995 Jun.</P>
|
|
|
|
<P>Merski P. Optical imaging the Right way. J AHIMA 1993<BR>
|
|
May;64(5):69-72.</P>
|
|
|
|
<P>Self-assessment tool. Confidentiality and security in the<BR>
|
|
computer-based patient record environment. J AHIMA 1992<BR>
|
|
May;63(5):77-9.</P>
|
|
|
|
<P>Smith HJ, Kallman EA. Information privacy: medical record<BR>
|
|
directors' perceptions of policy and practice. J AHIMA 1993<BR>
|
|
Feb;64(2):48-51.</P>
|
|
|
|
<P>
|
|
ACCESS CONTROL/ AUTHENTICATION</P>
|
|
|
|
<P>
|
|
Birkegaard N. User authorization in distributed hospital<BR>
|
|
information systems. In: Commission of the European Communities<BR>
|
|
DG XIII/F AIM. Data protection and confidentiality in health<BR>
|
|
informatics: handling health data in Europe in the future.<BR>
|
|
Washington: IOS Press; 1991. p. 285-95. (Studies in health<BR>
|
|
technology and informatics; vol. 1).</P>
|
|
|
|
<P>Biskup J. Protection of privacy and confidentiality in medical<BR>
|
|
information systems: problems and guidelines. In: Spooner DL,<BR>
|
|
Landwehr C, editors. Database Security, 3: Status and Prospects.<BR>
|
|
Results of the IFIP WG 11.3 workshop; 1989 Sep 5-7; Monterey, CA.<BR>
|
|
Amsterdam: North-Holland; 1990. p. 13-23.</P>
|
|
|
|
<P>Biskup J, Eckert C. [Secure delegation in information systems]. <BR>
|
|
In: Weck G, Horster P, editors. Proceedings of VIS '93; 1993 May<BR>
|
|
11-13; Munich, Germany. Wiesbaden: Vieweg; 1993. p. 107-33.<BR>
|
|
(Ger).</P>
|
|
|
|
<P>Bobis KG. Implementing right to know security in the<BR>
|
|
computer-based patient record. In: Proceedings of the IEEE 13th<BR>
|
|
Annual International Phoenix Conference on Computers and<BR>
|
|
Communications; 1994 Apr 12-15; Phoenix, AZ. Piscataway (NJ):<BR>
|
|
IEEE; 1994. p. 156-60.</P>
|
|
|
|
<P>Brannigan VM. A framework for Need to Know authorizations in<BR>
|
|
medical computer systems: responding to the constitutional<BR>
|
|
requirements. Proc Annu Symp Comput Appl Med Care 1994;18:392-6.</P>
|
|
|
|
<P>Dargahi R, Classen DW, Bobroff RB, Petermann CA, Moreau DR, Beck<BR>
|
|
JR, Buffone GJ. The development of a data security model for the<BR>
|
|
Collaborative Social and Medical Services System. Proc Annu Symp<BR>
|
|
Comput Appl Med Care 1994;18:349-53.</P>
|
|
|
|
<P>Decoster C. [Data protection within the Ministry of Public<BR>
|
|
Health and in the hospitals]. Acta Hosp 1994;34(1):87-91. (Dut).</P>
|
|
|
|
<P>Eichenwald S. Information technologies. Physician- hospital<BR>
|
|
networks. J AHIMA 1992 Mar;63(3):50-1.</P>
|
|
|
|
<P>Gritzalis D, Katsikas S, Keklikoglou J, Tomaras A. Data security<BR>
|
|
in medical information systems: technical aspects of a proposed<BR>
|
|
legislation. Med Inf (Lond) 1991 Oct-Dec;16(4):371-83.</P>
|
|
|
|
<P>Henkind SJ, Orlowski JM, Skarulis PC. Application of a<BR>
|
|
multilevel access model in the development of a security<BR>
|
|
infrastructure for a clinical information system. Proc Annu Symp<BR>
|
|
Comput Appl Med Care 1993;17:64-8.</P>
|
|
|
|
<P>High-tech privacy issues in health care: Hearings Before the<BR>
|
|
Subcomm. on Technology and the Law of the Senate Comm. on the<BR>
|
|
Judiciary, 103d Congress, 1st and 2d Sess. (October 27, 1993,<BR>
|
|
and January 27, 1994). Washington: U.S. Government Printing<BR>
|
|
Office; 1994. 137 p. Available from: US GPO, Washington; Y 4.J<BR>
|
|
89/1; Y 4.J 89/22:S.HRG.103-836.</P>
|
|
|
|
<P>Kohler CO. [Medical documentation in the 'new health care<BR>
|
|
system']. Nachr Dok 1994 May-Jun;45(3):135-42. (Ger).</P>
|
|
|
|
<P>Lonquet P, Barthier S, Leport C, Bompis B, Guilloy Y, Vlide JL. <BR>
|
|
Assessement of a written procedure to improve the protection of<BR>
|
|
confidentiality for hospitalized patients. Int Conf AIDS 1991 <BR>
|
|
Jun 16-21;7(1):424. Abstract no. M.D.4138.</P>
|
|
|
|
<P>Morris P, McDermid J. The structure of permissions: a normative<BR>
|
|
framework for access rights. In: Database Security, 5: Status<BR>
|
|
and Prospects. Results of the IFIP WG 11.3 workshop; 1991 Nov<BR>
|
|
4-7; Shepherdstown, WV. [Amsterdam?: North Holland?]; 1992. p.<BR>
|
|
77-97. (IFIP transactions A (computer science and technology);<BR>
|
|
vol.A-6).</P>
|
|
|
|
<P>Murphy G, Anderson EM. An organizational model for data access<BR>
|
|
and management--work in progress. J AHIMA 1994 Aug;65(8):50-2,<BR>
|
|
54.</P>
|
|
|
|
<P>National Institute of Standards and Technology (US), Computer<BR>
|
|
Systems Laboratory. Automated password generator (APG).<BR>
|
|
Gaithersburg (MD): The Institute; 1993 Oct. (Federal information<BR>
|
|
processing standards; FIPS PUB 181). Available from: NTIS,<BR>
|
|
Springfield, VA.</P>
|
|
|
|
<P>National Institute of Standards and Technology (US), Computer<BR>
|
|
Systems Laboratory. Guideline for the use of advanced<BR>
|
|
authentication technology alternatives. Gaithersburg (MD): The<BR>
|
|
Institute; 1994 Sep. (Federal information processing standards;<BR>
|
|
FIPS PUB 190). Available from: NTIS, Springfield, VA.</P>
|
|
|
|
<P>National Institute of Standards and Technology (US), Computer<BR>
|
|
Systems Laboratory. Standard on password usage. Gaithersburg<BR>
|
|
(MD): The Institute; 1985 May. (Federal information processing<BR>
|
|
standards; FIPS PUB 112). Available from: NTIS, Springfield, VA.</P>
|
|
|
|
<P>Notargiacomo LA, Graubart RD, Jajodia S, Landwehr CE. Health<BR>
|
|
delivery: the problem solved? In: Database Security, 4. Status<BR>
|
|
and Prospects. Results of the IFIP WG 11.3 workshop; 1990 Sep<BR>
|
|
18-21; Halifax, UK. Amsterdam: North-Holland; 1991. p. 13-26.</P>
|
|
|
|
<P>Orr GA, Brantley BA Jr. Development of a model of information<BR>
|
|
security requirements for enterprise-wide medical information<BR>
|
|
systems. Proc Annu Symp Comput Appl Med Care 1992;16:287-91.</P>
|
|
|
|
<P>Pangalos G, Khair M, Bozios L. Enhancing medical database<BR>
|
|
security. J Med Syst 1994 Aug;18(4):159-71.</P>
|
|
|
|
<P>Pangalos GJ. Medical database security policies. Methods Inf<BR>
|
|
Med 1993 Nov;32(5):349-56; discussion 357.</P>
|
|
|
|
<P>Peterson HE. Management and staff issues in data protection. In:<BR>
|
|
Commission of the European Communities DG XIII/F AIM. Data<BR>
|
|
protection and confidentiality in health informatics: handling<BR>
|
|
health data in Europe in the future. Washington: IOS Press;<BR>
|
|
1991. p. 315-23. (Studies in health technology and informatics;<BR>
|
|
vol. 1). <BR>
|
|
<BR>
|
|
Pinkert JR. Contemporary issues in HIM. Kerberos--security for<BR>
|
|
sensitive data. J AHIMA 1994 Jun;65(6):22-4, 26-8.<BR>
|
|
<BR>
|
|
Quisquater JJ, Bouckaert A. Zero-knowledge procedures for<BR>
|
|
confidential access to medical records. In: Quisquater JJ,<BR>
|
|
Vandewalle J, editors. Advances in cryptology - EUROCRYPT '89.<BR>
|
|
Proceedings of the Workshop on the Theory and Application of<BR>
|
|
Cryptographic Techniques; 1989 Apr 10-13; Houthalen, Belgium.<BR>
|
|
Berlin: Springer-Verlag; 1990. p. 662-4.<BR>
|
|
<BR>
|
|
Rihaczek K. Data protection in networks. In: Commission of the<BR>
|
|
European Communities DG XIII/F AIM. Data protection and<BR>
|
|
confidentiality in health informatics: handling health data in<BR>
|
|
Europe in the future. Washington: IOS Press; 1991. p. 249-70. <BR>
|
|
(Studies in health technology and informatics; vol. 1).</P>
|
|
|
|
<P>Riley WD. Safe as a bank. LAN Technol 1992 May;8(5):29-31.<BR>
|
|
<BR>
|
|
Safran C, Rind D, Citroen M, Bakker AR, Slack WV, Bleich HL. <BR>
|
|
Protection of confidentiality in the computer-based patient<BR>
|
|
record. MD Comput 1995 May-Jun;12(3):187-92.<BR>
|
|
<BR>
|
|
Sandhu RS, Coyne EJ, Feinstein HL, Youman CE. Role-based access<BR>
|
|
control models. Computer 1996 Feb;29(2):38-47.</P>
|
|
|
|
<P>Shimaoka A. Security evaluation for the information system of<BR>
|
|
Oita Medical University Hospital [abstract]. Annu Meet Int Soc<BR>
|
|
Technol Assess Health Care 1994;10:Abstract no. 131. <BR>
|
|
<BR>
|
|
Wear LL, Pinkert JR. Computer security. J AHIMA 1993<BR>
|
|
Sep;64(9):30-2, 34, 36-7. <BR>
|
|
<BR>
|
|
Yamamoto K, Ishikawa K, Miyaji M, Nakamura Y, Nishi S, Sasaki T,<BR>
|
|
Tsuji K, Watanabe R. Necessity to improve common understanding<BR>
|
|
about the security issues among hospitals in Japan and some<BR>
|
|
feasible approaches. Int J Biomed Comput 1994 Feb;35<BR>
|
|
Suppl:205-12. <BR>
|
|
<BR>
|
|
<BR>
|
|
PERSONAL IDENTIFIERS</P>
|
|
|
|
<P>
|
|
American Medical Informatics Association. Standards for medical<BR>
|
|
identifiers, codes, and messages needed to create an efficient<BR>
|
|
computer-stored medical record. J Am Med Inform Assoc 1994<BR>
|
|
Jan-Feb;1(1):1-7.</P>
|
|
|
|
<P>Asher A, Edson D, Howell E, Pence K. The unique record number: an<BR>
|
|
alternative to traditional person identifiers. In: Toward the<BR>
|
|
year 2000: refining the measures. Proceedings of the 24th Public<BR>
|
|
Health Conference on Records and Statistics; 1993 Jul 19-21;<BR>
|
|
Washington. Hyattsville (MD): National Center for Health<BR>
|
|
Statistics (US); 1994. p. 308-11. <BR>
|
|
<BR>
|
|
Baitty RL, Jain RB, Hager C, Pope W, Goosby EP, Bowen GS. <BR>
|
|
Protecting confidentiality in a national reporting system for HIV<BR>
|
|
services. Int Conf AIDS 1993 Jun 6-11;9:947 Abstract no.<BR>
|
|
PO-D36-4374. <BR>
|
|
<BR>
|
|
Barber B, France FR, Winkeler B, Olsen P. The EuroHealth<BR>
|
|
Database-handling personal data without access to personal<BR>
|
|
identification. In: Adlassnig KP, Grabner G, Bengtsson S, Hansen<BR>
|
|
R, editors. Medical Informatics Europe 1991. Proceedings;<BR>
|
|
1991 Aug 19-22; Vienna, Austria. Berlin: Springer-Verlag; 1991.<BR>
|
|
p. 646-52. (Lecture notes in medical informatics; 45). <BR>
|
|
<BR>
|
|
Carpenter PC, Chute CG. The Universal Patient Identifier: a<BR>
|
|
discussion and proposal. Proc Annu Symp Comput Appl Med Care<BR>
|
|
1993;17:49-53. <BR>
|
|
<BR>
|
|
Concept models of patient identification: issues surrounding the<BR>
|
|
use of social security numbers for patient identification. <BR>
|
|
Toward Electron Patient Rec 1993;Analysis 2:1-15. <BR>
|
|
<BR>
|
|
Dilger K. [Use of computers for patient data and billing]. <BR>
|
|
Fortschr Ophthalmol 1990;87 Suppl:S1-4. (Ger). <BR>
|
|
<BR>
|
|
Fitzmaurice JM, Murphy G, Wear P, Korpman R, Weber G, Whiteman J. <BR>
|
|
Patient identifiers: stumbling blocks or cornerstones for CPRs<BR>
|
|
(computer-based patient records)? Healthc Inform 1993<BR>
|
|
May;10(5):38-40, 42. <BR>
|
|
<BR>
|
|
Gabrieli ER. Guide for unique healthcare identifier model. J<BR>
|
|
Clin Comput 1993;21(5):101-39. <BR>
|
|
<BR>
|
|
Gardner RM. Integrated computerized records provide improved<BR>
|
|
quality of care with little loss of privacy. J Am Med Inform<BR>
|
|
Assoc 1994 Jul-Aug;1(4):320-2.</P>
|
|
|
|
<P>Goldschmidt AJW, Gaal L. [Optimised computer-aided random number<BR>
|
|
generation for achieving anonymity of patients' records]. Softw<BR>
|
|
Kur Med Psychol 1991;4(5):145-50. (Ger). <BR>
|
|
<BR>
|
|
Information and Privacy Commissioner/Ontario. Privacy and<BR>
|
|
electronic identification in the information age. [Ottawa<BR>
|
|
(Ontario, Canada): The Commissioner]; 1994 Nov. 13 p. </P>
|
|
|
|
<P>Meux E. California's experience: SSN and confidentiality. In:<BR>
|
|
Toward the year 2000: refining the measures. Proceedings of the<BR>
|
|
24th Public Health Conference on Records and Statistics (US);<BR>
|
|
1993 Jul 19-21; Washington. Hyattsville (MD): National Center for<BR>
|
|
Health Statistics (US); 1994. p. 312-4. <BR>
|
|
<BR>
|
|
Meux E. Encrypting personal identifiers. Health Serv Res 1994<BR>
|
|
Jun;29(2):247-56. <BR>
|
|
<BR>
|
|
Mjolsnes SF. Privacy, cryptographic pseudonyms, and the state of<BR>
|
|
health. In: Imai H, Rivest RL, Matsumoto T, editors. Advances in<BR>
|
|
cryptology - ASIACRYPT '91. Proceedings of the International<BR>
|
|
Conference on the Theory and Application of Cryptology; 1991 Nov<BR>
|
|
11-14; Fujiyoshida, Japan. Berlin: Springer-Verlag; 1993. p.<BR>
|
|
493-4. <BR>
|
|
<BR>
|
|
Mulligan D. Methods of identifying individuals in health<BR>
|
|
information systems. In: Toward an electronic patient record '95.<BR>
|
|
11th International Symposium on the Creation of Electronic Health<BR>
|
|
Record Systems. Proceedings; 1995 Mar 14-19; Orlando, FL. Vol.<BR>
|
|
2. Newton (MA): Medical Records Institute; 1995. p. 428-41. <BR>
|
|
<BR>
|
|
National ID systems demand proper safeguards. Data Protection<BR>
|
|
Registrar advocates debate. IHRIM 1994 Aug;35(3):9-10. <BR>
|
|
<BR>
|
|
Szolovits P, Kohane I. Against simple universal health-care<BR>
|
|
identifiers. J Am Med Inform Assoc 1994 Jul-Aug;1(4):316-9. <BR>
|
|
<BR>
|
|
Thirion X, Maldonado J, Sambuc R, San Marco JL. An experiment in<BR>
|
|
the anonymous distribution of AIDS-medicaments in Southern<BR>
|
|
France. Int Conf AIDS 1990 Jun 20-23;6(3):301. Abstract no.<BR>
|
|
S.D.845. <BR>
|
|
<BR>
|
|
Waegemann CP. Patient identifiers: insurance identification and<BR>
|
|
patient identification in health care. Executive summary. <BR>
|
|
Toward Electron Patient Rec 1993 Oct;Analysis 3:10-4. <BR>
|
|
<BR>
|
|
Williams BC, Demitrack LB, Fries BE. The accuracy of the<BR>
|
|
National Death Index when personal identifiers other than Social<BR>
|
|
Security number are used. Am J Public Health 1992 Aug;82(8):<BR>
|
|
1145-7. <BR>
|
|
<BR>
|
|
<BR>
|
|
AUDIT TRAILS</P>
|
|
|
|
<P>
|
|
Bakker AR. Special care needed for the heart of medical<BR>
|
|
information systems. In: Biskup J, Morgenstern M, Landwehr CE,<BR>
|
|
editors. Database Security, 8: Status and Prospects. Proceedings<BR>
|
|
of the IFIP WG11.3 Working Conference on Database Security; 1994<BR>
|
|
Aug 23-26; Bad Salzdetfurth, Germany. London: Chapman &amp; Hall<BR>
|
|
Ltd.; 1994. p. 3-10. (IFIP transactions A (computer science and<BR>
|
|
technology); vol. A-60). <BR>
|
|
<BR>
|
|
Borten K. Using an audit facility to protect patient data at the<BR>
|
|
Massachusetts General Hospital. In: Toward an electronic patient<BR>
|
|
record '95. 11th International Symposium on the Creation of<BR>
|
|
Electronic Health Record Systems. Proceedings; 1995 Mar 14-19;<BR>
|
|
Orlando, FL. Newton (MA): Medical Records Institute; 1995. p.<BR>
|
|
115-20. <BR>
|
|
<BR>
|
|
Hammond JE, Berger RG, Carey TS, Fakhry SM, Rutledge R, Kichak<BR>
|
|
JP, Cleveland TJ, Dempsey MJ, Tsongalis NM, Ayscue CF. Report on<BR>
|
|
the clinical workstation and clinical data repository utilization<BR>
|
|
at UNC Hospitals. Proc Annu Symp Comput Appl Med Care<BR>
|
|
1994;18:276-80. <BR>
|
|
<BR>
|
|
Hayam A. Security Audit Center--a suggested model for effective<BR>
|
|
audit strategies in health care informatics. Int J Biomed Comput<BR>
|
|
1994 Feb;35 Suppl:115-27. <BR>
|
|
<BR>
|
|
Kowalski S. An accountability server for health care information<BR>
|
|
systems. Int J Biomed Comput 1994 Feb;35 Suppl:129-38. <BR>
|
|
<BR>
|
|
Muhlenberg provides secure access to patient files. Commun News<BR>
|
|
1995 May;32(5):16. <BR>
|
|
<BR>
|
|
Schwartz M. Protecting patient data confidentiality in the<BR>
|
|
healthcare environment. EDPACS 1993 Sep;21(3):12-8. <BR>
|
|
<BR>
|
|
Walker NS. An integrated clinical computer system: implications<BR>
|
|
for a medical information services department. J AHIMA 1994<BR>
|
|
Dec;65(12):41-3. <BR>
|
|
<BR>
|
|
<BR>
|
|
ELECTRONIC SIGNATURES</P>
|
|
|
|
<P>
|
|
Barber B, Douglas S. An initial approach to the security<BR>
|
|
techniques required by the electronic patient record. Int J<BR>
|
|
Biomed Comput 1994 Feb;35 Suppl:33-8. <BR>
|
|
<BR>
|
|
Branstad DK, editor. Report of the NIST Workshop on Digital<BR>
|
|
Signature Certificate Management, December 10-11, 1992.<BR>
|
|
Gaithersburg (MD): National Institute of Standards and Technology<BR>
|
|
(US), Computer Systems Laboratory; 1993 Aug. Report No.: NIST<BR>
|
|
Internal Report (NISTIR) 5234. Available from: NTIS,<BR>
|
|
Springfield, VA; PB94-135001.<BR>
|
|
<BR>
|
|
Bryant LE Jr. Health law: legal authorization for the electronic<BR>
|
|
signature or computer-generated signature code on medical records<BR>
|
|
in Illinois. J AHIMA 1992 Sep;63(9):18-9. <BR>
|
|
<BR>
|
|
Curtis EH. Electronic signature of computerized patient records. <BR>
|
|
Top Health Inf Manag 1994 Aug;15(1):64-73. <BR>
|
|
<BR>
|
|
French B, Priester RA. Electronic signature thrives in different<BR>
|
|
environments. J AHIMA 1995 Jun;66(6):61-3. <BR>
|
|
<BR>
|
|
Kadzielski MA, Reynolds MB. Legal review: auto- authentication<BR>
|
|
of medical records raises verification concerns. Top Health Inf<BR>
|
|
Manag 1993 Aug;14(1):77-82. <BR>
|
|
<BR>
|
|
Lima C. Challenges in the approval process for the physician<BR>
|
|
computerized signature. J AHIMA 1993 Feb;64(2):55-8. <BR>
|
|
<BR>
|
|
National Institute of Standards and Technology (US), Computer<BR>
|
|
Systems Laboratory. Digital signature standard (DSS).<BR>
|
|
Gaithersburg (MD): The Institute; 1994 May 19. (Federal<BR>
|
|
information processing standards; FIPS PUB 186). Available from:<BR>
|
|
NTIS, Springfield, VA. <BR>
|
|
<BR>
|
|
National Institute of Standards and Technology (US), Computer<BR>
|
|
Systems Laboratory. Secure hash standard. Gaithersburg (MD): The<BR>
|
|
Institute; 1995 Apr. (Federal information processing standards;<BR>
|
|
FIPS PUB 180-1). Available from: NTIS, Springfield, VA. <BR>
|
|
<BR>
|
|
Noel LA. Electronic signatures: a brief overview. J Am Med Rec<BR>
|
|
Assoc 1991 Sep;62(9):38-43. <BR>
|
|
<BR>
|
|
Silva A. Electronic signatures: one hospital's approach. J Am<BR>
|
|
Med Rec Assoc 1991 Jul;62(7):24-5. <BR>
|
|
<BR>
|
|
Smith JP. Authentication of digital medical images with digital<BR>
|
|
signature technology. Radiology 1995 Mar;194(3):771-4. </P>
|
|
|
|
<P>Waegemann CP. The new standard guide for electronic signatures. <BR>
|
|
ASTM Stand News 1995 Aug;23(8):4-7. </P>
|
|
|
|
<P> <BR>
|
|
ENCRYPTION</P>
|
|
|
|
<P>
|
|
Abou-Tayiem E. Implementation of the RSA public-key cryptosystem.<BR>
|
|
Stevenage (Herts, UK): Institution of Electrical Engineers; 1995. <BR>
|
|
<BR>
|
|
Baum MS. Federal certification authority liability and policy.<BR>
|
|
Gaithersburg (MD): National Institute of Standards and Technology<BR>
|
|
(US), Computer Systems Laboratory; 1994 Jun. Report No: NIST GCR<BR>
|
|
94-654. Available from: NTIS, Springfield, VA; PB94-191202.<BR>
|
|
<BR>
|
|
Garfinkel S. PCP: pretty good privacy. Sebastopol (CA): O'Reilly<BR>
|
|
&amp; Associates, Inc.; 1994. <BR>
|
|
<BR>
|
|
Houser WR. NIST's 'victory' will save DSS users an arm and a<BR>
|
|
leg. Gov Comput News 1993 Jul 5;12(14):25-6. <BR>
|
|
<BR>
|
|
National Institute of Standards and Technology (US). Proposed<BR>
|
|
Federal Information Processing Standard (FIPS) for public key<BR>
|
|
cryptographic entity authentication mechanisms. Fed Regist 1995<BR>
|
|
Jun 6;60(108):29830-2. <BR>
|
|
<BR>
|
|
National Institute of Standards and Technology (US), Computer<BR>
|
|
Systems Laboratory. Appendix 5. Example of the DSA. Gaithersburg<BR>
|
|
(MD): The Institute; 1995 Oct 2. (Federal information processing<BR>
|
|
standards; FIPS PUB 186). <BR>
|
|
<BR>
|
|
National Institute of Standards and Technology (US), Computer<BR>
|
|
Systems Laboratory. Data encryption standard. Gaithersburg (MD):<BR>
|
|
The Institute; 1993 Dec (Reaffirmed until 1998). (Federal <BR>
|
|
information processing standards; FIPS PUB 46-2). Available<BR>
|
|
from: NTIS, Springfield, VA. <BR>
|
|
<BR>
|
|
National Institute of Standards and Technology (US), Computer<BR>
|
|
Systems Laboratory. Escrowed encryption standard (EES).<BR>
|
|
Gaithersburg (MD): The Institute; 1994 Feb. (Federal information<BR>
|
|
processing standards; FIPS PUB 185). Available from: NTIS,<BR>
|
|
Springfield, VA. <BR>
|
|
<BR>
|
|
National Institute of Standards and Technology (US), Computer<BR>
|
|
Systems Laboratory. Key management using ANSI X9.17. Gaithersburg<BR>
|
|
(MD): The Institute; 1992 Apr. (Federal information processing<BR>
|
|
standards; FIPS PUB 171). Available from: NTIS, Springfield, VA. <BR>
|
|
<BR>
|
|
National Institute of Standards and Technology (US), Computer<BR>
|
|
Systems Laboratory. Security requirements for cryptographic<BR>
|
|
modules. Gaithersburg (MD): The Institute; 1994 Jan. (Federal<BR>
|
|
information processing standards; FIPS PUB 140-1). Available<BR>
|
|
from: NTIS, Springfield, VA. <BR>
|
|
<BR>
|
|
National Institute of Standards and Technology (US), Computer<BR>
|
|
Systems Laboratory. Standard on computer data authentication.<BR>
|
|
Gaithersburg (MD): The Institute; 1985 May. (Federal information<BR>
|
|
processing standards; FIPS PUB 113). Available from: NTIS,<BR>
|
|
Springfield, VA.</P>
|
|
|
|
<P>Oldehoeft AE, Branstad D, editors. Report of the NIST Workshop on<BR>
|
|
Key Escrow Encryption. Gaithersburg (MD): National Institute of<BR>
|
|
Standards and Technology (US), Computer Systems Laboratory; 1994<BR>
|
|
Jun. Report No.: NIST Internal Report (NISTIR) 5468. Available<BR>
|
|
from: NTIS, Springfield, VA; PB94-209459.<BR>
|
|
<BR>
|
|
Olnes J. EDIFACT security made simple-the EDIMED approach. <BR>
|
|
Comput Secur 1993 Dec;12(8):765-74. <BR>
|
|
<BR>
|
|
Schneier B. Applied cryptography: protocols, algorithms and<BR>
|
|
source code in C. 2nd ed. New York: Wiley &amp; Sons, Inc.; 1995. <BR>
|
|
<BR>
|
|
Stevens A. Hacks, spooks, and data encryption. Dr Dobbs J 1990<BR>
|
|
Sep;15(9):127-38. <BR>
|
|
<BR>
|
|
Zamparo R. A study of OSI key management. Gaithersburg (MD):<BR>
|
|
National Institute of Standards and Technology (US), Computer<BR>
|
|
Systems Laboratory; 1992 Nov. Report No.: NIST Internal Report<BR>
|
|
(NISTIR) 4983. Available from: NTIS, Springfield, VA;<BR>
|
|
PB93-151579.<BR>
|
|
<BR>
|
|
<BR>
|
|
SOFTWARE &amp; APPLICATION DESIGN/PROTECTION</P>
|
|
|
|
<P>
|
|
Bassham LE, Polk WY. Security of SQL-based implementations of<BR>
|
|
product data exchange using STEP. Gaithersburg (MD): National<BR>
|
|
Institute of Standards and Technology (US), Computer Systems<BR>
|
|
Laboratory; 1993 Oct. Report No.: NIST Internal Report (NISTIR)<BR>
|
|
5283. Available from: NTIS, Springfield, VA; PB94-139649.<BR>
|
|
<BR>
|
|
Bassoe CF. [Data hygiene. Data security, prevention of wrong or<BR>
|
|
useless information and high quality of communication]. Tidsskr<BR>
|
|
Nor Laegeforen 1995 Jan 20;115(2):252-5. (Nor). <BR>
|
|
<BR>
|
|
Baum-Waidner B, Bunz H, Capellaro C. SAMSON, security management<BR>
|
|
in a health care scenario. In: Kugler HJ, Mullery A, Niebert N,<BR>
|
|
editors. 2nd International Conference on Intelligence in<BR>
|
|
Broadband Services and Networks; 1994 Sep 7-9; Aachen, Germany.<BR>
|
|
Berlin: Springer-Verlag; 1994. p. 503-12. <BR>
|
|
<BR>
|
|
Bennett PA. Safety standards in medical software. In: Commission<BR>
|
|
of the European Communities DG XIII/F AIM. Data protection and<BR>
|
|
confidentiality in health informatics: handling health data in<BR>
|
|
Europe in the future. Washington: IOS Press; 1991. p. 197-213. <BR>
|
|
(Studies in health technology and informatics; vol. 1). <BR>
|
|
<BR>
|
|
Biskup J. Medical database security. In: Commission of the<BR>
|
|
European Communities DG XIII/F AIM. Data protection and<BR>
|
|
confidentiality in health informatics: handling health data in<BR>
|
|
Europe in the future. Washington: IOS Press; 1991. p. 214-30. <BR>
|
|
(Studies in health technology and informatics; vol. 1). </P>
|
|
|
|
<P>Cannataci JA. Data protection issues in database management and<BR>
|
|
expert systems. In: Commission of the European Communities DG<BR>
|
|
XIII/F AIM. Data protection and confidentiality in health<BR>
|
|
informatics: handling health data in Europe in the future.<BR>
|
|
Washington: IOS Press; 1991. p. 161-80. (Studies in health<BR>
|
|
technology and informatics; vol. 1). <BR>
|
|
<BR>
|
|
Davey J. Tools and techniques for the development of secure<BR>
|
|
software. Int J Biomed Comput 1994 Feb;35 Suppl:173-8.</P>
|
|
|
|
<P>Eichinger S, Pernul G. Design environment for a hospital<BR>
|
|
information system: meeting the data security challenge. In: Lun<BR>
|
|
KC, Degoulet P, Piemme TE, Rienhoff O, editors. MEDINFO 92.<BR>
|
|
Proceedings of the 7th World Congress on Medical Informatics;<BR>
|
|
1992 Sep 6-10; Geneva, Switzerland. Vol.2. Amsterdam:<BR>
|
|
North-Holland; 1992. p. 1582-8.</P>
|
|
|
|
<P>Filsinger J. Integrity and the audit of trusted database<BR>
|
|
management systems. In: Database Security, 6: Status and<BR>
|
|
Prospects. IFIP WG 11.3 workshop; 1992 Aug 19-21; Vancouver, BC,<BR>
|
|
Canada. [Amsterdam?: North-Holland?]; 1993. p. 349-65. (IFIP<BR>
|
|
transactions A (computer science and technology); vol. A-21). <BR>
|
|
<BR>
|
|
Haber L. Prevention is the best medicine. (impact and prevention<BR>
|
|
of computer viruses and the emergence of anti-virus software).<BR>
|
|
MIDRANGE Syst 1992 Feb 4;5(3):68-70.<BR>
|
|
<BR>
|
|
Kailey JB, editor. Validated products list 1995 No. 2. Vol. 1,<BR>
|
|
Programming languages, database language SQL, graphics, POSIX,<BR>
|
|
and computer security; Vol. 2, GOSIP. Gaithersburg (MD): National<BR>
|
|
Institute of Standards and Technology (US), Computer Systems<BR>
|
|
Laboratory; 1995 Apr. Report No: NIST Internal Report (NISTIR)<BR>
|
|
5629. Available from: NTIS, Springfield, VA; PB95-937301. </P>
|
|
|
|
<P>Kemmerer RA. A multi-level formal specification of a mental<BR>
|
|
health care database. In: Jajodia S, Landwehr CE, editors.<BR>
|
|
Database Security, 4: Status and Prospects. Results of the IFIP<BR>
|
|
WG 11.3 workshop; 1990 Sep 18-21; Halifax, UK. Amsterdam:<BR>
|
|
North-Holland; 1991. p. 27-51.</P>
|
|
|
|
<P>Morgan JD. Point of care and patient privacy: who is in control?<BR>
|
|
Top Health Inf Manag 1994 May;14(4):36-43.<BR>
|
|
<BR>
|
|
Pangalos G, Pomportsis A, Bozios L, Khair M. Development of<BR>
|
|
secure medical database systems. In: Karagiannis D, editor.<BR>
|
|
Proceedings of DEXA 94; 1994 Sep 7-9; Athens, Greece. Berlin:<BR>
|
|
Springer-Verlag; 1994. p. 680-9.</P>
|
|
|
|
<P>Polk WT, Bassham LE. A guide to the selection of anti-virus tools<BR>
|
|
and techniques. Gaithersburg (MD): National Institute of<BR>
|
|
Standards and Technology (US), Computer Systems Laboratory; 1992<BR>
|
|
Dec. (NIST special publication; 800-5). Available from: NTIS,<BR>
|
|
Springfield, VA; PB93-152049.<BR>
|
|
<BR>
|
|
Polk WT, Bassham LE. Security issues in the database language<BR>
|
|
SQL. Gaithersburg (MD): National Institute of Standards and<BR>
|
|
Technology (US), Computer Systems Laboratory; 1993 Aug. (NIST<BR>
|
|
special publication; 800-8). Available from: US GPO, Washington;<BR>
|
|
SN 003-003-03225-5.</P>
|
|
|
|
<P>Ting TC. Application information security semantics: a case of<BR>
|
|
mental health delivery. In: Spooner DL, Landwehr C, editors.<BR>
|
|
Database Security, 3: Status and Prospects. Results of the IFIP<BR>
|
|
WG 11.3 workshop; 5-7 Sep 1989; Monterey, CA. Amsterdam:<BR>
|
|
North-Holland; 1990. p. 1-12. <BR>
|
|
<BR>
|
|
Ulirsch RC, Ashwood ER, Noce P. Security in the clinical<BR>
|
|
laboratory. Guidelines for managing the information resource. <BR>
|
|
Arch Pathol Lab Med 1990 Jan;114(1):89-93. </P>
|
|
|
|
<P>van Dorp HD, Dubbeldam JF. The AIM SEISMED guidelines for system<BR>
|
|
development and design. Int J Biomed Comput 1994 Feb;35<BR>
|
|
Suppl:179-86.<BR>
|
|
<BR>
|
|
Watt R. Security in VAX DSM Version 6.0. MUG Q 1991<BR>
|
|
Jun;21(3):106-11.<BR>
|
|
<BR>
|
|
Weingarten J. Can confidential patient information be kept<BR>
|
|
private in high-tech medicine? MD Comput 1992<BR>
|
|
Mar-Apr;9(2):79-82.</P>
|
|
|
|
<P> <BR>
|
|
NETWORK SECURITY</P>
|
|
|
|
<P>
|
|
Bagwill R, Barkley J, Carnahan L, et al. Security in open<BR>
|
|
systems. Gaithersburg (MD): National Institute of Standards and<BR>
|
|
Technology (US), Computer Systems Laboratory; 1994 Jul. (NIST<BR>
|
|
special publication; 800-7). Available from: US GPO, Washington;<BR>
|
|
SN003-003-03276-0.<BR>
|
|
<BR>
|
|
Bleumer G. Security for decentralized health information<BR>
|
|
systems. Int J Biomed Comput 1994 Feb;35 Suppl:139-45. <BR>
|
|
<BR>
|
|
Campbell LA. How secure is the Internet for health care<BR>
|
|
applications? Toward Electron Patient Rec 1995 Jun-Jul;4(1):1,<BR>
|
|
3-16.<BR>
|
|
<BR>
|
|
Castagna R. The well-guarded LAN. PC Sources 1991<BR>
|
|
Sep;2(9):139-42.</P>
|
|
|
|
<P>Cheswick WR, Bellowin SM. Firewalls and Internet security:<BR>
|
|
repelling the wily hacker. Reading (MA): Addison-Wesley Pub. Co.,<BR>
|
|
Inc.; 1994. 306 p. <BR>
|
|
<BR>
|
|
Dayanim J. Disaster recovery: options for public and private<BR>
|
|
networks. (includes related article on network recovery for<BR>
|
|
integrated LAN/WAN networks). Telecommunications 1991 Dec;<BR>
|
|
25(12):48-52. <BR>
|
|
<BR>
|
|
de Roulet D, Le HS, Scherrer JR. The technical conditions for an<BR>
|
|
open architecture. Int J Biomed Comput 1994 Feb;35 Suppl:107-14. <BR>
|
|
<BR>
|
|
Fernandez Del Val C. Medical network security and viruses. In:<BR>
|
|
Commission of the European Communities DG XIII/F AIM. Data<BR>
|
|
protection and confidentiality in health informatics: handling<BR>
|
|
health data in Europe in the future. Washington: IOS Press;<BR>
|
|
1991. p. 271-84. (Studies in health technology and informatics;<BR>
|
|
vol. 1).</P>
|
|
|
|
<P>Harwood R. Install the wall. DEC Prof 1994 Dec;13(12):44-5. <BR>
|
|
<BR>
|
|
Howlett P, Powell T. United we stand (hospital network<BR>
|
|
security). Br J Healthc Comput Inf Manag 1994 Oct;11(8):26-7.</P>
|
|
|
|
<P>Klimmins J, Dinkel C, Walters D. Telecommunications security<BR>
|
|
guidelines for telecommunications management network.<BR>
|
|
Gaithersburg (MD): National Institute of Standards and Technology<BR>
|
|
(US); 1995 Oct. 37 p. (NIST special publication; 800-13).<BR>
|
|
Available from: US GPO, Washington; SN003-003-03376-6. <BR>
|
|
<BR>
|
|
Leon BJ, Narayanan R. Network management information for system<BR>
|
|
control. In: Proceedings of GLOBECOM '93. IEEE Global<BR>
|
|
Telecommunications Conference; 1993 Nov 29 - Dec 2; Houston, TX.<BR>
|
|
Vol. 3. New York: IEEE; 1993. p. 1553-7.</P>
|
|
|
|
<P>McWilliams S. How Boston's Beth Israel Hospital copes with<BR>
|
|
security on the Internet. IS Anal 1994 Dec;33(12):12-6. <BR>
|
|
<BR>
|
|
Moehr JR, McDaniel JG. Security precautions for networked<BR>
|
|
computers. Dimens Health Serv 1991 Apr;68(3):21-4. <BR>
|
|
<BR>
|
|
National Institute of Standards and Technology (US), Computer<BR>
|
|
Systems Laboratory. Standard security label for information<BR>
|
|
transfer. Gaithersburg (MD): The Institute; 1994 Sep. (Federal<BR>
|
|
information processing standards; FIPS PUB 188). Available from:<BR>
|
|
NTIS, Springfield, VA. </P>
|
|
|
|
<P>Pfitzmann A, Pfitzmann B. Security in medical networks. In:<BR>
|
|
Commission of the European Communities DG XIII/F AIM. Data<BR>
|
|
protection and confidentiality in health informatics: handling<BR>
|
|
health data in Europe in the future. Washington: IOS Press;<BR>
|
|
1991. p. 231-48. (Studies in health technology and informatics;<BR>
|
|
vol. 1).</P>
|
|
|
|
<P>Private Branch Exchange (PBX) security guidelines. Gaithersburg<BR>
|
|
(MD): National Institute of Standards and Technology (US),<BR>
|
|
Computer Systems Laboratory; 1993 Sep. Report No.: NIST GCR<BR>
|
|
93-635. Available from: NTIS, Springfield, VA; PB94-100880.</P>
|
|
|
|
<P>Rotenberg M. Communications privacy: implications for network<BR>
|
|
design. Commun ACM 1993 Aug;36(8):61-9.<BR>
|
|
<BR>
|
|
Vaughan-Nichols S. Safety nets and Unix networks. Comput Shopp<BR>
|
|
1991 Dec;11(12):770-2. <BR>
|
|
<BR>
|
|
Wack JP, Carnahan LJ. Keeping your site comfortably secure: an<BR>
|
|
introduction to Internet firewalls. Gaithersburg (MD): National<BR>
|
|
Institute of Standards and Technology (US), Computer Systems<BR>
|
|
Laboratory; 1994 Dec. (NIST special publication; 800-10). <BR>
|
|
Available from: US GPO, Washington; SN003-03313-8.</P>
|
|
|
|
<P>
|
|
IMAGES &amp; TELEMEDICINE</P>
|
|
|
|
<P>
|
|
Gilbert F. How to minimize the risk of disclosure of patient<BR>
|
|
information used in telemedicine. Telemed J 1995;1(2):91-4. <BR>
|
|
<BR>
|
|
Kuroda C, Yoshioka H, Kadota T, Narumi Y, Okamoto H, Kumatani T,<BR>
|
|
Hiruma O, Kumatani Y, Yoshida J. Small PACS for digital medical<BR>
|
|
images--reliability and security in a clinical setting. Comput<BR>
|
|
Methods Programs Biomed 1994 May;43(1-2):101-6.</P>
|
|
|
|
<P>Manny B. Professional practice forum: photographs and<BR>
|
|
videotapes. J AHIMA 1992 Dec;63(12):24-6. </P>
|
|
|
|
<P>Norton SA, Lindborg CE, Delaplain CB. Consent and privacy in<BR>
|
|
telemedicine. Hawaii Med J 1993 Dec;52(12):340-1. </P>
|
|
|
|
<P>Ohyama N. IS &amp; C system and file protection mechanism. Comput<BR>
|
|
Methods Programs Biomed 1994 May;43(1-2):37-42.</P>
|
|
|
|
<P>Parsons DF. Progress and problems of interhospital consulting by<BR>
|
|
computer networking. Ann N Y Acad Sci 1992 Dec 17;670:1-11. <BR>
|
|
<BR>
|
|
Savkar S, Waters RJ. Telemedicine - implications for patient<BR>
|
|
confidentiality and privacy. Health Inf Syst Telemed 1995;<BR>
|
|
(1):4-7.</P>
|
|
|
|
<P>Smith JP. Ensuring confidentiality on computer networks. Diagn<BR>
|
|
Imaging (San Franc) 1995 Jul;17(7):43-4, 47.</P>
|
|
|
|
<P>Yachida M, Kitagawa H. [File security techniques on Image Save<BR>
|
|
and Carry system]. J Inst Telev Eng Jpn 1993 Feb;47(2):154-7.<BR>
|
|
(Jpn).</P>
|
|
|
|
<P>
|
|
SECONDARY USAGE OF HEALTH DATA</P>
|
|
|
|
<P>
|
|
Research &amp; Quality Review</P>
|
|
|
|
<P>
|
|
Agency for Health Care Policy and Research (US). Report to<BR>
|
|
Congress: the feasibility of linking research-related data bases<BR>
|
|
to federal and non-federal medical adminstrative data bases.<BR>
|
|
Rockville (MD): The Agency; 1991 Apr. (AHCPR Pub; no. 91-0003). <BR>
|
|
<BR>
|
|
Benbassat J, Levy M. Ethical and legal problems in researcher's<BR>
|
|
access to data stores. In: Allebeck P, Jannsson B, editors.<BR>
|
|
Ethics in medicine: individual integrity versus demands of<BR>
|
|
society. New York: Raven Press; 1990. p. 159-65. <BR>
|
|
<BR>
|
|
Bentley-Cooper JE. Protecting human research from an invasion of<BR>
|
|
privacy: the unintended results of the Commonwealth Privacy Act<BR>
|
|
1988. Aust J Public Health 1991 Sep;15(3):228-34. <BR>
|
|
<BR>
|
|
Berglund CA. Australian standards for privacy and<BR>
|
|
confidentiality of health records in research: implications of<BR>
|
|
the Commonwealth Privacy Act. Med J Aust 1990 Jun<BR>
|
|
18;152(12):664-9.</P>
|
|
|
|
<P>Beto JA, Geraci MC, Marshall PA, Bansal VK. Pharmacy computer<BR>
|
|
prescription databases: methodologic issues of access and<BR>
|
|
confidentiality. Ann Pharmacother 1992 May;26(5):686-91. </P>
|
|
|
|
<P>Clayton EW. Panel comment: why the use of anonymous samples for<BR>
|
|
research matters. J Law Med Ethics 1995;23(4):375-7.</P>
|
|
|
|
<P>Donaldson MS. Regional health databases, health services<BR>
|
|
research, and confidentiality: summary of an invitational<BR>
|
|
workshop. National Implications of the Development of Regional<BR>
|
|
Health Database Organizations; 1994 Jan 31-Feb 1; Washington.<BR>
|
|
Washington: Institute of Medicine; 1994. 49 p.</P>
|
|
|
|
<P>Donaldson MS, Lohr KN, editors. Health data in the information<BR>
|
|
age: use, disclosure, and privacy. Washington: National Academy<BR>
|
|
Press; 1994. 257 p.</P>
|
|
|
|
<P>Edouard L, Rawson NS. Use of personal records for research<BR>
|
|
purposes. Identification numbers help maintain confidentiality<BR>
|
|
[letter]. BMJ 1995 Jan 28;310(6974):257-8. Comment on: BMJ 1994<BR>
|
|
Nov 26;309(6966):1422-4.</P>
|
|
|
|
<P>Fayerweather WE, Tirey SL, Baldwin JK, Hoover BK. Issues in data<BR>
|
|
sharing and access: an industry perspective. J Occup Med 1991<BR>
|
|
Dec;33(12):1253-6. <BR>
|
|
<BR>
|
|
Flaherty DH. Privacy, confidentiality, and the use of Canadian<BR>
|
|
health information for research and statistics. Can Public Adm<BR>
|
|
1992 Spring;35(1):75-93.</P>
|
|
|
|
<P>Gostin LO, Lazzarini Z. Childhood immunization registries. A<BR>
|
|
national review of public health information systems and the<BR>
|
|
protection of privacy. JAMA 1995 Dec 13;274(22):1793-9.</P>
|
|
|
|
<P>Gulbinat W. Dialogue: will the increased integration of<BR>
|
|
information systems necessitate lowering standards for patient<BR>
|
|
confidentiality and data privacy? Balancing individual and<BR>
|
|
societal needs: micro- vs. macro-ethics. Behav Healthc Tomorrow<BR>
|
|
1994 Jan-Feb;3(1):32, 39-41.</P>
|
|
|
|
<P>Hakulinen T. [Cancer registry and data security]. Nord Med<BR>
|
|
1993;108(8-9):213-5. (Swe).</P>
|
|
|
|
<P>Harding N, Giles A, Graveney M. Evolution and protection of the<BR>
|
|
health care record as a European document. In: Commission of the<BR>
|
|
European Communities DG XIII/F AIM. Data protection and<BR>
|
|
confidentiality in health informatics: handling health data in<BR>
|
|
Europe in the future. Washington: IOS Press; 1991. p. 88-121.<BR>
|
|
(Studies in health technology and informatics; vol. 1).<BR>
|
|
<BR>
|
|
Helgason T. Epidemiological research needs access to data. <BR>
|
|
Scand J Soc Med 1992 Sep;20(3):129-33. </P>
|
|
|
|
<P>Jones JK, Staffa J, Lian J, Miwa L. Record linkages. Eur J Clin<BR>
|
|
Res 1994;6:87-91.</P>
|
|
|
|
<P>Kluge EH. Advanced patient records: some ethical and legal<BR>
|
|
considerations touching medical information space. Methods Inf<BR>
|
|
Med 1993 Apr;32(2):95-103. Comment in: Methods Inf Med 1993<BR>
|
|
Apr;32(2):104-7.</P>
|
|
|
|
<P>Kluge EH. Health information, the fair information principles<BR>
|
|
and ethics. Methods Inf Med 1994 Oct;33(4):336-45. Comment in:<BR>
|
|
Methods Inf Med 1994 Oct;33(4):348-50.</P>
|
|
|
|
<P>Lawrence LM. Safeguarding the confidentiality of automated<BR>
|
|
medical information. Jt Comm J Qual Improv 1994<BR>
|
|
Nov;20(11):639-46.</P>
|
|
|
|
<P>Lincoln TL. Privacy: a real-world problem with fuzzy boundaries<BR>
|
|
[editorial]. Methods Inf Med 1993 Apr;32(2):104-7. Comment on:<BR>
|
|
Methods Inf Med 1993 Apr;32(2):95-103. </P>
|
|
|
|
<P>Lincoln TL, Essin DJ. In search of rules for confidentiality: a<BR>
|
|
critique of oneproposal [editorial]. Methods Inf Med 1994<BR>
|
|
Oct;33(4):348-50. Comment on: Methods Inf Med 1994<BR>
|
|
Oct;33(4):336-45.</P>
|
|
|
|
<P>Logan JA 3rd, Hebbeler G. Formatting and presenting quality data<BR>
|
|
to medical staffs and hospital boards. Physician Exec 1994 Oct;<BR>
|
|
20(10):19-21. </P>
|
|
|
|
<P>Lousson JP. [Teletransmission, health care and deontology]. Ann<BR>
|
|
Pharm Fr 1995;53(2):79-82. (Fre).</P>
|
|
|
|
<P>Lowel H, Lewis M, Gostomzyk J, Keil U. [Population-based heart<BR>
|
|
infarct register in the Augsburg region: possibilities and<BR>
|
|
limitations]. Soz Praventivmed 1991;36(3):159-65. (Ger).</P>
|
|
|
|
<P>Lynge E. European directive on confidential data: a threat to<BR>
|
|
epidemiology [editorial]. BMJ 1994 Feb 19;308(6927):490. <BR>
|
|
Comment on: BMJ 1994 Feb 19;308(6927):522-3. </P>
|
|
|
|
<P>McClure ML. The uses and abuses of large data sets. J Prof Nurs<BR>
|
|
1991 Mar-Apr;7(2):72.</P>
|
|
|
|
<P>Panda SK, Nagabhushanam A. Fuzzy data distortion. Comput Stat<BR>
|
|
Data Anal 1995 May;19(5):553-62.</P>
|
|
|
|
<P>Reilly PR. Panel comment: the impact of the Genetic Privacy Act<BR>
|
|
on medicine. J Law Med Ethics 1995;23(4):378-81.</P>
|
|
|
|
<P>Schrage R. [Cancer register problems--modified reporting law<BR>
|
|
model for the improvement of data protection]. Offentl<BR>
|
|
Gesundheitswes 1991 Nov;53(11):746-52. (Ger).</P>
|
|
|
|
<P>Ten Ham M. Confidentiality of medical databases and<BR>
|
|
pharmaco-epidemiology. Drug Inf J 1995;29(1):343-49.</P>
|
|
|
|
<P>Thomas SP. Issues in data management and storage. J Neurosci<BR>
|
|
Nurs 1993 Aug;25(4):243-5.</P>
|
|
|
|
<P>Tuchsen F, Bach E, Andersen O, Jorgensen J. The use of a<BR>
|
|
national hospital register for hypothesis generation. Inf Serv<BR>
|
|
Use 1990;10(1-2):15-23.</P>
|
|
|
|
<P>van der Leer OF. The use of personal data for medical research:<BR>
|
|
how to deal with new European privacy standards. Int J Biomed<BR>
|
|
Comput 1994 Feb;35 Suppl:87-95.</P>
|
|
|
|
<P>Verloove-Vanhorick SP, Brand R. [Perinatal registration: a pilot<BR>
|
|
study of matching of data from the National Obstetrics<BR>
|
|
Registration and the National Neonatology Registration]. Ned<BR>
|
|
Tijdschr Geneeskd 1992 Oct 24;136(43):2127-31. (Dut)</P>
|
|
|
|
<P>Walsh M, Cortez F. Quality assurance system must balance<BR>
|
|
functionality with data security. Comput Nurs 1991<BR>
|
|
Jan-Feb;9(1):27-8.</P>
|
|
|
|
<P>Wan L. The legality of unlinked anonymous screening for HIV<BR>
|
|
infection: the U.S. approach. Health Policy 1990<BR>
|
|
Jan-Feb;14(1):29-35.</P>
|
|
|
|
<P>Westrin CG. Ethical, legal, and political problems affecting<BR>
|
|
epidemiology in European countries. IRB 1993 May-Jun;15(3):6-8.</P>
|
|
|
|
<P>
|
|
Statistics</P>
|
|
|
|
<P>
|
|
Ahituv N, Lapid Y, Neumann S. Protecting statistical databases<BR>
|
|
against retrieval of private information. Comput Secur 1988<BR>
|
|
Feb;7(1):59-63.</P>
|
|
|
|
<P>Denning DE, Schlorer J. Inference controls for statistical<BR>
|
|
databases. Computer 1983 Jul:69-82.</P>
|
|
|
|
<P>Duncan GT, Jabine TB, de Wolf VA, editors. Private lives and<BR>
|
|
public policies: confidentiality and accessibility of government<BR>
|
|
statistics. Washington: National Academy Press; 1993.</P>
|
|
|
|
<P>Guynes CS, Maples GE, Prybutok VR. Privacy issues in statistical<BR>
|
|
database environments. Comput Soc 1995 Dec;25(4):3-5.</P>
|
|
|
|
<P>Hoffman LJ, Miller WF. Getting a personal dossier from a<BR>
|
|
statistical data bank. Datamation 1970 May;16(5):74-5.</P>
|
|
|
|
<P>Ozsoyoglu G, Chin FY. Enhancing the security of statistical<BR>
|
|
databases with a question-answering system and a kernel design.<BR>
|
|
IEEE Transact Softw Eng 1982 May;SE-8(3):223-34.</P>
|
|
|
|
<P>Thelot B. [A general solution to the linkage of anonymous<BR>
|
|
medical data]. C R Acad Sci III 1990;310(8):333-8. (Fre).</P>
|
|
|
|
<P>
|
|
SMART CARDS</P>
|
|
|
|
<P>
|
|
Allaert FA, Dusserre L. Security of health information system in<BR>
|
|
France: what we do will no longer be different from what we tell.<BR>
|
|
Int J Biomed Comput 1994 Feb;35 Suppl:201-4.</P>
|
|
|
|
<P>Boulanger MH. Legal aspects of the medical data card. I. Comput<BR>
|
|
Law Secur Rep 1990 Sep-Oct;6(3):8-11.</P>
|
|
|
|
<P>Card technologies. Toward Electron Patient Rec 1993 Oct;Analysis<BR>
|
|
3:1-6.</P>
|
|
|
|
<P>Chaum D, editor. Smart Card 2000. Selected papers from the 2nd<BR>
|
|
International Smart Card 2000 Conference; 1989 4-6 Oct;<BR>
|
|
Amsterdam, Netherlands. Amsterdam: North-Holland; 1991. 206 p.</P>
|
|
|
|
<P>de Martino A. The laser card: a challenge for physicians. In:<BR>
|
|
Waegemann CP, editor. Patient care with computers and cards. 5th<BR>
|
|
Global Congress on Patient Cards and Computerization of Health<BR>
|
|
Records; 1993 Jun 7-9; Venice, Italy. Newton (MA): Medical<BR>
|
|
Records Institute; 1993. p. 33-5.</P>
|
|
|
|
<P>Guanyabens J, Baig B. AIM coordinated action on patient data<BR>
|
|
cards. In: Noothoven van Goor J, Christensen JP, editors. <BR>
|
|
Advances in medical informatics: results of the AIM Exploratory<BR>
|
|
Action. Washington: IOS Press; 1992. p. 393-96. (Studies in<BR>
|
|
health technology and informatics; vol. 2).</P>
|
|
|
|
<P>Guibert H, Gamache A. Optical memory card applicability for<BR>
|
|
implementing a portable medical record. Med Inf (Lond) 1993<BR>
|
|
Jul-Sep;18(3):271-8. </P>
|
|
|
|
<P>Gunner C. Portable health card interface for multiple health care<BR>
|
|
applications. In: 3rd Global Conference on Patient Cards; 1991<BR>
|
|
Mar 12-15; Barcelona, Spain. Newton (MA): Medical Records<BR>
|
|
Institute; 1991. p. 305-16.</P>
|
|
|
|
<P>Hartleb U. Administrative aspects of data protection. In:<BR>
|
|
Commission of the European Communities DG XIII/F AIM. Data<BR>
|
|
protection and confidentiality in health informatics: handling<BR>
|
|
health data in Europe in the future. Washington: IOS Press;<BR>
|
|
1991. p. 334-49. (Studies in health technology and informatics;<BR>
|
|
vol. 1).</P>
|
|
|
|
<P>Hayes G. The AIM Patient Data Card Working Group's view of<BR>
|
|
security. In: 3rd Global Conference on Patient Cards; 1991 Mar<BR>
|
|
12-15; Barcelona, Spain. Newton (MA): Medical Records Institute;<BR>
|
|
1991. p. 280-3.</P>
|
|
|
|
<P>Klein GO. Smart cards--a security tool for health information<BR>
|
|
systems. Int J Biomed Comput 1994 Feb;5 Suppl:147-51.</P>
|
|
|
|
<P>Kohler CO, Rienhoff O, Schaeffer OP, editors. Health cards '95.<BR>
|
|
Proceedings of the Health Cards '95 Conference; 1995 Oct 23-26;<BR>
|
|
Frankfurt. Washington: IOS Press; 1995. 372 p. (Studies in health<BR>
|
|
technology and informatics; vol. 26).</P>
|
|
|
|
<P>Krings G. Intelligent memory chips for smart cards. Siemens<BR>
|
|
Compon (Eng Ed) 1994 Jan-Feb;29(1):13-7.</P>
|
|
|
|
<P>Kuhnel E, Klepser G, Engelbrecht R. Smart cards and their<BR>
|
|
opportunities for controlling health information systems. Int J<BR>
|
|
Biomed Comput 1994 Feb;35 Suppl:153-7.</P>
|
|
|
|
<P>Martelli M, Tenneriello L. The CP8 smart card: a technology for<BR>
|
|
solutions in medical areas. In: Waegemann CP, editor. Patient<BR>
|
|
care with computers and cards. 5th Global Congress on Patient<BR>
|
|
Cards and Computerization of Health Records; 1993 Jun 7-9;<BR>
|
|
Venice, Italy. Newton (MA): Medical Records Institute; 1993. p.<BR>
|
|
36-8.</P>
|
|
|
|
<P>Nguyen Nam T, Printz Y, Saadoui S, Nicolay A. Benefit and risk<BR>
|
|
assessment of computerized health cards: a case study. In:<BR>
|
|
Berleur J, Beardon C, Laufer R, editors. Proceedings of the IFIP<BR>
|
|
WG9.2 Working Conference on Facing the Challenge of Risk and<BR>
|
|
Vulnerability in an Information Society; 1993 May 20-22; Namur,<BR>
|
|
Belgium. Amsterdam: Elsevier Science Pub.; 1993. p. 153-60. (IFIP<BR>
|
|
transactions A (computer science and technology); vol. A-33).</P>
|
|
|
|
<P>Pangalos G. Design and implementation of computer-readable<BR>
|
|
patient data cards--applications in Europe. Med Inf (Lond) 1992<BR>
|
|
Oct-Dec;17(4):243-56.</P>
|
|
|
|
<P>Paradinas P, Vandewalle JJ. A personal and portable database<BR>
|
|
server: the CQL card. In: Litwin W, Risch T, editors.<BR>
|
|
Proceedings of 1994 International Conference on Applications of<BR>
|
|
Databases; 1994 Jun 21-23; Vadstena, Sweden. Berlin:<BR>
|
|
Springer-Verlag; 1994. p. 444-57.</P>
|
|
|
|
<P>Pernice A, Doare H, Rienhoff O, editors. Healthcare card systems,<BR>
|
|
EUROCARDS concerted action, European Commission, Healthcare<BR>
|
|
Telematics, DG XIII-C4. Washington: IOS Press; 1995. 218 p.<BR>
|
|
(Studies in health technology and informatics; vol. 22).</P>
|
|
|
|
<P>Poullet Y, Boulanger MH. Data protection-medicine. III. Towards<BR>
|
|
a new normative framework. Comput Law Secur Rep 1991<BR>
|
|
Jan-Feb;6(5):18-23.</P>
|
|
|
|
<P>Poullet Y, Boulanger MH. Part II-existing regulations applicable<BR>
|
|
to medical data cards. Comput Law Secur Rep 1990<BR>
|
|
Nov-Dec;6(4):25-8.</P>
|
|
|
|
<P>Quisquater JJ. Practical zero-knowledge protocols. In:<BR>
|
|
Proceedings of Compsec International 1990; 1990 Oct 10-12;<BR>
|
|
London. Oxford (UK): Elsevier Advanced Technol.; 1990. p. 427-8.</P>
|
|
|
|
<P>Rossing N, Pernice A. Harmonized developments of patient data<BR>
|
|
cards in the European Community. Toward Electron Patient Rec<BR>
|
|
1993 Oct;Analysis 3:6-10.</P>
|
|
|
|
<P>Scherrer JR. Smart cards and medical data protection. In: 3rd<BR>
|
|
Global Conference on Patient Cards; 1991 Mar 12-15; Barcelona,<BR>
|
|
Spain. Newton (MA): Medical Records Institute; 1991. p. 276-9.</P>
|
|
|
|
<P>Seaton B. The smart card: a tool for smart hospitals. Dimens<BR>
|
|
Health Serv 1991 Apr;68(3):15-8.</P>
|
|
|
|
<P>Takac PF. A discussion of the application of smart cards within<BR>
|
|
health care. Int J Comput Appl Technol 1993;6(2-3):112-21.</P>
|
|
|
|
<P>Waegemann CP. The role of patient cards in health care. Toward<BR>
|
|
Electron Patient Rec 1993 Oct;2(3):1, 3-4, 8-15.</P>
|
|
|
|
<P>
|
|
LAWS, REGULATIONS, LEGAL ASPECTS</P>
|
|
|
|
<P>
|
|
Federal</P>
|
|
|
|
<P> - Laws, Bills, &amp; Regulations</P>
|
|
|
|
<P>
|
|
A Bill to Safeguard Individual Privacy of Genetic Information<BR>
|
|
from the Misuse of Records Maintained by Agencies or Their<BR>
|
|
Contractors or Grantees for the Purpose of Research, Diagnosis,<BR>
|
|
Treatment, or Identification of Genetic Disorders, and to Provide<BR>
|
|
to Individuals Access to Records Concerning their Genome which<BR>
|
|
are Maintained by Agencies for Any Purpose. H.R. 2045, 102d<BR>
|
|
Cong., 1st Sess. (1991). Introduced April 24, 1991 by John<BR>
|
|
Conyers.</P>
|
|
|
|
<P>Civil money penalties for failure to report on medical<BR>
|
|
malpractice payments and for breaching the confidentiality of<BR>
|
|
information--HHS. Final rule. Fed Regist 1991 Jun<BR>
|
|
21;56(120):28488-94.</P>
|
|
|
|
<P>Fair Health Information Practices Act of 1995. H.R.435, 104th<BR>
|
|
Congress, 1st Sess. (1995). Introduced by Gary Condit,<BR>
|
|
California.</P>
|
|
|
|
<P>Federal Privacy Act of 1974, 5 U.S.C. Sec. 552a (1988).</P>
|
|
|
|
<P>Medicaid program: computer matching and privacy protection for<BR>
|
|
Medicaid eligibility--HCFA. Final rule. Fed Regist 1994 Jan<BR>
|
|
31;59(20):4252-5.</P>
|
|
|
|
<P>Medical Records Confidentiality Act of 1995. S.1360, 104th<BR>
|
|
Congress, 1st Sess. (1995). Introduced by Robert Bennett, Utah.</P>
|
|
|
|
<P>Smith RE, Sulanowski JS, editors. Compilation of state and<BR>
|
|
federal privacy laws. Providence (RI): Privacy Journal; 1992. <BR>
|
|
Medical records; p. 32-7.</P>
|
|
|
|
<P>
|
|
- Legal Aspects - Commentary</P>
|
|
|
|
<P>
|
|
Alpert S. Smart cards, smarter policy. Medical records, privacy,<BR>
|
|
and health care reform. Hastings Cent Rep 1993<BR>
|
|
Nov-Dec;23(6):13-23.</P>
|
|
|
|
<P>American Health Information Management Association. Health<BR>
|
|
information model legislation language. Chicago: AHIMA; 1993<BR>
|
|
Feb. 14 p.</P>
|
|
|
|
<P>American Health Information Management Association. Language for<BR>
|
|
model health information legislation on creation, authentication<BR>
|
|
and retention of computer-based patient records. Chicago: AHIMA;<BR>
|
|
1995 May. 6 p.</P>
|
|
|
|
<P>Andresen DC. The computerization of health care: can patient<BR>
|
|
privacy survive? J Health Hosp Law 1993 Jan;26(1):1-10, 19.</P>
|
|
|
|
<P>Annas GJ, Glantz LH, Roche PA. Drafting the Genetic Privacy Act:<BR>
|
|
science, policy, and practical considerations. J Law Med Ethics<BR>
|
|
1995;23(4):360-6.</P>
|
|
|
|
<P>Brannigan V, Beier B. Standards for privacy in medical<BR>
|
|
information systems: a technico-legal revolution. Proc Annu Symp<BR>
|
|
Comput Appl Med Care 1990;14:266-70.</P>
|
|
|
|
<P>Brannigan VM. Behavioral healthcare computer systems and the<BR>
|
|
law: the problem of privacy. Behav Healthc Tomorrow 1994<BR>
|
|
Jan-Feb;3(1):57-61.<BR>
|
|
<BR>
|
|
Brannigan VM. Protecting the privacy of patient information in<BR>
|
|
clinical networks: regulatory effectiveness analysis. Ann N Y<BR>
|
|
Acad Sci 1992 Dec 17;670:190-201.</P>
|
|
|
|
<P>Brannigan VM. Protection of patient data in multi-institutional<BR>
|
|
medical computer networks: regulatory effectiveness analysis.<BR>
|
|
Proc Annu Symp Comput Appl Med Care 1993;17:59-63.</P>
|
|
|
|
<P>Branscomb AW. Who owns information? From privacy to public<BR>
|
|
access. New York: BasicBooks; 1994. Chapter 3, Who owns your<BR>
|
|
medical history; p. 54-72, 202-8. </P>
|
|
|
|
<P>Collins HL. Legal risks of computer charting . RN 1990<BR>
|
|
May;53(5):81-6. Published erratum appears in RN 1990 Sep;53(9):9.</P>
|
|
|
|
<P>Cummings NB. Patient confidentiality. Second Opin 1993<BR>
|
|
Oct;19(2):112-6.</P>
|
|
|
|
<P>Frawley KA. Achieving the CPR while keeping an ancient oath.<BR>
|
|
Healthc Inform 1995 Apr;12(4):28-30.<BR>
|
|
<BR>
|
|
Gobis LJ. Protecting the confidentiality of computerized medical<BR>
|
|
records, preparing for litigation. Healthspan 1994<BR>
|
|
Sep;11(8):11-3.</P>
|
|
|
|
<P>Gostin LO. Genetic privacy. J Law Med Ethics 1995;23(4):320-30.</P>
|
|
|
|
<P>Gostin LO. Health information privacy. Cornell Law Rev 1995<BR>
|
|
Mar;80(3):451-528.</P>
|
|
|
|
<P>Gostin LO, Turek-Brezina J, Powers M, Kozloff R. Privacy and<BR>
|
|
security of health information in the emerging health care<BR>
|
|
system. Health Matrix 1995 Winter;5(1):1-36.</P>
|
|
|
|
<P>Gostin LO, Turek-Brezina J, Powers M, Kozloff R, Faden R,<BR>
|
|
Steinauer DD. Privacy and security of personal information in a<BR>
|
|
new health care system. JAMA 1993 Nov 24;270(20):2487-93.<BR>
|
|
Comment in: JAMA 1994 May 18;271(19):1484-5.</P>
|
|
|
|
<P>Green VL, Marsh CK. Unauthorized disclosure of medical records<BR>
|
|
opens facility to liability. Provider 1992 Sep;18(9):58-60.</P>
|
|
|
|
<P>Ivancic JM. Confidentiality of health care information: some<BR>
|
|
notable concerns. Perspect Healthc Risk Manag 1992<BR>
|
|
Winter;12(1):13-6.</P>
|
|
|
|
<P>Miller DW. Fulfilling the transcriptionist's responsibility for<BR>
|
|
information security. J Am Assoc Med Transcr 1995<BR>
|
|
May-Jun;14(3):30, 32-5.</P>
|
|
|
|
<P>Miller DW. Preserving the privacy of computerized patient<BR>
|
|
records. Healthc Inform 1993 Oct;10(10):72-4.</P>
|
|
|
|
<P>Oliver WW. Technology versus privacy: prescription<BR>
|
|
accountability in the health care delivery system. J Psychoact<BR>
|
|
Drugs 1992 Jul-Sep;24(3):285-90.</P>
|
|
|
|
<P>Reed K. Computerization of health care information: more<BR>
|
|
automation, less privacy. J Health Hosp Law 1994<BR>
|
|
Dec;27(12):353-68, 384.</P>
|
|
|
|
<P>Roach WH. Medical records and the law. 2nd ed. Gaithersburg<BR>
|
|
(MD): Aspen Pub.; 1994. 346 p.</P>
|
|
|
|
<P>Schwartz PM. The protection of privacy in health care reform. <BR>
|
|
Vanderbilt Law Rev 1995 Mar;48(2):VI-347.</P>
|
|
|
|
<P>Simpson RL. Ensuring patient data, privacy, confidentiality and<BR>
|
|
security. Nurs Manag 1994 Jul;25(7):18-20.</P>
|
|
|
|
<P>Tomes JP. Compliance guide to electronic health records: a<BR>
|
|
practical reference to legislation, codes, regulations, and<BR>
|
|
industry standards. New York: Faulkner &amp; Gray; 1996.</P>
|
|
|
|
<P>Tomes JP. Health care records management disclosure and<BR>
|
|
retention: the complete legal guide. Chicago: Probus Pub; 1994. <BR>
|
|
636 p.</P>
|
|
|
|
<P>Tyler JM. The Internet: legal rights and responsibilities. <BR>
|
|
Medsurg Nurs 1995 Jun;4(3):229-33.</P>
|
|
|
|
<P>van Dam MN. The scarlet letter A: AIDS in a computer society. <BR>
|
|
Comput Law J 1990 Apr;10(2):233-64.</P>
|
|
|
|
<P>Waldman MT, Tapay NH. Electronic data interchange and<BR>
|
|
computerized information systems: privacy and confidentiality<BR>
|
|
issues in a changing health care system. In: Group Health<BR>
|
|
Association of America. Navigating reform: HMOs and managed<BR>
|
|
care in a time of transition. Proceedings of the 44th Annual<BR>
|
|
Group Health Institute; 1994 Jun 5-8; Miami Beach, Florida.<BR>
|
|
Washington: The Association; 1994. p. 406-30.</P>
|
|
|
|
<P>Waller AA, Fulton DK. The electronic chart: keeping it<BR>
|
|
confidential and secure. J Health Hosp Law 1993 Apr;26(4):104-9.</P>
|
|
|
|
<P>Zick CJ. Legal aspects of medical records confidentiality. J<BR>
|
|
AHIMA 1995 May;66(5):57-62.</P>
|
|
|
|
<P>
|
|
State</P>
|
|
|
|
<P> - Laws, Bills, &amp; Regulations</P>
|
|
|
|
<P>
|
|
Boynton MM, Paltzer-Fleming J. Educating your patients about<BR>
|
|
health records--the new notice law. Minn Med 1994<BR>
|
|
Nov;77(11):57-61.</P>
|
|
|
|
<P>Buckner F. The uniform health-care information act: A<BR>
|
|
physician's guide to record and health care information<BR>
|
|
management. J Med Pract Manag 1990;5(3):207-12.</P>
|
|
|
|
<P>Health Care Access and Cost Commission - Medical Care Data Base<BR>
|
|
Collection - Notice and Informed Consent. H.R. 557, 410th Sess.<BR>
|
|
(1996) Maryland General Assembly. Also introduced as S. 702.</P>
|
|
|
|
<P>Jones R. Medical record access laws. J AHIMA 1992<BR>
|
|
Mar;63(3):29-34.</P>
|
|
|
|
<P>Medical Records Institute's State Watch Project. Toward Electron<BR>
|
|
Patient Rec 1995 Dec;4(5):14-23.</P>
|
|
|
|
<P>Patient confidentiality. Salt Lake City: Med-Index Pub.; 1993.<BR>
|
|
104 p.</P>
|
|
|
|
<P>
|
|
- Legal Aspects - Commentary</P>
|
|
|
|
<P>
|
|
Cohen JD. HIV/AIDS confidentiality: are computerized medical<BR>
|
|
records making confidentiality impossible? Softw Law J 1990<BR>
|
|
Oct;4(1):93-115.</P>
|
|
|
|
<P>Curran WJ, Stearns B, Kaplan H. Privacy, confidentiality and<BR>
|
|
other legal considerations in the establishment of a centralized<BR>
|
|
health-data system. N Engl J Med 1969 Jul 31;281(5):241-8.</P>
|
|
|
|
<P>Green JH. Confidentiality of medical records under Minnesota<BR>
|
|
law. Minn Med 1993 Oct;76(10):31-6.</P>
|
|
|
|
<P>Prentnieks ME. Minnesota access to health records. Practical<BR>
|
|
steps to complying with a confusing law. Minn Med 1992<BR>
|
|
Sep;75(9):39-41.</P>
|
|
|
|
<P>Ryland CF. Confidentiality of medical records. Md Bar J 1993<BR>
|
|
Jul-Aug;26(4):44-8.</P>
|
|
|
|
<P>Vilensky R. New York law on confidentiality of medical records.<BR>
|
|
(part 1). N Y State Bar J 1994 Jan;66(1):38-44.</P>
|
|
|
|
<P>Vilensky R. New York law on confidentiality of medical records.<BR>
|
|
(part 2). N Y State Bar J 1994 Feb;66(2):24-30.</P>
|
|
|
|
<P>
|
|
Other Countries</P>
|
|
|
|
<P> - Laws, Bills, &amp; Regulations</P>
|
|
|
|
<P>
|
|
Access to Health Records Act 1990. (Great Britain). Ind Relat<BR>
|
|
Leg Inf Bull 1991 Nov 1;(436):11-2. </P>
|
|
|
|
<P>Assia N. Data protection in Israel-the Protection of Privacy<BR>
|
|
Law. Comput Law Pract 1990 May-Jun;6(5):158-62.</P>
|
|
|
|
<P>Cavoukian A. The privacy provisions of the Freedom of<BR>
|
|
Information and Privacy Act. Health Law Can 1990;10(3):206-9.</P>
|
|
|
|
<P>Great Britain, Department of Health, National Health Service.<BR>
|
|
Access to Health Records Act, 1990: a guide for the NHS. London:<BR>
|
|
NHS Management Executive; 1991 Aug 23. 29 p.</P>
|
|
|
|
<P>Health Administration (Quality Assurance Committees) Amendment<BR>
|
|
Bill 1989, New South Wales. Aust Clin Rev 1990;10(1):19-21.</P>
|
|
|
|
<P>Laske C. Data protection laws in Europe. Toward Electron<BR>
|
|
Patient Rec 1995 Dec;4(5):1, 3-13.</P>
|
|
|
|
<P>Lee-Winser J. The Data Protection Act: a decade of data<BR>
|
|
protection in the NHS. Br J Healthc Comput Inf Manag 1995<BR>
|
|
Jun;12(5):20-1.</P>
|
|
|
|
<P>Revill S. Privacy Act 1993. Health sector perspective. N Z<BR>
|
|
Health Hosp 1993 Sep-Oct;45(5 Suppl):1-3.</P>
|
|
|
|
<P>
|
|
- Legal Aspects - Commentary</P>
|
|
|
|
<P>
|
|
Allaert FA, Dusserre L. Transborder flows of personal medical<BR>
|
|
data in Europe: legal and ethical approach. In: Lun KC, Degoulet<BR>
|
|
P, Piemme TE, Rienhoff O, editors. MEDINFO 92. Proceedings of the<BR>
|
|
7th World Congress on Medical Informatics; 1992 Sep 6-10; Geneva,<BR>
|
|
Switzerland. Vol. 2. Amsterdam: North-Holland; 1992. p. 1572-5. </P>
|
|
|
|
<P>Brahams D. Right of access to medical records [news]. Lancet<BR>
|
|
1994 Sep 10;344(8924):743.</P>
|
|
|
|
<P>Callens SH. The automatic processing of medical data in Belgium:<BR>
|
|
is the individual protected? Med Law 1993;12(1-2):55-9.</P>
|
|
|
|
<P>Cannataci JA. Legal aspects of picture archiving and<BR>
|
|
communications systems. Int J Biomed Comput 1992<BR>
|
|
May;30(3-4):209-14.</P>
|
|
|
|
<P>de Klerk A. The right of patients to have access to their<BR>
|
|
medical records: the position in South African law. Med Law<BR>
|
|
1993;12(1-2):77-83.</P>
|
|
|
|
<P>Dickens BM. Medical records - patient's right to receive copies<BR>
|
|
- physician's fiduciary duty of disclosure: McInerney v.<BR>
|
|
McDonald. (Canada). Can Bar Rev 1994 Jun;73(2):234-42.</P>
|
|
|
|
<P>Dierks C. Medical confidentiality and data protection as<BR>
|
|
influenced by modern technology. Med Law 1993;12(6-8):547-51.</P>
|
|
|
|
<P>European Parliament, Council of the European Union. Directive 95/<BR>
|
|
/EC of the European Parliament and of the Council of on the<BR>
|
|
protection of individuals with regard to the processing of<BR>
|
|
personal data and on the free movement of such data. Brussels:<BR>
|
|
The Council; 1995 Jul 20. 53 p.</P>
|
|
|
|
<P>Gritzalis D, Tomaras A, Katsikas S, Keklikoglou J. Medical data<BR>
|
|
protection: a proposal for a deontology code. J Med Syst <BR>
|
|
1990 Dec;14(6):375-86. <BR>
|
|
<BR>
|
|
Howard G. Implications of the access to Health Records Act 1990. <BR>
|
|
Occup Health (Lond) 1991 Oct;43(10):294-5.</P>
|
|
|
|
<P>Jones RB, McGhee SM, McGhee D. Patient on-line access to medical<BR>
|
|
records in general practice. Health Bull (Edinb) 1992<BR>
|
|
Mar;50(2):143-50.</P>
|
|
|
|
<P>Laske C. Legal aspects of digital image management and<BR>
|
|
communication. Med Inf (Lond) 1994 Apr-Jun;19(2):189-96.</P>
|
|
|
|
<P>Legemaate J. The right of psychiatric patients to access to<BR>
|
|
their records: Dutch developments. Med Law 1990;9(1):707-12.</P>
|
|
|
|
<P>Lobato de Faria P. Data protection and confidentiality in health<BR>
|
|
informatics: A survey of legal issues in the EC community. In:<BR>
|
|
Noothoven van Goor J, Christensen JP, editors. Advances in<BR>
|
|
medical informatics: results of the AIM Exploratory Action. <BR>
|
|
Washington: IOS Press; 1992. p. 358-67. (Studies in<BR>
|
|
health technology and informatics; vol. 2).</P>
|
|
|
|
<P>Lobato De Faria P. A survey of legal issues and gaps in legal<BR>
|
|
coverage in the EC. In: Commission of the European Communities<BR>
|
|
DG XIII/F AIM. Data protection and confidentiality in health<BR>
|
|
informatics: handling health data in Europe in the future.<BR>
|
|
Washington: IOS Press; 1991. p. 122-37. (Studies in health<BR>
|
|
technology and informatics; vol. 1).</P>
|
|
|
|
<P>Miller DW. What we can learn from the European privacy standard. <BR>
|
|
Healthc Inform 1992 Jul;9(7):92, 94.<BR>
|
|
<BR>
|
|
Naish J, Barr M. Records. Rights of access. Health Visit 1991<BR>
|
|
Sep;64(9):300-1.</P>
|
|
|
|
<P>Poullet Y. Legal aspects of data protection in medical<BR>
|
|
informatics. In: Commission of the European Communities DG<BR>
|
|
XIII/F AIM. Data protection and confidentiality in health<BR>
|
|
informatics: handling health data in Europe in the future. <BR>
|
|
Washington: IOS Press; 1991. p. 138-60. (Studies in health<BR>
|
|
technology and informatics; vol. 1).</P>
|
|
|
|
<P>Rienhoff O. Digital archives and communication highways in<BR>
|
|
health care require a second look at the legal framework of the<BR>
|
|
seventies. Int J Biomed Comput 1994 Feb;35 Suppl:13-9.</P>
|
|
|
|
<P>Robinson DM. A legal examination of computerized health<BR>
|
|
information. Health Law Can 1993;14(2):40-6.</P>
|
|
|
|
<P>Robinson DM. A legal examination of format, signature and<BR>
|
|
confidentiality aspects of computerized health information. In:<BR>
|
|
Lun KC, Degoulet P, Piemme TE, Rienhoff O, editors. MEDINFO 92.<BR>
|
|
Proceedings of the 7th World Congress on Medical Informatics;<BR>
|
|
1992 Sep 6-10; Geneva, Switzerland. Vol. 2. Amsterdam:<BR>
|
|
North-Holland; 1992. p. 1554-60.</P>
|
|
|
|
<P>Smith D. The challenges of new technologies applying the UK Data<BR>
|
|
Protection Act to document image processing. Int J Biomed Comput<BR>
|
|
1994 Feb;35 Suppl:81-6.</P>
|
|
|
|
<P>Tervo-Pellikka R. The principles of data protection concerning<BR>
|
|
patient related data in Finland. Int J Biomed Comput 1994 Feb;35<BR>
|
|
Suppl:39-50.</P>
|
|
|
|
<P>Thiry E. Personal medical and social data: their processing and<BR>
|
|
legal protection. Med Law 1993;12(6-8):643-9.</P>
|
|
|
|
<P>Vulliet-Tavernier S. [The protection of medical information data<BR>
|
|
in France]. In: Commission of the European Communities DG XIII/F<BR>
|
|
AIM. Data protection and confidentiality in health informatics:<BR>
|
|
handling health data in Europe in the future. Washington: IOS<BR>
|
|
Press; 1991. p. 181-90. (Studies in health technology and<BR>
|
|
informatics; vol. 1). (Fre).</P>
|
|
|
|
<P>Weigelt E, Scherb H. [Data protection and data access (I):<BR>
|
|
federal data protection law and the social welfare code with<BR>
|
|
reference to carrying out occupational medicine epidemiologic<BR>
|
|
studies in Germany]. Gesundheitswesen 1992 Nov;54(11):666-72.<BR>
|
|
(Ger)</P>
|
|
|
|
<P>Weigelt E, Scherb H. [Data protection and data access (II):<BR>
|
|
Physician's responsibility for confidentiality, federal<BR>
|
|
statistics law and data collection by authorization with<BR>
|
|
reference to implementing occupational medicine epidemiologic<BR>
|
|
studies in Germany]. Gesundheitswesen 1993 Jan;55(1):8-15.<BR>
|
|
(Ger).</P>
|
|
|
|
<P>
|
|
OTHER BIBLIOGRAPHIES</P>
|
|
|
|
<P>
|
|
Computer security and computer viruses [bibliography]. Tolland<BR>
|
|
(CT): NERAC, Inc.; 1995 Dec. Available from: NTIS, Springfield,<BR>
|
|
VA; PB96-858717. Prepared from Conference Papers Index.</P>
|
|
|
|
<P>Jaisingh C, Fountain P, compilers. Smart cards [bibliography].<BR>
|
|
London: Institute of Electrical Engineers; 1994. 91 p. Includes<BR>
|
|
information pack.</P>
|
|
|
|
<P>Tavani HT. A computer ethics bibliography. Comput Soc 1995<BR>
|
|
Dec;25(4):9-38. Section 7, Computers and privacy; p.18-24.</P>
|
|
|
|
<P>
|
|
ORGANIZATIONS</P>
|
|
|
|
<P>
|
|
General</P>
|
|
|
|
<P>Center for Democracy and Technology<BR>
|
|
1634 Eye Street NW, Suite 1100<BR>
|
|
Washington, DC 20006<BR>
|
|
202/637-9800 (Voice)<BR>
|
|
202/637-0968 (Fax)<BR>
|
|
Email: info@cdt.org<BR>
|
|
http://www.cdt.org</P>
|
|
|
|
<P>CERT (Computer Emergency Response Team) Coordination Center<BR>
|
|
Software Engineering Institute<BR>
|
|
Carnegie Mellon University<BR>
|
|
Pittsburgh, PA 15213-3890<BR>
|
|
412/268-7090 (24-Hour Hotline)<BR>
|
|
412/268-6989 (Fax)<BR>
|
|
Email: cert@cert.org<BR>
|
|
http://www.cert.org</P>
|
|
|
|
<P>Computer Professionals for Social Responsibility (CPSR)<BR>
|
|
P.O. Box 717<BR>
|
|
Palo Alto, CA 94302<BR>
|
|
415/322-3778 (Voice)<BR>
|
|
415/322-4748 (Fax)<BR>
|
|
Email: admin@cpsr.org<BR>
|
|
http://www.cpsr.org</P>
|
|
|
|
<P>Computer Science and Telecommunications Board<BR>
|
|
National Research Council<BR>
|
|
2101 Constitution Avenue, NW, HA560<BR>
|
|
Washington, DC 20418<BR>
|
|
202/334-2605 (Voice)<BR>
|
|
202/334-2318 (Fax)<BR>
|
|
Email: cstb@nas.edu<BR>
|
|
http://www.nas.edu</P>
|
|
|
|
<P>Computer Security Resource Clearinghouse <BR>
|
|
Computer Systems Laboratory<BR>
|
|
National Institute of Standards and Technology<BR>
|
|
Bldg. 820, Room 426<BR>
|
|
Gaithersburg, MD 20899<BR>
|
|
301/975-2832 (Voice)<BR>
|
|
301/975-3282 (Voice Hotline)<BR>
|
|
Email: ramona.roach@nist.gov<BR>
|
|
http://www.ncsl.nist.gov<BR>
|
|
http://csrc.nist.gov</P>
|
|
|
|
<P>Computer Security Technology Center<BR>
|
|
Lawrence Livermore National Laboratory<BR>
|
|
L-303<BR>
|
|
P.O. Box 808<BR>
|
|
Livermore, CA 94551<BR>
|
|
510/423-6224 (Voice)<BR>
|
|
510/423-8002 (Fax)<BR>
|
|
Email: cstc@llnl.gov<BR>
|
|
http://ciac.llnl.gov/</P>
|
|
|
|
<P>Electronic Frontier Foundation<BR>
|
|
1667 K Street, NW<BR>
|
|
Suite 801<BR>
|
|
Washington, DC 20006-1650<BR>
|
|
202/861-7700 (Voice)<BR>
|
|
202/861-1258 (Fax)<BR>
|
|
Email: info@eff.org<BR>
|
|
http://www.eff.org</P>
|
|
|
|
<P>Electronic Privacy Information Center<BR>
|
|
666 Pennsylvania Avenue, SE<BR>
|
|
Suite 301<BR>
|
|
Washington, DC 20003<BR>
|
|
202/544-9240 (Voice)<BR>
|
|
202/547-5482 (Fax)<BR>
|
|
Email: info@epic.org<BR>
|
|
http://epic.org</P>
|
|
|
|
<P>Information Infrastructure Task Force Secretariat<BR>
|
|
Susannah B. Schiller<BR>
|
|
Program Office<BR>
|
|
National Institute of Standards and Technology<BR>
|
|
A1000 Admin <BR>
|
|
Gaithersburg, MD 20899<BR>
|
|
301/975-4529 (Voice)<BR>
|
|
301/216-0529 (Fax)<BR>
|
|
Email: susannah.schiller@nist.gov<BR>
|
|
http://iitf.doc.gov</P>
|
|
|
|
<P>Internet Engineering Task Force<BR>
|
|
c/o Corporation for National Research Initiatives (CNRI)<BR>
|
|
1895 Preston White Drive<BR>
|
|
Suite 100<BR>
|
|
Reston, VA 22091<BR>
|
|
703/620-8990 (Voice)<BR>
|
|
Email: ietf-web@cnri.reston.va.us<BR>
|
|
http://www.cnri.reston.va.us</P>
|
|
|
|
<P>Internet Society<BR>
|
|
12020 Sunrise Valley Drive<BR>
|
|
Suite 270<BR>
|
|
Reston, VA 22091<BR>
|
|
703/648-9888 (Voice)<BR>
|
|
Email: isoc@isoc.org<BR>
|
|
http://info.isoc.org</P>
|
|
|
|
<P>National Computer Security Association<BR>
|
|
10 South Courthouse Avenue<BR>
|
|
Carlisle, PA 17013<BR>
|
|
717-258-1816 (Voice)<BR>
|
|
717-243-8642 (Fax)<BR>
|
|
Email: mlightfoot@ncsa.com<BR>
|
|
http://www.ncsa.com</P>
|
|
|
|
<P>National Security Agency<BR>
|
|
Publications Office<BR>
|
|
INFOSEC Awareness Division<BR>
|
|
Attn: Y13/IAOC<BR>
|
|
9000 Savage Road<BR>
|
|
Ft. Meade, MD 20755-6000<BR>
|
|
410/766-8729 (Voice)<BR>
|
|
http://www.nsa.org:8080</P>
|
|
|
|
<P>Privacy Forum<BR>
|
|
c/o Lauren Weinstein<BR>
|
|
Vortex Technology<BR>
|
|
Woodland Hills, CA<BR>
|
|
818/225-2800 (Voice)<BR>
|
|
818/225-7203 (Fax)<BR>
|
|
Email: privacy@vortex.com<BR>
|
|
http://www.vortex.com</P>
|
|
|
|
<P>Privacy Journal<BR>
|
|
P.O. Box 28577<BR>
|
|
Providence, RI 02908<BR>
|
|
401/274-7861 (Voice)<BR>
|
|
Email: 0005101719@mcimail.com</P>
|
|
|
|
<P>Privacy Rights Clearinghouse<BR>
|
|
Center for Public Interest Law<BR>
|
|
5998 Alcala Park<BR>
|
|
San Diego, CA 92110<BR>
|
|
619/260-4806 (Voice)<BR>
|
|
619/298-3396 (Voice Hotline)<BR>
|
|
619/260-4753 (Fax)<BR>
|
|
Email: prc@teetot.acusd.edu<BR>
|
|
http://www.manymedia.com/prc/</P>
|
|
|
|
<P>
|
|
Health</P>
|
|
|
|
<P>
|
|
American Bar Association<BR>
|
|
Section of Science and Technology<BR>
|
|
Health Care Informatics Subsection<BR>
|
|
Francoise Gilbert, Chair<BR>
|
|
Altheimer &amp; Gray<BR>
|
|
Suite 4000<BR>
|
|
10 South Wacker Drive<BR>
|
|
Chicago, Il 60606<BR>
|
|
312/715-4984 (Voice)<BR>
|
|
312/715-4800 (Fax)<BR>
|
|
Email: fgilbert@interserv.com</P>
|
|
|
|
<P>American Health Information Management Association (AHIMA)<BR>
|
|
919 N. Michigan Avenue, Suite 1400<BR>
|
|
Chicago, IL 60611<BR>
|
|
312/787-2672 (Voice)<BR>
|
|
312/787-5926 (Fax)<BR>
|
|
202/218-3535 (Voice - Washington, DC Office)<BR>
|
|
202/682-0078 (Fax - Washington, DC Office)<BR>
|
|
http://www.ahima.org</P>
|
|
|
|
<P>American Medical Informatics Association<BR>
|
|
4915 St. Elmo Avenue, Suite 401<BR>
|
|
Bethesda, MD 20814<BR>
|
|
301/657-1291 (Voice)<BR>
|
|
301/657-1296 (Fax)<BR>
|
|
Email: mail@amia2.amia.org<BR>
|
|
http://amia2.amia.org</P>
|
|
|
|
<P>American National Standards Institute<BR>
|
|
Healthcare Informatics Standards Planning Panel<BR>
|
|
11 West 42nd Street<BR>
|
|
New York, NY 10036<BR>
|
|
212/642-4969 (Voice)<BR>
|
|
212/398-0023 (Fax)<BR>
|
|
Email: scornish@ansi.org<BR>
|
|
http://www.ansi.org</P>
|
|
|
|
<P>American Society for Testing and Materials<BR>
|
|
Committee on Healthcare Informatics (E31)<BR>
|
|
(with Subcommittees:<BR>
|
|
E31.17 - Access, Privacy &amp; Confidentiality of Medical Records;<BR>
|
|
E31.20 - Authentication of Computer-Based Health Information;<BR>
|
|
E31.21 - Health Information Networks)<BR>
|
|
100 Barr Harbor Drive<BR>
|
|
West Conshohocken, PA 19428-2959<BR>
|
|
610/832-9555 (Voice)<BR>
|
|
610/832-9666 (Fax)<BR>
|
|
Email: tluthy@local.astm.org</P>
|
|
|
|
<P>Arent Fox Kintner Plotkin &amp; Kahn<BR>
|
|
Advisors in Technology and Information Law <BR>
|
|
(including Telemedicine)<BR>
|
|
1050 Connecticut Avenue, NW<BR>
|
|
Washington, DC 20036-5339<BR>
|
|
202/857-6000 (Voice)<BR>
|
|
202/857-6395 (Fax)<BR>
|
|
Email: infolaw@arentfox.com<BR>
|
|
http://www.arentfox.com/</P>
|
|
|
|
<P>American Telemedicine Association<BR>
|
|
901 15th Street, NW, Suite 230<BR>
|
|
Washington, DC 20005<BR>
|
|
202/408-1400 (Voice)<BR>
|
|
202/408-1134 (Fax)<BR>
|
|
Email: jlinkous@idi.net</P>
|
|
|
|
<P>Community Medical Network Society<BR>
|
|
5500 Interstate North Parkway, Suite 435<BR>
|
|
Atlanta, GA 30328<BR>
|
|
770/850-0540 (Voice)<BR>
|
|
770/850-9616 (Fax)<BR>
|
|
Email: comnet@comnetsociety.org<BR>
|
|
http://www.comnetsociety.org/~comnet</P>
|
|
|
|
<P>Computer-Based Patient Record Institute (CPRI)<BR>
|
|
1000 E. Woodfield Road, Suite 102<BR>
|
|
Schaumburg, IL 60173<BR>
|
|
847/706-6746 (Voice)<BR>
|
|
847/706-6747 (Fax)<BR>
|
|
Email: cprinet@aol.com<BR>
|
|
http://www.cpri.org</P>
|
|
|
|
<P>European Committee for Standardisation<BR>
|
|
Technical Committee 251 (Medical Informatics)<BR>
|
|
Working Group 6 (Healthcare Security, Privacy, Quality &amp; Safety)<BR>
|
|
Dr. Gunnar Klein, Chair<BR>
|
|
Swedish Institute for Health Services Development (SPRI)<BR>
|
|
P.O. Box 70487 S-10726<BR>
|
|
Stockholm, Sweden<BR>
|
|
46-8-7024745 (Voice)<BR>
|
|
46-8-7024799 (Fax)<BR>
|
|
Email: gunnar.klein@spri.se<BR>
|
|
http://miginfo.rug.ac.be:8001/centc251/prestand/wg6/wg6.htm</P>
|
|
|
|
<P>Health Information Confidentiality Resource Center<BR>
|
|
Health Information Administration<BR>
|
|
Health Services Department<BR>
|
|
School of Public Health and Community Medicine<BR>
|
|
University of Washington<BR>
|
|
1107 NE 45th Street, Suite 355 JD-02<BR>
|
|
Seattle, WA 98105<BR>
|
|
206/543-8810 (Voice)<BR>
|
|
206/685-4719 (Fax)<BR>
|
|
Email: mahanken@u.washington.edu</P>
|
|
|
|
<P>Interdepartmental Health Privacy Working Group<BR>
|
|
Nan D. Hunter, Chair<BR>
|
|
Deputy General Counsel<BR>
|
|
Department of Health and Human Services<BR>
|
|
Room 713 Humphrey Building<BR>
|
|
200 Independence Avenue<BR>
|
|
Washington, DC 20201<BR>
|
|
202/690-7780 (Voice)<BR>
|
|
202/690-7998 (Fax)<BR>
|
|
Email: nhunter@ospag.ssw.dhhs.gov</P>
|
|
|
|
<P>Medical Records Institute<BR>
|
|
567 Walnut Street<BR>
|
|
P.O. Box 289<BR>
|
|
Newton, MA 02160<BR>
|
|
617/964-3923 (Voice)<BR>
|
|
617/964-3926 (Fax)<BR>
|
|
Email: cust_serv@medrecinst.com<BR>
|
|
http://www.medrecinst.com</P>
|
|
|
|
<P>Workgroup for Electronic Data Interchange (WEDI)<BR>
|
|
10 Rogers Street, Unit 321<BR>
|
|
Cambridge, MA 02142<BR>
|
|
617/374-9170 (Voice)<BR>
|
|
617/494-0727 (Fax)<BR>
|
|
Email: wedi@shore.net</P>
|
|
|
|
</PRE>
|
|
<P><!-- ************************* Content end ************************* -->
|
|
<hr/>
|
|
<div id="archivemeta">
|
|
|
|
<strong>First published: </strong>31 December 1996<br/><strong>Last updated: </strong>31 December 1996<br/><strong>Date Archived: </strong>29 August 2004<br/><a href="http://www.nlm.nih.gov/cgi/viewMeta.pl?url=http://www.nlm.nih.gov/archive/20040829/pubs/cbm/confiden.html&description=full" onclick="javascript:openPopup('http://www.nlm.nih.gov/cgi/viewMeta.pl?url=http://www.nlm.nih.gov/archive/20040829/pubs/cbm/confiden.html&description=full'); return false;"><strong>Metadata</strong></a> | <strong> <a href="http://www.nlm.nih.gov/permlevels.html"onclick="javascript:openPopup('http://www.nlm.nih.gov/permlevels.html'); return false;">Permanence level</a>: </strong>Permanent: Stable Content<br/>
|
|
|
|
|
|
<p> </p>
|
|
<!-- BEGIN NLM FOOTER --></P></TD></TR>
|
|
<TR>
|
|
<TD vAlign=top noWrap>
|
|
<CENTER>
|
|
<HR width=550>
|
|
<FONT face="helvetica, arial" size=2><A
|
|
"http://www.nlm.nih.gov/nlmhome.html">U.S. National Library of
|
|
Medicine</A>, 8600 Rockville Pike, Bethesda, MD 20894 <BR><A
|
|
"http://www.nih.gov/">National Institutes of Health</A>, <A
|
|
"http://www.os.dhhs.gov/">Department of Health & Human
|
|
Services</A> <BR><A
|
|
"http://www.nlm.nih.gov/copyright.html">Copyright</A>, <A
|
|
"http://www.nlm.nih.gov/privacy.html">Privacy</A>, <A
|
|
"http://www.nlm.nih.gov/accessibility.html">Accessibility</A>
|
|
<BR>Last updated: 31 December 1996 <!-- EXPDATE="2005-12-31" --><!-- EMAIL="refweb@nlm.nih.gov" --></FONT></CENTER></TD></TR></TBODY></TABLE><!-- END NLM FOOTER -->
|
|
<p> </p>
|
|
<table width="100%" border="0" cellpadding="0" cellspacing="0" id="archeader">
|
|
<tr id="breadcrumb" >
|
|
<td colspan="5"><span id="arccontainerfooter">Home > <strong>NLM Archives</strong> > </span> <span id="disclaimerfooter"><strong>Document content is not current. Links may be broken.</strong></span><span class="spacer"></span></td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
|
|
<div id="footer">
|
|
<span id="subLeft"><a href="http://www.nlm.nih.gov/copyright.html">Copyright</a>, <a href="http://www.nlm.nih.gov/privacy.html">Privacy</a>, <a href="http://www.nlm.nih.gov/accessibility.html">Accessibility</a><br />
|
|
<a href="http://www.nlm.nih.gov">U.S. National Library of Medicine</a>, 8600 Rockville Pike, Bethesda, MD 20894<br />
|
|
<a href="http://www.nih.gov/">National Institutes of Health</a>, <a href="http://www.hhs.gov/">Health & Human
|
|
Services</a></span></div>
|
|
</body>
|
|
</html>
|
|
|
|
|
|
|
|
|
|
|