• No se han encontrado resultados

La Segunda Venida de Cristo: El poder curativo de Jesús

This  section  describes  some  specific  security  issues  involved  in  telemedicine  deployment.  

8.1 Synthesis  of  the  answers  to  the  questionnaire  

This   sub-­‐section   describes   the   methods   of   authentication   used   to   obtain   access   to   the   telemedicine  service  by  healthcare  professionals  or  other  health  service  employees;  whether   the  user  is  logged  out  after  a  certain  idle  time;  whether  data  transfer  is  encrypted;  whether   communication  is  performed  via  a  VPN  connection;  and  whether  all  access  to  the  system  or   service   is   logged   and   whether   anyone   inspects   the   logs.   All   these   aspects   of   security   are   important  in  order  to  ensure  an  adequate  level  of  information  security  for  the  telemedicine   service.    

Q29.1  Does  the  telemedicine  service  give  a  healthcare  professional  or  other  health  service   employees  access  to  patients’  health  information?    

  Figure  21:    Responses  to  Q29.1:  Can  health  service  employees  access  patient  information?   More  than  half  of  the  respondents  (15  out  of  26)  answered  yes  to  this  question.  However,   more  than  one-­‐third  (9  out  of  26)  of  the  respondents,  stated  that  their  service  does  not  give   access  to  patients’  health  information.    

To   this   SIG,   this   indicates   that   the   term   “access   to   patient’s   health   information”   is   not   interpreted   in   the   same   way   by   all   respondents.   Health   information   does   not   have   to   be   written   or   readable   electronic   information.   Listening   to   and   viewing   patients   via   video   conference  systems  also  implies  having  access  to  patients’  health  information.  It  seems,  from   the  answers  to  these  questions,  that  several  of  those  who  answered  no  to  this  question,  are   dealing  with  services  that  are  based  on  video  conferencing.    

When  looking  at  the  26  telemedicine  services  dealt  with  by  the  Momentum  survey,  we  would   assume   that   nearly   all   of   them   would   imply   that   there   is   access   to   patients’   health   information.  

Q29.1(1)   If   Yes,   which   methods   of   authentication   are   used   to   obtain   access   to   the   telemedicine  service,  including  the  patients’  health  information?    

  Figure  22:    Responses  to  Q29.1(1):  What  method  of  authentication  do  they  use?  

This  additional  question  was  answered  only  by  those  15  respondents  who  answered  yes  to   the  first  question  (Q29.1).    

Username   and   password   is   by   far   the   most   widespread   authentication   method,   as   this   answer  was  given  by  13  of  the  15  respondents.  Nearly  half  of  those  who  gave  this  response   (6  of  the  13)  said  that  the  method  combined  a  username  and  password  with  an  additional   authentication  method,  like  a  one-­‐time  password  or  URL  (3),  PIN  (3)  or  Smartcard/PKI  (1).     Only  one  of  the  15  respondents  has  answered  that  a  smartcard/PKI  is  used,  i.e.  not  together   with  username  and  password.  

One  respondent  answered  that  no  authentication  is  performed.  The  telemedicine  service  in   this   case   is   a   video   conference   service.   Video   conference   services   have   no   direct   authentication   method.   First,   authentication   of   the   caller   is   achieved   by   recognising   the   number/address   of   the   caller.   Second,   recognising   the   person   that   appears   in   the   video   image  is  also  an  implicit  authentication  method.  Authorisation  for  access  can  be  achieved  by   answering  known  calls  and  avoiding  answering  unknown  calls.  

Q29.2  Is  the  user  automatically  logged  out  from  the  system/service  after  a  certain  idle  time   (i.e.,  does  the  application  time  out)?  

  Figure  23:    Responses  to  Q29.2:  Does  the  application  time  out?  

Timeout  is  one  of  several  precautions  to  prevent  access  from  unauthorised  persons.  It  is  used   in  the  services  described  by  three-­‐quarters  of  the  respondents  (20  out  of  26).  However,  this   is  not  suitable  for  all  types  of  services.  For  infrastructure  services  like  a  health  network  or  a   call  centre,  it  is  not  obvious  that  one  should  close  down  the  service  in  periods  of  no  traffic.    

Q29.3  Is  the  data  transfer  (i.e.  communication)  encrypted?  

  Figure  24:    Responses  to  Q29.3:  Is  the  data  transfer  (i.e.  communication)  encrypted?  

Encrypted  communication  seems  to  be  the  usual  way  to  transfer  data,  as  indicated  by  more   than  three-­‐quarters  of  the  respondents  (20  out  of  26).  The  response  to  this  question  may  be   related  to  the  next  question  (the  use  of  VPN).    

It  should  be  noted  that  one  of  those  who  responded  no  to  this  question  said  in  the  response   to  question  6.3  (Description  of  the  telemedicine  service)  that  “secure  http”  is  used,  which  in   fact  means  SSL  or  TLS,  i.e.  encryption  at  the  transport  level.  

It  is  unclear  whether  encryption  is  a  requirement  in  all  countries.  In  Norway,  encryption  is   required  when  communicating  sensitive  information  outside  local/internal  network.  It  is  not,   however,   mentioned   as   a   requirement   in   the   personal   data   protection   directive   (Directive   95/46/EC).  

Q29.4  Is  the  communication  performed  via  a  VPN  connection?  

  Figure  25:    Responses  to  Q29.4:  Is  the  communication  performed  via  a  VPN  connection?  

Half   of   the   respondents   (13   out   of   26)   have   answered   yes   to   the   use   of   a   Virtual   Private   Network  (VPN).    

VPN   is   most   often   an   encrypted   connection.   Two   respondents   have   answered   no   to   the   previous  question  about  encrypted  communication  (Q29.3)  and  don’t  know  to  this  question   about   the   use   of   VPN   (Q29.4),   and   one   respondent   has   answered   don’t   know   to   both   questions.   This   means   that   most   of   the   respondents,   23   out   of   26,   have   answered   yes   to   either  “encrypted  communication”  or  “use  of  VPN”  or  both13.  This  indicates  that  most  of  the   telemedicine  services  use  encrypted  connections.    

Q29.5  Is  all  access  to  the  system/service  logged?  

  Figure  26:    Responses  to  Q29.5:  Is  all  access  to  the  system/service  logged?  

Q29.5(1)  If  Yes,  does  anyone  inspect  the  logs?  

  Figure  27:    Responses  to  Q29.5(1):  If  Yes,  does  anyone  inspect  the  logs?  

                                                                                                                         

13  It  is  probably  24  of  26,  since  one  of  those  who  responded  no  to  encryption  in  question  29.3,  says  in  the  response  to   question  6.3  (Description  of  the  telemedicine  service)  that  “secure  http”  is  used.  

Most  of  the  respondents  (21  out  of  26)  reported  that  all  access  to  the  service  is  logged,  but  it   is  not  obvious  to  everyone  who  responded  that  the  logs  are  investigated,  as  can  be  seen  from   the  responses  to  the  follow-­‐up  question.  The  usefulness  of  having  logs  can  be  questioned,  if   they  are  not  inspected.    

Logging  is  important  for  discovering  unauthorised  access  –  in  retrospect.  Inspection  of  logs  is   important   in   order   to   reveal   misuse,   and   punitive   measures   can   be   taken.   However,   when   data   is   disclosed,   it   is   too   late   to   reverse   the   act:   as   it   were,   “the   cat   is   out   of   the   bag.”   Logging   helps   indirectly,   as   a   warning   or   a   kind   of   “scarecrow”,   but   it   does   not   prevent   unauthorised  access.    

8.2 Synthesis  of  the  stakeholder  feedback  process  

Work   on   this   topic   is   on-­‐going   during   the   course   of   the   project.   Comments   made   by   stakeholders  at  the  Momentum  Workshop  in  Berlin  on  8  April  2013  included:    

• Slowly  and  incrementally  solutions  and  “get-­‐rounds”  are  found  to  be  issues  that  were   critical   in   telemedicine   some   five   to   seven   years   ago,   such   as   legal   matters.   Now,   perhaps,  issues  relating  to  privacy  and  information  security  are  higher  on  the  list  of   potential  barriers.  

• Security   could   be   described   as   “today’s   issue”:   it   is   now   at   the   core   of   many   policy   issues   related   to   information   technology   in   general   as   well   as   eHealth   and/or   telemedicine  specifically.    

8.3 Synthesis  of  the  literature  review  

The  European  eHealth  benchmarking  III  study  (SMART  2009/0022)  provides  an  overview  of  

how  Europe’s  acute  hospitals  use  eHealth.  Its  results  regarding  data  protection  and  security   (section  3.4  of  the  report)  are  similar  to  the  findings  from  the  Momentum  questionnaire.  The   following   points   are   extracted   from   the   summary   of   the   appropriate   section   of   the   benchmarking  study:    

• Among   the   different   security   measures   that   are   taken   to   protect   the   patient   data   stored   and   transmitted   by   the   hospitals’   [information   technology]   IT   systems,   the   most   commonly   used   measure   is   the   use   of   passwords   to   access   workstations.   Passwords  are  used  across  all  the  types  of  hospitals  considered.    

• The   more   sophisticated   systems,   such   as   encryption   of   transmitted   data   and   data   entry  certified  by  a  digital  signature,  are  more  likely  to  be  found  in  large  hospitals  or   those  which  belong  to  groups  of  hospitals  or  care  institutions.  

• In   more   than   eight   out   of   ten   hospitals,   the   access   to   electronic   patient   records   is   logged.  

In   a   briefing   paper   from   EHTEL   in   2008,   “Sustainable   Telemedicine:   paradigms   for   future-­‐ proof   healthcare”   (EHTEL,   2008),   footnote   2   on   page   12   says:   “Medical   Associations   in   Germany   refuse   medical   treatment   over   the   Internet   without   cryptographic   security   measures.”    

A  systematic  review  of  information  security  in  telemedicine  has  been  conducted  by  Vaibhav   and  Brewer  (2011).