CHAPTER 8. DATA SECURITY AND PRIVACY

F.ALLAERT & O.FERRER-ROCA

EU Directive for processing personell data and controling its movement was covered in directive 95/46/EC as a model for the " new data protection regime " to be stablish in practice through national legislations by 24 October 1998 at the latest ( Art 32 ). In fact this directive defines " data privacy " for the EU for the next few years .
Issues relating manual Medical Records or other personal data filling systems have an extended period of 6 years intill October 2007.
Sensitive Personal Health Data is recognized in Art.8 ( special categories of data ) and have two premises:

- Confidentiality ( recognized since Hippocrates )
- Integrity and availability

CONFIDENTIALITY is defined as : the property which assures that only authorized users in normal conditions can have access to the system.Violations can be found in

Theft ( all or part of the system )
Manipulating ( assure origin and reception )
Unauthorized access
Falsifiyng user identity
Making unauthorized copies
Intercepting messages ...

Standards in Health Data Handling are regulated by the Standard Body of Medical Informatics ( CEN Technical Committee 251- working group 6 ) that classify Health Information Systems ( HIS ) in terms of requirements on

1. Security
2. Rectification, Erasure and Blocking
3. Third party disclosures
4. User Authentation
5. Data origin and consents

1.- SECURITY

Art.17 stablished that is mandatory the appropiate

• TECHNICAL and
• ORGANIZATIONAL

measures to protect personel data as soon as National Legislation become effective, particularly if data is transmited over a network .
Those measures include:

1. Physical Protection of the computer system
   • - close room equpped with antri-intrusion detectors
2. Computerized security - Password and electronic cards
   • - Automatic stops
   • - Firewall for distant hacking
   • - Digital signatures
   • - Trusted third parties
   • - Smart cards that hold private keys and associate certificates

It includes :

• The use of Risk Analysis
• Appropiate security audits
• Associate liability for the " controller "
• Oral and written explanation and compromise for users.

2.- RECTIFICATION, ERASURE and BLOCKING
In art. 12b. A digital signature for any modification , data and time of all messages as well as backups on a non-erasble recording device certify by a third party is part of the task.

3.- THIRD PARTY DISCLOSURES
To rectify, erased or blocked data it is required that the " controller " notifies Third Parties.
A Third Party Disclosure Register is required to be recognized in the system audit trail.
This register should be kept as part of the patient record.

4.- USER AUTHENTICATION
Users should be properly authorized and authenticated
Freely share passwords with colleges must be prohibited when the system become an integral part of the delivery of Health Care.
Authentication of system users is particularly important and will require Third Parties to give access to HIS , particularly if delivery care invovled multiprofessional teams, shared care between hospitals, community care providers and GP s ( general practitionaires ).

5.- DATA ORIGIN AND CONSENTS
Origin of personal data is covered in Art 10 and 11, and the consents of usage on articles 7 and 8.
On this point a clear idea of the Encryptation techniques as well as of the digital signature is required.

ENCRYPTATION
Cryptography means in grek strange ( cryptos ) writting ( graphos ) and is the science that tries to make documents understandable for those we shoose and unintelligible for the rest.
The procedures to obtain a cryptography are studied in the Cryptoanalysis , that use mathematics and particularly the number theory ( prime numbers ).
The result to apply this technique is that a plaintext is transformed into a ciphertext by a process of encoding or ciphering. Since process should be by definition reversible it is base on pair keys: A computerized encoding algorith is use for ciphering ( in general PUBLIC KEY ) and a related decoding algorith for deciphering ( in general a PRIVATE KEY, secret and personal ). Both keys are interchangable.

Advantages : Identify any altered information with precision
Problems : time consuming

Cryptographic procedures can basically be of two types :

1. On person to person basis ( public key cryptography )
   • An individual user generate a key pair and protect the private key with a password
   • Key generation is done with the programm PGP ( pretty good privacy ) of Paul Zimmerman based on RSA algorithm that is of public domain.
   • Management key security is an individual user decision
2. On world basis
   • A Trusted thir party authentication of key management is required; ingeneral they also generate the key pair

Key Certificates for authentication can be obtain

1. From a Trusted certifying authority, acting as a notary
2. Web of trust. Based on personal knowledge of a third person that you trust

DIGITAL SIGNATURE
In general the PUBLIC ( encryption ) and PRIVATE ( decription ) keys are inverted.
The private key is used for cyphering linking your identity to the document as an electronic signature.
Plus this basic scheme other functions are link to a electronic digital systems are :

1. Authentication of origine
2. Irrefutability of origine
3. Integrity of content
4. Integrity of the secuence
5. Irrefutability of the reception
6. Confidentiality
7. Unicity of the goal : message can only be use for the goal it is delivered. No duplication possible
8. Temporality : because include data and period of validity as well as insurance of the validity of the signature in this period of time
9. Acreditability of the representativity

Part or total reproduction not allow without permission

Revisado: jueves, 05 junio 1997.
Con el soporte informático y de comunicaciones del CICEI, Universidad de Las Palmas de Gran Canaria