The Security Issues In Health Information Systems

Published Date: 02 Nov 2017

Information Governance framework , a set of standards including data, information , governance, statistics, record keeping, business definitions, interoperability, identity management, and security standards, is the best solution for WHIS in security aspects. Well-organised infrastructure as well as understanding of technologies and policies must be fulfilled to meet the Information Governance requirements. But in real world, there may have a lot of security loopholes by fundamental flaws such as blank passwords. Another problem for security breaches is sharing smartcards and security credentials like username and password or loosing role base access control restrictions because it is the easiest way to operate in reality to avoid delay of services to patients by ignoring Information Governance requirements. Staff training is also an important issue since people are the key factors in breaching Information Governance requirements. Data leakage must also be considered since NHS is the most serious frequent offender in data leakage and data protection breaches .External threats like DDNS should also be vigilant because of the high profile cases like Sony, CIA, and SOCA hackings. Hacker Group LulzSec has targeted the NHS, publishing an email sent to the health organisations which highlighted loop holes in their security systems. According to Department of Health, "No patient information has been compromised. No national NHS information systems have been affected". Although NHS has its own intranet and world largest VPN, its subinfrasturcture is complex and complicated because of organisation structures and integrating with external service providers including local service providers. Moreover, different organisations may have different websites and different web-enabled health information systems. Therefore, there should be highly expected information security and confidentiality and privacy aspects on WHIS.

The new NHS information strategy is to allow all service user groups, patients, clinicians,admin staff and IT staff and secondary user groups,commissioners and researchers to access patients’ records in proper way.Before Healthspaece was shut down, it was the only online mechanism in place for patients to access their SCRs.Whilst there are other health portals available, none of them offer the same service as HealthSpace or provide access to your SCR. The NHS information strategy, "The Power of Information", outlines the Department of Health's plans to provide patients with online access to their health information in the near future.

The new proposed NHS portals allow all NHS patients to be able to have secure online access, where they wish it, to their personal health records by 2015. The new NHS body established by new organisation structure, specially for primary care organisations and GP practices, the NHS Commissioning Board , is looking to create a new website portal where patients will be able to access their GP records, book appointments and order prescriptions.This will fit with the central theme of shifting to a sharing of information within and between health and social care providers, and capturing data just once at the point of care.

David Harley, senior research fellow at ESET and former director of the NHS Threat Assessment Centre, looked at the plan and said he felt it read more like an extended mission statement than a real strategy document."The emphasis on better data sharing with the data subject, however desirable in principle, does increase the attack surface – even if the central resource is soundly protected, it seems to me that how local services and data subjects access data is likely to be highly dependent on local conditions. We're already all too aware that security awareness across the many individual units that make up the NHS is highly variable."

In other words, health care organisations can face an increasingly complex set of threats to their WHIS—from malware and advanced persistent threats (APTs) to disgruntled employees and unintentional data leaks. From security management and risk management point of view, there is no perfect security measure preventing all threats or risks , but there are some that provide broad‐based risk mitigation to a number of threats.

According to security principles, confidentiality, integrity and availability are the fundamental factors of a security system.To meet these factors in perfect manners, aunthentication, authorisation and auditing proceudres must be implemeted.Since WHISs are on web platform and open to all, there may be some compromising factors. Sometimes, user-friendly and easy access functionality make weaken and jeopardised the security measures .

Normally web information systems are hosted in web servers and they are protected by various security parameters and tiers such as firewall, DMZ(DeMilitarised Zone) , IPS(Intruder Prevention System), IDS(Intruder Detection System),UTM(Unified Threat Management)and so on. Currently the traditional web hosting is moved to cloud hosting .The potential benefits of hosting applications and workloads on cloud servers are enormous, making cloud servers the de facto norm for a rapidly growing set of use cases. Although there are compromising risks for cloud based services and systems, guidelines and standards are now established for these issues.

Although infrastructure security is enough to protect the threats from service providers’ network, the software mechanism is needed to ensure both server side( service provider side) and user side (patient or service user)are genuinely authenticated and encrypted for data transfer and data communications. Otherwise man-in-middle attack or packet relay attack and all other active and passive attacks can occur.There are different classes of security threats such as data leakage for acquisition of information by unauthorized parties or tampering or modification of data by unauthorized alteration of information or vandalism by interference with the proper operation without gain to the perpetrator.

To prevent this, WHIS need to use of SSL encryption and digital certificate‐based authentication. Now a day, healthcare organisations deliver services in modern and advanced ways.Allowing patients and service users to access WHIS by different ways such as the increasing use of mobile devices, and the adoption of cloud computing , blended information leaks and breaches and web attack. WHIS can face several types of threats from cyber criminals and it can result in the loss of information and the loss of customer trust.To encouter these situtations, embedded Secure Socket Layer (SSL) technology in WHIS can protect all modes of communcations and connections, server‐to‐server communications, client devices, cloud resources,and other endpoints in order to help prevent the risk of data loss and web attacks.In ths way, WHIS can reduce the impact of cybercrime and preserve customer trust.

Generally SSL certificates enable encryption and authentication. These are essential for securing Web applications and protecting customers from eavesdropping, data leaks, and spoofing attacks. SSL certificates enable key functionality required to build a trust relationship between service users and stakeholders that might not have a pre‐existing relationship. SSL certificates are essential for WHIS in authentication and encryption services. Since WHIS exchange private and confidential data, such as patients’ health information, SSL certificates should be used to enable encryption and preserve confidentiality. On other hand, there is a risk of patients being misdirected to malicious sites that appear to be one of health care service providers’ sites so SSL certificates are needed for authentication.WHIS are highly sensitive data systems demanding additional verification and extended validation for assurance of users .For that reason,WHIS need SSL Extended Validation certificates because they can provide highly‐visible trust indicators such as the green bar and the display of the system name or health service provider’s name .

WHIS should also contain a module for identity access management that support access control, namely ensuring that access to certain resources is granted only if the requestor is properly authorised. For example, a community nurse or midwife needs to access a GP practice’s WHIS via VPN (Virtual Private Network) while visiting patients’ home or they are not at GP practice .This service user must be granted remote access by an access control system. This functionality is to support the system administrators and the end users in performing maintenance procedures, such as managing access credentials, user roles, access rights, rights delegation, auditing, and relationships between organisational units.

As the complementary factors to security controls, identity access control for auditing purpose is also needed.. Some systems are consisting as simple as a database with authorized username/password pairs, while others are complex distributed systems that could include sophisticated policy decision points, interconnection with business process engines, accounting and billing infrastructures, credential negotiation agents, customer relationship management systems, administrative interfaces for the lifetime management of comprehensive user profiles, and provisions for auditing. Many systems are closed, i.e. they are designed for environments where there is a single system provider, such as a company or government organization, that has a very strong relationship with the prospective users.

There are also open systems, i.e. systems that cover multiple organisations. In the context of such systems, users interact with a range of different organisations using one or more credentials. New users may be introduced into the system by multiple parties, or users may be able to independently create new accounts for themselves. In open systems there is clearly a need for interoperability, and thus standardisation is probably more important than in closed systems; privacy also plays a central role. Users should be able to control the degree of dissemination of their personal information to organisations and other users. There are various degrees of privacy achieved by current open systems.

One of the access control system specialised in health information systems is TAS3(Trusted Architecture for Securely Shared Services).It aims to develop an architecture that deals with authentication of users and organisations, credential management, the establishment of trust between users and organisations, compliance considerations such as data protection policies, and a seamless integration into established business processes.Although the TAS3 architecture is generic and is designed to handle any type of information and personal data, the main scenarios targeted by the project are e-health and employability. In the e-health scenario, sensitive medical data about patients must be made available to doctors, while it must also be ensured that non-authorised persons cannot access a patient's medical data. Moreover, it must be guaranteed that the system can be audited, and hence a trustworthy log file of who accessed which files must be constructed. Emergency situations must also be addressed, where a doctor may need to access a patient's file even if the doctor could not do so in the absence of the emergency.The goal of TAS³ is to demonstrate that its architecture can deal with the following challenges in a generic and scalable way such as user and service provider authentication and credential management and establishing trust between users, information repositories and service providers.Another controversial challenge is data protection policies.Exchanging and using information through complex business processes makes the evaluation of data protection policies an extremely complex task for which there is currently no straightforward solution. Controlling the disclosure of personal information throughout the complete architecture is still a challenge with today’s systems, and it may be required, temporarily and in precisely defined conditions, to overrule data protection policies using a"break the glass" or an "emergency override" procedure, which enable healthcare professionals to grant access to information to which they normally have no access.

In NHS England, Summary Care Record(SCR) is a good example of WHIS using access control system in real-life scenario.Only systems that comply with the SCR compliance requirements are able to connect to the Spine( the main directory and clinical system) and gain access to send information to, or retrieve information from, the Summary Care Record. The Spine will only accept interactions from systems that are registered in the Spine Directory Service as Accredited Systems. Prior to this registration, the compliance process ensures compliance with the Information Governance controls including: Authentication, Role Based Access Control (RBAC), Audit, Legitimate Relationships (LR), Consent, and Information Governance Alerts.