Europe - GIT Verlag
Europe - GIT Verlag
Europe - GIT Verlag
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Hospital Post <strong>Europe</strong> 04/08<br />
The second Baltic Conference<br />
on e-Health – under the<br />
Patronage of Ulla Schmidt,<br />
Federal Minister of Health,<br />
Germany – takes place on<br />
September 26 in Hamburg.<br />
The primary aim of the conference<br />
organized by the Baltic<br />
Sea Forum, the Hamburg<br />
Chamber of Commerce, and<br />
IBM, in cooperation with the<br />
U.S. Commercial Service, is to<br />
provide a cross sector forum<br />
for healthcare providers from<br />
Germany, Poland, Lithuania,<br />
Estonia, Latvia, Russia, Finland,<br />
Norway, Sweden, and<br />
Denmark.<br />
The <strong>Europe</strong>an healthcare sectors are faced<br />
with many common challenges associated<br />
with delivering affordable, quality care. In<br />
view of rising costs, the healthcare industry<br />
needs to make the transformation to an<br />
interconnected, cost-efficient and, above<br />
all, patient-centric system. Representatives<br />
from hospitals, governments, health insur-<br />
ance organizations, service providers, and<br />
media will have the opportunity to discuss<br />
potential solutions in patient-centric health<br />
management during the Baltic Conference<br />
on e-Health.<br />
The conference presents a well-balanced<br />
mix of best practices and strategyoriented<br />
presentations. Keynote speakers<br />
from Poland, Denmark, Lithuania, Estonia,<br />
Russia, and Germany, workshops and<br />
a panel discussion are the basic features<br />
of the meeting. Moreover, international<br />
solution and service providers will display<br />
and present their product and service<br />
achievements to policymakers, users,<br />
suppliers, and implementation managers.<br />
The conference program will focus on<br />
the following topics:<br />
Best Practices and Case Studies from the<br />
Baltic Sea region countries.<br />
Disease Management as concept of<br />
reducing healthcare costs and improving<br />
quality of life for individuals with<br />
chronic disease conditions by preventing<br />
or minimizing the effects of a disease<br />
through integrative care.<br />
It & coMMunIcAtIons 19<br />
Baltic Sea Region Countries Discuss Innovations for Health Management<br />
Second Baltic Conference on e-Health in Hamburg<br />
Identity management systems<br />
(IDM) control user access to<br />
specific information in an<br />
organization, based on user<br />
identity, duties, and responsibilities.<br />
Increasingly today’s<br />
enterprises are turning also<br />
to the next level of security<br />
with the use of network access<br />
control systems (NAC) to<br />
verify the integrity of devices<br />
as they access healthcare networks.<br />
There is little doubt that IDM and NAC<br />
security systems are necessary for sound<br />
access control but they fail to address a potentially<br />
more dangerous threat. One that<br />
in recent months has loomed ever larger<br />
in the concerns of CIOs: the risk of data<br />
breach through inappropriate behaviour<br />
by someone who is authorized to access<br />
the network and its information.<br />
Unauthorized Access and<br />
Improper Use<br />
Let’s consider a situation where a user<br />
has been granted access to the network,<br />
applications, and databases in order to<br />
undertake their normal business activity;<br />
but whose behaviour becomes mischievous<br />
after authorization. Perhaps they are<br />
downloading entire patient or customer<br />
databases to their laptop or seeking to<br />
email sensitive data to an address outside<br />
the company, or copy it to a removable medium<br />
such as a USB stick. Either way they<br />
are abusing the access rights they have<br />
been granted and will need to be stopped<br />
urgently to protect against the loss of valuable<br />
company information assets.<br />
Lars Davies, a lawyer and provider of<br />
compliance consultancy services in the<br />
Optimization of clinical and business<br />
processes as well as of hospital information<br />
and communication systems in<br />
order to increase the quality and economics<br />
of patient care.<br />
Latest developments in the EU regarding<br />
standardization, interoperability, and<br />
patient safety.<br />
The international conference – which<br />
is, among others, supported by the Koch-<br />
Mechnikov-Forum – features presentations<br />
e.g. on disease management in Russia and<br />
the future of health management in Poland.<br />
Main objectives of the conference organizers<br />
are to exchange views and experiences<br />
among all those involved in health<br />
management, to learn from each other,<br />
and to work with one another.<br />
Another very important topic is the<br />
crucial financial situation of hospitals and<br />
clinics: Due to rising costs (personnel,<br />
energy, food, etc.) and increasing regulatory<br />
constraints, many hospitals are underfunded.<br />
How the deployment of highquality<br />
e-Health solutions will contribute<br />
to solve these problems, is presented by<br />
several speakers. Their presentations deal<br />
with process optimization and change<br />
management in hospitals, improvement of<br />
continuity and quality of care by e-Health<br />
solutions as well as increasing efficiency by<br />
technological partnerships.<br />
However, a win-win strategy for all e-<br />
Health stakeholders is only possible if solutions<br />
respond to patients’ needs and have<br />
direct impact on access, quality, cost, and<br />
safety of healthcare. The acceptance of e-<br />
Health among patients and consumers is<br />
essential. A panel discussion on “Patient-<br />
The Threat Within<br />
Patient Privacy Issues from Unauthorized Access and Improper Use<br />
U.S. notes: “If an authorized individual,<br />
for example, has inappropriately accessed<br />
or copied information then potentially an<br />
unauthorized access under the Computer<br />
Misuse Act has occurred; it could also be a<br />
breach of copyright law. If any personal data<br />
is involved, it could also constitute a breach<br />
of the Data Protection Act (DPA), The<br />
Health Insurance Portability and Accountability<br />
Act (HIPAA) or similar privacy legislation.<br />
This type of act by a senior employee<br />
could also result in a breach of their duty of<br />
confidence and a breach of their terms of<br />
employment.” The issue for the organization<br />
however is more immediate; it needs<br />
to be able to identify the inappropriate use<br />
of the organisations information and protect<br />
against its loss. The main legal issue is<br />
again the DPA. The organization can be accused<br />
of having failed to put in sufficient<br />
safeguards in place to prevent a breach and<br />
the directors and managers could be implicated<br />
for failure in their fiduciary duties to<br />
protect stakeholders from loss.<br />
Data Leak Prevention<br />
In response to this type of threat the information<br />
security industry has, in recent<br />
years, developed a flurry of so-called data<br />
leakage prevention (DLP) systems which<br />
seek to address this emerging exposure for<br />
companies. While the goal of DLP systems<br />
is undoubtedly well intended, the effectiveness<br />
of these technologies relies upon<br />
the satisfactory matching of user access authorisation<br />
levels with the classification of<br />
all corporate information assets according<br />
to their sensitivity and “value”. The logic of<br />
such systems is clear but inflexibility and<br />
the administrative overheads of such systems<br />
are prohibitively high.<br />
The bottom line is that the thief may be<br />
a disgruntled employee, a doctor, an ex-<br />
Geoff Sweeney, Co-founder &<br />
Chief Technology Officer, Tier-3<br />
ternal contractor or even a trusted senior<br />
executive; there are no rules to predicting<br />
human behaviour. Inappropriate action of<br />
this type by anyone who has the authority<br />
to access sensitive information can and still<br />
does occur. What is required is the means<br />
by which suspicious or unusual movement<br />
of sensitive data, irrespective of the initiator<br />
can be detected and assessed for legitimacy.<br />
Beyond IDM and NAC systems<br />
– Behavioural Anomaly<br />
Detection<br />
Behavioural Anomaly Detection uses intelligent<br />
analysis technology to inspect and<br />
immediately alert on inappropriate user<br />
or system behaviour as soon as it deviate<br />
from the norm. Without the need for complex<br />
access and asset prioritisation rules<br />
and the resulting configuration and management<br />
overheads the technology simply<br />
blocks and flags unusual system or user<br />
activity to security administrators and risk<br />
managers.<br />
A lot of companies with inspection<br />
technology claim behavioural analysis ca-<br />
pabilities yet limit themselves to looking<br />
at the data, network and transport layers<br />
(i.e. Layers 2–4 of the OSI stack). This unfortunately<br />
is insufficient for effective data<br />
protection capabilities, which requires the<br />
monitoring of multiple layers. The fact is<br />
that few vendors provide sufficient visibility<br />
of anomalous events to enable meaningful<br />
risk alerting and protection against<br />
data loss.<br />
Data breaches from unauthorized access<br />
and improper use are a growing<br />
problem, but they can be detected and<br />
prevented with appropriate security strategy<br />
and technology. Behavioural Anomaly<br />
Detection technology identifies when a legitimate<br />
user’s behaviour begins to deviate<br />
from the norm, blocks it and systematically<br />
stores a copy of all access logs in foren-<br />
Innovation For Modality Imaging<br />
The installed base of modality devices inside<br />
the hospitals is constantly growing.<br />
Nearly all of them require a display device.<br />
A lot of those are already installed for a<br />
long time. Quite often here are CRT monitors<br />
connected which are almost at the end<br />
of their lifetime. Those units need to be replaced<br />
quickly and easily.<br />
“Exactly for those purposes Totoku offers<br />
now the new 19 inch, 1,3 Megapixel<br />
grayscale display ME191L. It is able to support<br />
all modality devices of the most common<br />
manufacturers but fits also perfect for<br />
special applications like cardiology,” explains<br />
Dirk Cordt, General Manager Sales<br />
and Marketing department Totoku <strong>Europe</strong>.<br />
Thanks to the various gamma presets the<br />
display can be adapted easily to the connected<br />
modality device.<br />
Centric Healthcare Systems” will bring together<br />
the different stakeholders in order<br />
to review the necessary transformation<br />
processes and to develop visions for the<br />
future of healthcare.<br />
All conference presentations are held in<br />
English (no simultaneous interpretation).<br />
For further information and registration,<br />
please cf. the website.<br />
www.baltic-conference-on-ehealth.<br />
com<br />
sic repository which can have evidential<br />
weight in any resulting action against an<br />
individual. Using smart technology Behavioural<br />
Anomaly Detection can automatically<br />
detect and prevent a potential data theft<br />
as it occurs rather than respond “after the<br />
horse (and its valuable information) has<br />
bolted”.<br />
Contact:<br />
Geoff Sweeney<br />
Co-founder & Chief Technology<br />
Officer<br />
Tier-3<br />
Sydney, Australia<br />
Tel.: +61 2 9419 3200<br />
www.tier-3.com<br />
The display fulfills all requirements of a<br />
high quality medical imaging device. With<br />
a maximum brightness of 1000 cd/m² and<br />
a contrast ratio of 900:1 even under bad<br />
circumstances a very high image quality is<br />
secured. With the integrated lambda sentinel<br />
the calibrated brightness is kept permanently<br />
on the right level.<br />
The display offers a flexible input concept;<br />
thanks to this also non standard timings<br />
are displayed. “In addition to this the<br />
supported frequency range is wider than<br />
usual. That’s the reason why signals can be<br />
displayed where other displays fail,” Cordt<br />
explains further. A wide viewing angle of<br />
178° in vertical and horizontal axis ensures<br />
always an accurate view at the X-ray images.<br />
www.totoku.com