Go to Home

Search

-Advanced Search   -Search Guidelines

J Korean Med Assoc.  2015 Dec;58(12):1159-1170. 10.5124/jkma.2015.58.12.1159.

A study on establishing a technical safety assessment system for the Korean telemedicine system

Affiliations
  • 1Graduate School of Information Security, Korea University, Seoul, Korea. kevinlee@korea.ac.kr
  • 2Research Institute for Healthcare Policy, Korean Medical Association, Seoul, Korea.
  • 3Department of Preventive Medicine, Korea University College of Medicine, Seoul, Korea.
  • 4Institute for Occupational and Environmental Health, Korea University, Seoul, Korea.

Abstract

Telemedicine is a critical infrastructure that directly affects people's lives. In this vein, the government announcement of the introduction of a telemedicine service has caused controversy among the government and medical institutions over the safety of the service. Before the introduction of the telemedicine service, its technical safety and effectiveness should be validated. The telemedicine system should be supported by proper policies to ensure a secure, continuous service. To this end, we have conducted research to derive the security requirements from domestic and foreign standards and laws relating to telemedicine and information security. Based on the derived requirements, we have developed a security standard for telemedicine that facilitates the objective assessment of the security of the telemedicine service. Furthermore, we have analyzed the vulnerabilities of telemedicine devices through penetration tests. Finally, using a risk analysis method, we have created risk scenarios that might occur in the provision of telemedicine services, and have calculated risk levels and expected loss for each scenario. We expect that the results of this research will be a basis for ensuring a sufficient budget and staff for the safety of telemedicine, and for establishing relevant policies.

Keyword

Telemedicine; Technical safety assessment; Risk analysis; FAIR methodology

MeSH Terms

Budgets
Jurisprudence
Telemedicine*
Veins

Figure

  • Figure 1 Composing of the technical safety assessment system for Korean telemedicine system.

  • Figure 2 A process to develop technical safety assessment standard for telemedicine.

  • Figure 3 A process to analyze vulnerabilities of telemedicine device.

  • Figure 4 Vulnerability analysis diagram of telemedicine device.

  • Figure 5 Vulnerability analysis diagram of telemedicine device.

  • Figure 6 The relationship between domestic and international standards relating to information security and telemedicine. ATHAC, Austrian College of Rural & Remote Medicine Telehealth Advisory Committee; ATA, American Telemedicine Association; APHRA, Australian Health Practitioner Regulation Agency; HIPAA, Health insurance Portability and Accountability Act.

  • Figure 7 The mapping for healthcare field for assessment standard.

  • Figure 8 The mapping for telemedicine field for assessment standard.

  • Figure 9 Factor analysis of information risk process based on scenario.

  • Figure 10 Matrix operation.


Reference

1. Ministry of Health and Welfare. Samsung Seoul Hospital existing outpatient prescription drug instructions [Internet]. Sejong: Ministry of Health and Welfare;2015. cited 2015 Aug 13. Available from: http://www.mw.go.kr/front_new/al/sal0301vw.jsp?PAR_MENU_ID=04&MENU_ID=0403&page=18&CONT_SEQ=323565.
2. Lee SY. Telemedicine security vulnerability: goverment cover up? [Internet]. Seoul: Doctor's News;2015. cited 2015 Sep 28. Available from: http://www.doctorsnews.co.kr/news/articleView.html?idxno=102025.
3. Choi ET. Doctor-patient liver telemedicine pilot project greatly expanded secondary propulsion [Internet]. Seoul: Dailypharm;2015. cited 2015 Aug 21. Available from: http://www.dailypharm.com/News/194756.
4. Korean Medical Association. Korea Medical Association posi-tion on telemedicine pilot project for the evaluation of the Mini-stry of Health and Welfare [Internet]. Seoul: Korean Medical Association;2015. cited 2015 Aug 14. Available from: http://www.kma.org/board2/view.php?w_seq=5838&page=7&kind_code=2.
5. Kim HJ. Physician licensing issue on telemedicine in the United State. KNU Law J. 2014; 47:543–570.
6. Ministry of Health and Welfare. It appears as high as telemedicine overall satisfaction 77% (91.8% more than average) [Internet]. Sejong: Ministry of Health and Welfare;2015. cited 2015 Aug 14. Available from: https://www.library.uq.edu.au/training/citation/vancouv.pdf.
7. Lee JY. Korean u-Health Pilot Project implementation status and implications. Jincheon: Korea Information Society Development Institute;2008.
8. International Organization for Standardization. Information security management. Geneva: International Organization for Standardization;2013. (ISO/IEC 27001: 2013).
9. Freund J, Jones J. Measuring and managing information risk: a FAIR approach. Burlington: Elsevier Science;2014.
10. Korea Internet and Security Agency. Korea-Information Security Management System. Seoul: Korea Internet and Security Agency Standard;2013.
11. Personal Information Protection Act of 2015, Act No. 13423. 2011. 03. 29.
12. Act on Promotion of Information and Communications Networks Utilization and Information Protection, ETC of 2014. Act No. 13014. 1986. 05. 12.
13. Medical Service Act of 2015, Act No. 13108. 1962. 03. 20.
14. International Organization for Standardization. Code of practice for information security controls. Geneva: International Organization for Standardization;2013. (ISO/IEC 27002: 2013).
15. International Organization for Standardization. Information security management in health using ISO/IEC 27002. Geneva: International Organization for Standardization;2008. (ISO 27799: 2008).
16. Health Insurance Portability and Accountability Act of 2013, Pub. L. No. 104–191. 1996. 08. 21.
17. National Institute of Standard and Technology. An introductory resource guide for implementing the Health Insurance Portability and Accountability Act (HIPAA) security rule. Gaithersburg: National Institute of Standard and Technology;2008. (NIST 800-66: 2008).
18. International Organization for Standardization. Health informatics: telehealth services: quality planning guidelines. Geneva: International Organization for Standardization;2014. (ISO/TS 13131: 2014).
19. Austrian College of Rural & Remote Medicine. ACRRM Telehealth Advisory Committee standards framework [Internet]. Brisbane: Austrian College of Rural & Remote Medicine;2012. cited 2015 Oct 27. Available from: http://www.ehealth.acrrm.org.au/system/files/private/ATHAC%20Telehealth%20Standards%20Framework_0.pdf.
20. American Telemedicine Association. Practice guidelines for video-based online mental health service [Internet]. Washington, DC: American Telemedicine Association;2013. cited 2015 Oct 27. Available from: http://www.americantelemed.org/docs/default-source/standards/practice-guidelines-for-video-based-online-mental-health-services.pdf?sfvrsn=6.
21. American Telemedicine Association. Core operational guidelines for telehealth services involving provider-patient interactions [Internet]. Washington, DC: American Telemedicine Association;2014. cited 2015 Oct 27. Available from: http://www.americantelemed.org/resources/telemedicine-practice-guidelines/telemedicine-practice-guidelines/core-operational-guidelines-for-telehealth-services-involving-provider-patient-interactions.
22. Australian Health Practitioner Regulation Agency. Good medical practice: a code of conduct of doctors in Australia [Internet]. Canberra: Australian Health Practitioner Regulation Agency;2011. cited 2015 Aug 21. Available from: http://www.ahpra.gov.au/Search.aspx?q=good%20medical%20practice.
23. Ministry of the Interior. The standard for security measure of personal information. Seoul: Ministry of the Interior;2014.
24. Korea Communication Commission. The standard for physical, technological, administrative measures. Seoul: Korea Communication Commission;2015.
25. Ponemon Insuitute. 2011 Cost of Data Breach Study: United States [Internet]. Michigan: Ponemon Insuitute;2012. cited 2015 Oct 30. Available from: http://www.ponemon.org/local/upload/file/2011_US_CODB_FINAL_5.pdf.
26. Jung SH, You JH, You BJ, Han CH, You SD. Analysis of social costs in the value of personal information and privacy [Internet]. Seoul: Personal Informations Protection Commission;2013. cited 2015 Aug 23. Available from: http://www.prism.go.kr/homepage/researchCommon/retrieveResearchDetailPopup.do?research_id=1079930-201300001.
27. Kim KA. Hospital medical information is collected without knowing suffer significant damage [Internet]. Seoul: The Boannews;2015. cited 2015 Aug 22. Available from: http://www.boannews.com/media/view.asp?idx=47158.
28. Heo SU. Several legal issues on private information leakage lawsuits: mainly about the methodology of finding law in hard cases. Justice. 2009; 110:302–331.
29. Kim TH. SK Communications, hacking 200,000 Korean won per victim compensation [Internet]. Seoul: The Boannews;2013. cited 2015 Aug 22. Available from: http://www.boannews.com/media/view.asp?idx=34857&kind=3&search=title&find=20%B8%B8%BF%F8.
30. Kim GR. Personal information leakage incidents KB card only 1% of the victims would lawsuit [Internet]. Seoul: The Hankyoreh;2014. cited 2015 Aug 15. Available from: http://www.hani.co.kr/arti/economy/finance/622409.html.
Full Text Links
  • JKMA
Actions
Cited
CITED
export Copy
Close
Share
  • Twitter
  • Facebook
Similar articles

Cited

Download

Close

Save citations to file

Download

Close

Email citations

Send Email
recaptcha 영역

Close

Copyright © 2024 by Korean Association of Medical Journal Editors. All rights reserved.     E-mail: koreamed@kamje.or.kr