Universal Internet security policy addresses worldwide concerns

Article

The communications capability of the Internet may be the sliced bread of modern healthcare, but it comes at great risk to the confidentiality and integrity of medical data.The U.S. Health Insurance Portability and Accountability Act (HIPAA) regulations

The communications capability of the Internet may be the sliced bread of modern healthcare, but it comes at great risk to the confidentiality and integrity of medical data.

The U.S. Health Insurance Portability and Accountability Act (HIPAA) regulations provide guidelines for domestic medical data security, but elsewhere in the world security issues are still largely unaddressed.

A universal high-level security policy (HLSP) has been proposed (Ilioudis C, Pangalos G. A framework for an institutional high level security policy for the processing of medical data and their transmission through the Internet, J Med Internet Res 2001;3(2):e14).

The authors, Christos Ilioudis and George Pangalos of Aristotle University in Thessaloniki, Greece, developed a security policy that includes a set of seven generic principles and 45 guidelines. These provide flexibility and adaptability for local environments and establish the basic security requirements to be addressed when using the Internet to safely transmit medical data.

Some U.S. observers question the proposal's efficacy.

"It would be extremely difficult to write a high-level international healthcare security policy due to conflicting national regulations," said Robert Johnson, an IT security expert at Information Advantage Group. "A work like this needs to build on things like GASSP, BS7799, Common Criteria, and Cobit."

GASSP is a 10-year old International Information Security Foundation-sponsored committee to develop and promulgate Generally Accepted System Security Principles; BS7799 is a new British standard providing more than 127 guidelines to identify appropriate security controls; Common Criteria is a 1993 ISO effort to define general concepts and principles of IT security; Cobit is a 1996 IT goverance tool.

There is concern that guidelines applicable in one country may apply in another.

For example, HLSP guideline G1.1 states that the data will be used for healthcare purposes only, when in fact it sometimes needs to be used by law enforcement and government, as set forth in HIPAA exceptions, Johnson said.

Another HIPAA expert, Kristen K. Hughes, a Florida healthcare attorney, said HLSP seems to focus merely on Internet data transmission.

"In this respect, it covers a smaller field than HIPAA," she said. "The Principles and Guidelines do consistently address the overall handling of 'personal health information,' however."

One major difference between HLSP and HIPAA is HLSP's failure to specifically address third-party relationships -- a necessity in the CYA and liability-avoidance climate in the U.S., Hughes said.

The more general principles in HLSP requiring "appropriate measures" and adoption of establishment-specific "regulations regarding circulation of personal health data" could address third-party access to protected information. But in a litigious environment like the U.S., more specific direction with respect to implementation of such laudable objectives is likely the safer route, she said.

Newsletter

Stay at the forefront of radiology with the Diagnostic Imaging newsletter, delivering the latest news, clinical insights, and imaging advancements for today’s radiologists.

Recent Videos
SNMMI: Emerging PET Insights on Neuroinflammation with Progressive Apraxia of Speech (PAOS) and Parkinson-Plus Syndrome
Improving Access to Nuclear Imaging: An Interview with SNMMI President Jean-Luc C. Urbain, MD, PhD
SNMMI: 18F-Piflufolastat PSMA PET/CT Offers High PPV for Local PCa Recurrence Regardless of PSA Level
SNMMI: NIH Researcher Discusses Potential of 18F-Fluciclovine for Multiple Myeloma Detection
SNMMI: What Tau PET Findings May Reveal About Modifiable Factors for Alzheimer’s Disease
Emerging Insights on the Use of FES PET for Women with Lobular Breast Cancer
Can Generative AI Reinvent Radiology Reporting?: An Interview with Samir Abboud, MD
Mammography Study Reveals Over Sixfold Higher Risk of Advanced Cancer Presentation with Symptom-Detected Cancers
Combining Advances in Computed Tomography Angiography with AI to Enhance Preventive Care
Study: MRI-Based AI Enhances Detection of Seminal Vesicle Invasion in Prostate Cancer
Related Content
© 2025 MJH Life Sciences

All rights reserved.