Jari Jääskelä, Jari Haverinen, Rauli Kaksonen, J. Reponen, Kimmo Halunen, T. Tokola, J. Röning
{"title":"数字医疗服务评估框架:医疗技术中的信息安全和数据保护——初步经验","authors":"Jari Jääskelä, Jari Haverinen, Rauli Kaksonen, J. Reponen, Kimmo Halunen, T. Tokola, J. Röning","doi":"10.23996/fjhw.111776","DOIUrl":null,"url":null,"abstract":"It is well-known that security issues in medical devices, services and applications have potentially catastrophic consequences. To avoid compromising patient data or information systems, it is essential that healthcare services and products meet the relevant information security and data protection requirements. For these reasons, the Digi-HTA assessment includes information security and data protection assessment domains. The outcome of the Digi-HTA process is a recommendation that decision-makers can use during the procurement process. We present results and experiences from the first assessments made in the Digi-HTA process.\nWe have assessed six products so far and multiple assessments are in progress. The results indicate that healthcare product manufacturers have found the process useful, and usually, the manufacturers have had to improve the security of their product during the Digi-HTA process to get a favourable recommendation for their product. The assessment processes have taken longer than expected due to shortcomings and ambiguities in the provided self-assessment forms, and due to feedback cycles and meetings prompted by assessment findings. Of the six assessed products, four received a green light in information security and data protection, whereas two have received a yellow light due to issues that were not fixed during the process. In addition to shortcomings in adhering to best practices, we have also found exploitable security issues.","PeriodicalId":424295,"journal":{"name":"Finnish Journal of eHealth and eWelfare","volume":"345 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Digi-HTA, assessment framework for digital healthcare services: information security and data protection in health technology – initial experiences\",\"authors\":\"Jari Jääskelä, Jari Haverinen, Rauli Kaksonen, J. Reponen, Kimmo Halunen, T. Tokola, J. Röning\",\"doi\":\"10.23996/fjhw.111776\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"It is well-known that security issues in medical devices, services and applications have potentially catastrophic consequences. To avoid compromising patient data or information systems, it is essential that healthcare services and products meet the relevant information security and data protection requirements. For these reasons, the Digi-HTA assessment includes information security and data protection assessment domains. The outcome of the Digi-HTA process is a recommendation that decision-makers can use during the procurement process. We present results and experiences from the first assessments made in the Digi-HTA process.\\nWe have assessed six products so far and multiple assessments are in progress. The results indicate that healthcare product manufacturers have found the process useful, and usually, the manufacturers have had to improve the security of their product during the Digi-HTA process to get a favourable recommendation for their product. The assessment processes have taken longer than expected due to shortcomings and ambiguities in the provided self-assessment forms, and due to feedback cycles and meetings prompted by assessment findings. Of the six assessed products, four received a green light in information security and data protection, whereas two have received a yellow light due to issues that were not fixed during the process. In addition to shortcomings in adhering to best practices, we have also found exploitable security issues.\",\"PeriodicalId\":424295,\"journal\":{\"name\":\"Finnish Journal of eHealth and eWelfare\",\"volume\":\"345 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-04-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Finnish Journal of eHealth and eWelfare\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.23996/fjhw.111776\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Finnish Journal of eHealth and eWelfare","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23996/fjhw.111776","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Digi-HTA, assessment framework for digital healthcare services: information security and data protection in health technology – initial experiences
It is well-known that security issues in medical devices, services and applications have potentially catastrophic consequences. To avoid compromising patient data or information systems, it is essential that healthcare services and products meet the relevant information security and data protection requirements. For these reasons, the Digi-HTA assessment includes information security and data protection assessment domains. The outcome of the Digi-HTA process is a recommendation that decision-makers can use during the procurement process. We present results and experiences from the first assessments made in the Digi-HTA process.
We have assessed six products so far and multiple assessments are in progress. The results indicate that healthcare product manufacturers have found the process useful, and usually, the manufacturers have had to improve the security of their product during the Digi-HTA process to get a favourable recommendation for their product. The assessment processes have taken longer than expected due to shortcomings and ambiguities in the provided self-assessment forms, and due to feedback cycles and meetings prompted by assessment findings. Of the six assessed products, four received a green light in information security and data protection, whereas two have received a yellow light due to issues that were not fixed during the process. In addition to shortcomings in adhering to best practices, we have also found exploitable security issues.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
