E. Menshikova, Gennady S. Sigovtsev, Marina Charuta
{"title":"医疗信息系统背景下的网络安全问题«姑息病人登记»","authors":"E. Menshikova, Gennady S. Sigovtsev, Marina Charuta","doi":"10.23919/fruct49677.2020.9211033","DOIUrl":null,"url":null,"abstract":"The project of a special purpose medical information system for use in the field of palliative care “Register of palliative patients” is proposed. The project provides that the system should have the following basic functionality: providing system administration; maintaining a patient register; searching for patient data by specified parameters; maintaining a patient’s medical record including information about prescriptions; searching for prescriptions by specified parameters; generating summary reports and reports for a group of prescriptions. The prototype of the system, presented by its structural-functional and informational models, and its implementation are described. The cybersecurity issues of MISs are analyzed in terms of meeting regulatory requirements. An initial protection level of the «Palliative Patient Register» system was assessed, and the most relevant threats were identified to build a threat model. A scheme for ensuring information security was proposed. A model of data protection in the system based on the exchange of only anonymized personal data between the client and the server is proposed. To do this, we suggest using cryptographic security tools. The General scheme of interaction between the client and server using the REST architecture is described. The possibilities of the Yii framework for implementing the RestFull API are considered.","PeriodicalId":149674,"journal":{"name":"2020 27th Conference of Open Innovations Association (FRUCT)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Problem of Cybersecurity in Context of Medical Information System «Register of Palliative Patients»\",\"authors\":\"E. Menshikova, Gennady S. Sigovtsev, Marina Charuta\",\"doi\":\"10.23919/fruct49677.2020.9211033\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The project of a special purpose medical information system for use in the field of palliative care “Register of palliative patients” is proposed. The project provides that the system should have the following basic functionality: providing system administration; maintaining a patient register; searching for patient data by specified parameters; maintaining a patient’s medical record including information about prescriptions; searching for prescriptions by specified parameters; generating summary reports and reports for a group of prescriptions. The prototype of the system, presented by its structural-functional and informational models, and its implementation are described. The cybersecurity issues of MISs are analyzed in terms of meeting regulatory requirements. An initial protection level of the «Palliative Patient Register» system was assessed, and the most relevant threats were identified to build a threat model. A scheme for ensuring information security was proposed. A model of data protection in the system based on the exchange of only anonymized personal data between the client and the server is proposed. To do this, we suggest using cryptographic security tools. The General scheme of interaction between the client and server using the REST architecture is described. The possibilities of the Yii framework for implementing the RestFull API are considered.\",\"PeriodicalId\":149674,\"journal\":{\"name\":\"2020 27th Conference of Open Innovations Association (FRUCT)\",\"volume\":\"7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 27th Conference of Open Innovations Association (FRUCT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.23919/fruct49677.2020.9211033\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 27th Conference of Open Innovations Association (FRUCT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/fruct49677.2020.9211033","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Problem of Cybersecurity in Context of Medical Information System «Register of Palliative Patients»
The project of a special purpose medical information system for use in the field of palliative care “Register of palliative patients” is proposed. The project provides that the system should have the following basic functionality: providing system administration; maintaining a patient register; searching for patient data by specified parameters; maintaining a patient’s medical record including information about prescriptions; searching for prescriptions by specified parameters; generating summary reports and reports for a group of prescriptions. The prototype of the system, presented by its structural-functional and informational models, and its implementation are described. The cybersecurity issues of MISs are analyzed in terms of meeting regulatory requirements. An initial protection level of the «Palliative Patient Register» system was assessed, and the most relevant threats were identified to build a threat model. A scheme for ensuring information security was proposed. A model of data protection in the system based on the exchange of only anonymized personal data between the client and the server is proposed. To do this, we suggest using cryptographic security tools. The General scheme of interaction between the client and server using the REST architecture is described. The possibilities of the Yii framework for implementing the RestFull API are considered.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
