Kelly Grant, McKenzie Bruce
J Med Internet Res. 2002 Apr-Nov;4(2):E12. doi: 10.2196/jmir.4.2.e12.
We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standard for encrypting Web-based information interchanges is Secure Sockets Layer (SSL), more recently known as Transport Layer Security or TLS. There is a public key infrastructure process to 'sign' a message whereby the private key of an individual can be used to 'hash' the message. This can then be verified against the sender's public key. This ensures the data's authenticity and origin without conferring privacy, and is called a 'digital signature'. The best protection against viruses is not opening e-mails from unknown sources or those containing unusual message headers.
我们介绍围绕保护患者信息及通过互联网传输的相关数据的诸多问题。我们首先回顾在医疗环境中进行任何数据安全讨论所必需的三个概念:隐私、保密性和同意。我们就如何保护本地数据给出一些建议。Pretty Good Privacy(PGP)和安全多用途互联网邮件扩展(S/MIME)提供通过加密实现的电子邮件认证和隐私保护。用于加密基于网络的信息交换的事实上的互联网标准是安全套接字层(SSL),最近称为传输层安全(TLS)。存在一种用于“签署”消息的公钥基础设施过程,通过该过程个人的私钥可用于“哈希”消息。然后可根据发送者的公钥对此进行验证。这确保了数据的真实性和来源,但不提供隐私保护,这被称为“数字签名”。预防病毒的最佳保护措施是不打开来自未知来源或包含异常消息头的电子邮件。
