Secure Access to Information using Smart Card

Authors: Buldakova T.I., Lantsberg A.V., Smolyaninova K.A. Published: 28.05.2017
Published in issue: #3(114)/2017  
DOI: 10.18698/0236-3933-2017-3-95-106

Category: Informatics, Computer Engineering and Control | Chapter: Methods and Systems of Information Protection, Information Security  
Keywords: medical information system, electronic medical records, information security, smart card

The article is devoted to the protection of patient data in medical information systems containing electronic medical records. The study shows that the access to the patient's health data is available to any employee registered in the system, without notifying the patient. To ensure the information confidentiality and integrity, we suggest using smart cards to uniquely identify the patient in the unified electronic medical record database. We describe possibilities of smart cards and characteristic features of their application in health care. As an example, we consider the process when a doctor sees patients with smart cards. In this work we lay down the requirements to the data stored on the patient's card. Moreover, we provide the software for operation with smart cards, give the flowchart of the developed application. Finally, we describe the application operating modes and give examples.


[1] Goncharov N.G., Guliev Ya.I., Gulyaev Yu.V., Kavinskaya Yu.M., Kamenshchikov A.A., Oleynikov A.Ya., Khatkevich M.I. Problems of creation of Common information area in RAS health care system. Informatsionnye tekhnologii i vychislitel’nye sistemy, 2006, no. 4, pp. 83-95 (in Russ.).

[2] Lantsberg A.V., Troitzch K.G., Buldakova T.I. Development of the electronic service system of a municipal clinic (based on the analysis of foreign web resources). Automatic Documentation and Mathematical Linguistics, 2011, vol. 45, no. 2, pp. 74-80. DOI: 10.3103/S0005105511020075 Available at: http://link.springer.com/article/10.3103/S0005105511020075

[3] Lantsberg A.V., Troych K., Buldakova T.I. Quality control features of medical E-services. Informatsionnoe obshchestvo, 2011, no. 4, pp. 28-37 (in Russ.).

[4] Gusev A.V. Review of solutions "Electronic registry". Vrach i informatsionnye tekhnologii [Information technologies for the Physician], 2010, no. 6, pp. 4-15 (in Russ.).

[5] Llinas G., Rodriguez-Inesta D., Lorenzo S., Aibar C. Comparison of websites from Spanish, American and British hospitals. Methods of Information in Medicine, 2008, vol. 47, no. 2, pp. 124-130.

[6] Lantsberg A.V., Troych K., Buldakova T.I. Developing E-services system of municipal clinic (based on foreign websites analysis). Nauchno-tekhnicheskaya informatsiya. Seriya 2: Informatsionnyeprotsessy i sistemy, 2011, no. 4, pp. 1-7 (in Russ.).

[7] Monich V.A., Kushnikov O.I., Alakaev R.R., Kosonogov A.Ya., Korotin D.P., Medovarov E.V. Electronic case history is a most important link of the medical information system. Sovremennye tekhnologii v meditsine [Modern Technologies in Medicine], 2010, no. 3, pp. 73-74. Available at: http://www.stm-journal.ru/en/numbers/2010/3/648

[8] Zingerman B.V., Shklovskiy-Kordi N.E. Electronic health records cards and the principles of its organization. Vrach i informatsionnye tekhnologii [Information technologies for the Physician], 2013, no. 2, pp. 37-58 (in Russ.).

[9] Meditsinskie informatsionnye tekhnologii: global’nyy prognoz razvitiya [Medical informational technologies: Global development forecast]. Moscow, OOO "AKSIMED", 2011. 18 p.

[10] Kuznetsov S. Electronic health records are reality. Otkrytye sistemy. SUBD [Open Systems. DBMS], 2012, no. 10, pp. 60-62. Available at: https://www.osp.ru/os/2012/10/13033128

[11] Kuhlisch R., Kraufmann B., Restel H. Electronic case records in a box: Integrating patient data in healthcare networks. Computer, 2012, vol. 45, no. 11, pp. 34-40. DOI: 10.1109/MC.2012.294 Available at: http://ieeexplore.ieee.org/document/6287500

[12] Aleman J.L.F., Senor Carrion I., Toval A. Personal health records: New means to safely handle health data? Computer, 2012, vol. 45, no. 11, pp. 27-33. DOI: 10.1109/MC.2012.285 Available at: http://ieeexplore.ieee.org/document/6353451

[13] Buldakova T.I., Suyatinov S.I., Mikov D.A. Analysis of information risks of virtual infrastructures in health protection. Informatsionnoe obshchestvo, 2013, no. 4, pp. 6 (in Russ.).

[14] Buldakova T.I., Suyatinov S.I., Krivosheeva D.A. Ensuring information security in telemedicine systems on the basis of model approach. Voprosy kiberbezopasnosti, 2014, no. 5 (8), pp. 21-29. Available at: http://cyberrus.com/wp-content/uploads/2015/02/vkb_08_04.pdf

[15] Anishchenko V.S., Buldakova T.I., Dovgalevskiy P.Ya., Lifshits V.B., Gridnev V.I., Suyatinov S.I. Conceptual model of virtual centre of public health services. Informatsionnye tekhnologii, 2009, no. 12, pp. 59-64 (in Russ.).

[16] Shvyrev S.L. Implementation of HL7 standards in Russia. Vrach i informatsionnye tekhnologii [Information technologies for the Physician], 2009, no. 6, pp. 71-72 (in Russ.).

[17] Weiss G. You have to have standards. IEEE Spectrum, 2002, vol. 39, no. 3, pp. 48.

[18] Ahn Ch., Nah Yu., Park S., Kim Ju. An integrated medical information system using XML. Lecture Notes in Computer Science, 2001, vol. 2105, pp. 307-322.