GEMSS: Privacy and security for a medical Grid

Stuart E. Middleton, J. A M Herveg, F. Crazzolara, D. Marvin, Y. Poullet

Research output: Contribution to journalArticle

Abstract

Objectives: The GEMSS project is developing a secure Grid infrastructure through which six medical simulations services can be invoked. We examine the legal and security framework within which GEMSS operates. Methods: We provide a legal qualification to the operations performed upon patient data, in view of EU directive 95/46, when using medical applications on the GEMSS Grid. We identify appropriate measures to ensure security and describe the legal rationale behind our choice of security technology. Results: Our legal analysis demonstrates there must be an identified controller (typically a hospital) of patient data. The controller must then choose a processor (in this context a Grid service provider) that provides sufficient guarantees with respect to the security of their technical and organizational data processing procedures. These guarantees must ensure a level of security appropriate to the risks, with due regard to the state of the art and the cost of their implementation. Our security solutions are based on a public key infrastructure (PKI), transport level security and end-to-end security mechanisms in line with the web service (WS Security, WS Trust and SecureConversation) security specifications. Conclusion: The GEMSS infrastructure ensures a degree of protection of patient data that is appropriate for the health core sector, and is in line with the European directives. We hope that GEMSS will become synonymous with high security data processing, providing a framework by which GEMSS service providers can provide the security guarantees required by hospitals with regard to the processing of patient data.

Original languageEnglish
Pages (from-to)182-185
Number of pages4
JournalMethods of Information in Medicine
Volume44
Issue number2
Publication statusPublished - 20 Jun 2005

Fingerprint

Weill-Marchesani Syndrome
Privacy
Computer Security
Technology
Costs and Cost Analysis
Health

Keywords

  • Grid
  • Legal
  • Medical
  • Personal data
  • Security

Cite this

Middleton, Stuart E. ; Herveg, J. A M ; Crazzolara, F. ; Marvin, D. ; Poullet, Y. / GEMSS : Privacy and security for a medical Grid. In: Methods of Information in Medicine. 2005 ; Vol. 44, No. 2. pp. 182-185.
@article{0600067755ef468192724f7dda249ea6,
title = "GEMSS: Privacy and security for a medical Grid",
abstract = "Objectives: The GEMSS project is developing a secure Grid infrastructure through which six medical simulations services can be invoked. We examine the legal and security framework within which GEMSS operates. Methods: We provide a legal qualification to the operations performed upon patient data, in view of EU directive 95/46, when using medical applications on the GEMSS Grid. We identify appropriate measures to ensure security and describe the legal rationale behind our choice of security technology. Results: Our legal analysis demonstrates there must be an identified controller (typically a hospital) of patient data. The controller must then choose a processor (in this context a Grid service provider) that provides sufficient guarantees with respect to the security of their technical and organizational data processing procedures. These guarantees must ensure a level of security appropriate to the risks, with due regard to the state of the art and the cost of their implementation. Our security solutions are based on a public key infrastructure (PKI), transport level security and end-to-end security mechanisms in line with the web service (WS Security, WS Trust and SecureConversation) security specifications. Conclusion: The GEMSS infrastructure ensures a degree of protection of patient data that is appropriate for the health core sector, and is in line with the European directives. We hope that GEMSS will become synonymous with high security data processing, providing a framework by which GEMSS service providers can provide the security guarantees required by hospitals with regard to the processing of patient data.",
keywords = "Grid, Legal, Medical, Personal data, Security",
author = "Middleton, {Stuart E.} and Herveg, {J. A M} and F. Crazzolara and D. Marvin and Y. Poullet",
year = "2005",
month = "6",
day = "20",
language = "English",
volume = "44",
pages = "182--185",
journal = "Methods of Information in Medicine",
issn = "0026-1270",
publisher = "Schattauer GmbH",
number = "2",

}

Middleton, SE, Herveg, JAM, Crazzolara, F, Marvin, D & Poullet, Y 2005, 'GEMSS: Privacy and security for a medical Grid', Methods of Information in Medicine, vol. 44, no. 2, pp. 182-185.

GEMSS : Privacy and security for a medical Grid. / Middleton, Stuart E.; Herveg, J. A M; Crazzolara, F.; Marvin, D.; Poullet, Y.

In: Methods of Information in Medicine, Vol. 44, No. 2, 20.06.2005, p. 182-185.

Research output: Contribution to journalArticle

TY - JOUR

T1 - GEMSS

T2 - Privacy and security for a medical Grid

AU - Middleton, Stuart E.

AU - Herveg, J. A M

AU - Crazzolara, F.

AU - Marvin, D.

AU - Poullet, Y.

PY - 2005/6/20

Y1 - 2005/6/20

N2 - Objectives: The GEMSS project is developing a secure Grid infrastructure through which six medical simulations services can be invoked. We examine the legal and security framework within which GEMSS operates. Methods: We provide a legal qualification to the operations performed upon patient data, in view of EU directive 95/46, when using medical applications on the GEMSS Grid. We identify appropriate measures to ensure security and describe the legal rationale behind our choice of security technology. Results: Our legal analysis demonstrates there must be an identified controller (typically a hospital) of patient data. The controller must then choose a processor (in this context a Grid service provider) that provides sufficient guarantees with respect to the security of their technical and organizational data processing procedures. These guarantees must ensure a level of security appropriate to the risks, with due regard to the state of the art and the cost of their implementation. Our security solutions are based on a public key infrastructure (PKI), transport level security and end-to-end security mechanisms in line with the web service (WS Security, WS Trust and SecureConversation) security specifications. Conclusion: The GEMSS infrastructure ensures a degree of protection of patient data that is appropriate for the health core sector, and is in line with the European directives. We hope that GEMSS will become synonymous with high security data processing, providing a framework by which GEMSS service providers can provide the security guarantees required by hospitals with regard to the processing of patient data.

AB - Objectives: The GEMSS project is developing a secure Grid infrastructure through which six medical simulations services can be invoked. We examine the legal and security framework within which GEMSS operates. Methods: We provide a legal qualification to the operations performed upon patient data, in view of EU directive 95/46, when using medical applications on the GEMSS Grid. We identify appropriate measures to ensure security and describe the legal rationale behind our choice of security technology. Results: Our legal analysis demonstrates there must be an identified controller (typically a hospital) of patient data. The controller must then choose a processor (in this context a Grid service provider) that provides sufficient guarantees with respect to the security of their technical and organizational data processing procedures. These guarantees must ensure a level of security appropriate to the risks, with due regard to the state of the art and the cost of their implementation. Our security solutions are based on a public key infrastructure (PKI), transport level security and end-to-end security mechanisms in line with the web service (WS Security, WS Trust and SecureConversation) security specifications. Conclusion: The GEMSS infrastructure ensures a degree of protection of patient data that is appropriate for the health core sector, and is in line with the European directives. We hope that GEMSS will become synonymous with high security data processing, providing a framework by which GEMSS service providers can provide the security guarantees required by hospitals with regard to the processing of patient data.

KW - Grid

KW - Legal

KW - Medical

KW - Personal data

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=20344385781&partnerID=8YFLogxK

M3 - Article

C2 - 15924171

AN - SCOPUS:20344385781

VL - 44

SP - 182

EP - 185

JO - Methods of Information in Medicine

JF - Methods of Information in Medicine

SN - 0026-1270

IS - 2

ER -