Information Security Issues in Bioinformatics

1
Information Security Issues in Bioinformatics

• Adel S. Elmaghraby

Computer Engineering and Computer Science
Department www.cs.louisville.edu
2
The Key Words

• Information

3
The Key Words

• Information
• Security

4
The Key Words

• Information
• Security
• Bioinformatics

5
Issues of Concern

• Information collections, storage, transmission,
  access, and use.
• Security and privacy of bioinformatics data.
• Regulations, constraints, and legal challenges.

6
Phases of Information Handling
7
DNA Privacy Issues

• DNA search raises privacy concerns more
  significant than the search of a vehicle, of a
  house, or even a persons pockets because DNA
  reveals intimate details.
• A man declined to voluntarily submit a buccal
  swab containing his DNA during a police dragnet.
• His refusal resulted in the issuance of a seizure
  warrant for his DNA.
• EPIC believes that it is vital to understand that
  police collection and use of DNA affects the
  Fourth Amendment interests.

Electronic Privacy Information Center ("EPIC")
(http//www.epic.org/privacy/kohler/amicus.pdf)
8
Tracking Medical Data Theft

• (By Paul Henry, UPI, 08/15/05 500 AM PT)
• (http//www.technewsworld.com/story/45422.html)
• On a country level, governments do not seem to
  share the same values in terms of protecting
  personal information. For example, India, China,
  Philippines, Singapore and Malaysia lack any
  general data-protection laws at all, yet they are
  all fast-growing providers of outsourcing
  services to U.S. companies.

9
Certification

• AHIMA 50,000 professional members
• Certified in Healthcare Privacy (CHP)
• Certified in Healthcare Security (CHS)
• Certified in Healthcare Privacy and Security
  (CHPS)

10
Standards

• Medical devices
• Information systems

11
StandardsMedical devices and systems

• Medical devices and systems represent a growing
  risk. Organizations have 300 to 400 more than
  IT devices.
• Two trends are contributing to the increasing
  significance of this risk
• Automated Medical devices increase amounts of
  medical data being collected, analyzed and
  stored.
• Integration and inter-connection of medical
  devices and systems where medical data is being
  exchanged.

12
StandardsMedical devices and systems (contd.)

• The HIMSS Medical Device Security Workgroup
  Workgroup aims to
• Identify security issues and best practices.
• Evaluate security threats and vulnerabilities
  that affect medical devices.
• Coordinate with similar groups.
• Prepare comments and recommendations on medical
  device security issues.
• Educate HIMSS members and the industry on the
  security implications of device.

13
Standards HIPPA

• HEALTH INFORMATION.--The term 'health
  information' means any information, whether oral
  or recorded in any form or medium, that--
• (A) is created or received by a health care
  provider, health plan, public health authority,
  employer, life insurer, school or university, or
  health care clearinghouse and
• (B) relates to the past, present, or future
  physical or mental health or condition of an
  individual, the provision of health care to an
  individual, or the past, present, or future
  payment for the provision of health care to an
  individual.

US Department of Health and Human Services
14
Standards HIPPA (Contd.)

• Each person who maintains or transmits health
  information shall maintain reasonable and
  appropriate administrative, technical, and
  physical safeguards --
• (A) to ensure the integrity and confidentiality
  of the information
• (B) to protect against any reasonably
  anticipated--
• (i) threats or hazards to the security or
  integrity of the information and
• (ii) unauthorized uses or disclosures of the
  information and
• (C) otherwise to ensure compliance with this part
  by the officers and employees of such person

15
Research Issues

• Medical informatics,
• Health informatics,
• Bioinformatics,
• Bioterrorism,
• Security.

16
Research Issues

• Medical informatics,
• Health informatics,
• Bioinformatics,
• Bioterrorism,
• Security.

Research and Clinical Data
Environmental Data
Biometric Data
17
Research Issues (Contd.)
Research and Clinical Data
Fusion, Cryptography, Authentication,
Watermarking, Compression, Mining,
Environmental Data
Biometric Data
18
Discussion
Quality
Security
Cost
Health Services