Security requirements for the medical information used by U-Healthcare medical equipment

Abstract

Home healthcare based on ubiquitous technology (u-technology) is emerging as a solution to increasing chronic disease patients with the advent of aging of society. While u-technology has the advantage that improves accessibility to medical services, it also increases the probability of the infringement of privacy of personal medical information, the leakage of which can do greater damage than any other information. At the juncture that social requirement for privacy protection is getting important, the development of standard and specification to evaluate the minimum security level of u-health medical devices is inevitable as a prerequisite for the vitalization of u-health. This study aimed at the development of security test methodology for u-health medical devices and proposed the standard and specification to secure medical information security. For the purpose, first, we defined the scope of u-health medical devices and categorized its physical and operational types. Second, security core technologies were selected that can be applied to u-health medical device in three aspects such as administrative safeguard dealing with operator, policy, document, system and user education, physical safeguard dealing with control of entrance and exit, screen or shared instrument, and technical safeguard dealing with computer system-related technological elements. Lastly, each security core technology was assigned to each physical and operational types of u-health medical devices and relative significance of which was determined. The guideline containing the developed security core technology and test methodology for u-health medical device would be utilized for the enhancement of security level in the design of u-health medical devices and setting the authentication standard for authorization process for security in Korean Food and Drug Administration.