Integritet och sa?kerhet inom den digitaliserade sjukva?rden.
Med perspektiv utifrån patientdatalagen
Information securityInformation handlingHealth carePatient integrityInformationssäkerhetInformationshanteringHälso- och sjukvårdPatientintegritet
The digitization of patient data and medical records used by the healthcare-industry in Sweden is rapidly developing. However; developing and changing things in this field is not an easy task because of the circumstances surrounding it. Digital systems intended to process, and hold, sensitive personal data, such as medical journals, must be developed with laws, confidentiality, integrity and availability in mind to secure that none of this data gets compromised.A complicating factor in regards to this is the fast rate of development within IT in contrast to the much slower bureaucratic process of the justice system. This means that laws and regulations oftentimes aren?t up to date with the newest available technology.With the purpose of establishing set regulations on how patient data should be properly handled the Swedish government enacted the Patient Data Act (sv. Patientdatalagen, SFS 2008:355) on the 1:st of July 2008. This act doesn?t only touch on safeguarding patient data but also deals with:A possibility for healthcare-providers to take part of other provider?s journals (a system for distribution and sharing of patient data). The patients given right to at any time deny access of their data to any given healthcare-provider and/or specific personnel. The possibility for patients to take part of follow-up information regarding access to their data and see, among other things, who?s accessed their files, at what time and which changes were made.In addition to the Patient Data Act the Swedish National Board of Health and Welfare and the Data Inspection Board inaugurated regulations regarding the handling of information and journal keeping of the healthcare-industry (SOSFS 2008:14). This legislative act concerns business organizational issues regarding healthcare-providers responsibilities involving handling of sensitive data. The legislation also sets requirements for routines when following up on logs, methods for authentication etc.In addition to enacted laws and applied technical solutions there is the aspect, and importance, of education of healthcare-personnel. A key component to secure information handling is a security conscious, well-educated staff.This thesis describes the complexity and existing issues between the development of IT and currently enacted laws and regulations regarding healthcare and electronic journal keeping. It also discusses approaches to these issues and the target objective of future technical and administrative implementations. In addition to the presentation of contemporary circumstances in the area the report also deals with proposed solutions to the aforementioned issues. It highlights the areas that are considered critical, and currently non-prioritized, with regards to patient integrity.