Health-Care Telematics in Germany (eBook)

Dr. Ali Sunyaev completed his doctoral thesis under the supervision of Prof. Dr. Helmut Krcmar at the Chair of Information Systems at Technische Universität München (TUM). He is an Assistant Professor of Information Systems and Information Systems Quality at the Faculty of Management, Economics and Social Sciences, University of Cologne.

Foreword 6
Abstract 8
Contents 9
List of Figures 16
List of Tables 18
1 Introduction 20
1.1 Motivation 22
1.2 Objectives of the Thesis 25
1.3 Research Methodology 28
1.3.1 Design Science 29
1.3.2 Research Design 30
1.3.3 Design Theory 32
1.3.4 Theoretical Contribution and Research Outcome 33
1.4 Practical Implications, Users, and Beneficiaries 34
2 Healthcare Telematics in Germany with Respect to Security Issues 36
2.1 German Healthcare 36
2.1.1 Structure of German Healthcare 37
2.1.2 Characteristics of the German Healthcare Sector 38
2.1.2.1 Information Exchange and Distributed Information Flows in German HealthcareSystem 38
2.1.2.2 Current Problems 39
2.1.2.3 Specifics of the German Healthcare Domain 40
2.2 Information Systems in Healthcare 41
2.2.1 Seamless Healthcare 43
2.2.2 Interoperability, Standards and Standardization Approaches in Healthcare 43
2.2.2.1 Communication Standards 46
2.2.2.2 Documentations Standards and Standardization Approaches 50
2.2.3 Healthcare IS Architecture Types 52
2.2.3.1 Monolithic System 53
2.2.3.2 Heterogeneous System 54
2.2.3.3 Service-Oriented IS Architecture 54
2.2.4 Implications for Security Issues of Healthcare Information Systems 55
2.3 Healthcare Telematics 58
2.3.1 Definitions and Objectives of Healthcare Telematics 58
2.3.2 German Healthcare Telematics 61
2.3.2.1 Healthcare Telematics Infrastructure 61
2.3.2.2 Electronic Health Card 63
2.3.3 Risk and Security Issues of Healthcare Telematics 65
2.4 Summary 71
3 Catalogue of IS Healthcare Security Characteristics 72
3.1 Legal Framework 73
3.1.1 Privacy 73
3.1.2 Legal Requirements 74
3.2 Protection Goals 75
3.2.1 Dependable Healthcare Information Systems 76
3.2.2 Controllability of Healthcare Information Systems 78
3.3 Characteristics of IS Security Approaches with Respect to Healthcare 81
3.3.1 Literature Review 83
3.3.2 Overview of Healthcare IS Security Approach Characteristics 85
3.3.2.1 General IS Security Approach Characteristics 85
3.3.2.2 General IS Security Approach Characteristics with Reference to Healthcare 86
3.4 Summary 100
4 Analysis of IS Security Analysis Approaches 102
4.1 Overview 102
4.2 Review of Literature 103
4.3 Existing Literature Reviews 106
4.4 Theoretical Background 110
4.5 Systematization of IS Security Analysis Approaches 112
4.5.1 Checklists 114
4.5.2 Assessment Approaches 115
4.5.2.1 Risk Assessment Approaches 115
4.5.2.2 Security Control Assessment Approaches 117
4.5.3 Risk Analysis Approaches 120
4.5.4 IT Security Management Approaches 121
4.5.4.1 The Plan-Do-Check-Act Approach of ISO 27001 123
4.5.4.2 Best Practice Models 124
4.5.5 Legislation Accommodations 125
4.6 Analysis of IS Security Analysis Approaches with Respect to Healthcare 127
4.6.1 Examination of IS Security Approaches with Respect to General IS Security Approach Characteristics 129
4.6.2 Examination of IS Security Approaches with Respect to General IS Security Approach Characteristics with Reference to Healthcare 130
4.6.3 Examination of IS Security Approaches with Respect to Healthcare Specific IS Security Approach Characteristics 132
4.7 Summary 133
5 Designing a Security Analysis Method for Healthcare Telematics in Germany 135
5.1 Introduction 135
5.2 Research Approach 136
5.3 Method Engineering 138
5.4 Description of Method Elements 139
5.4.1 Method Chains and Alliances 139
5.4.2 Method Fragments 140
5.4.3 Method Chunks 144
5.4.4 Method Components 144
5.4.5 Theoretical Background 145
5.5 Formal Description of the Concept of Method Engineering 146
5.6 HatSec Security Analysis Method 150
5.6.1 From Plan-Do-Check-Act Approach to a IS Security Analysis Method for Healthcare Telematics 151
5.6.2 Design of the HatSec Security Analysis Method 152
5.6.2.1 Method Blocks and Method Fragments 154
5.6.2.2 Overview of the Building Blocks of the HatSec Method 155
5.6.2.3 Perspectives of the HatSec Method 156
5.6.2.4 Context and Preparation of the Security Analysis 157
5.6.2.5 Security Analysis Process 161
5.6.2.6 Security Analysis Product 166
5.6.2.7 Two Sides of the HatSec Method 170
5.6.2.8 HatSec Structure 172
5.7 Review of the HatSec Security Analysis Method 179
5.8 Summary 183
6 Practical Application of the HatSec Method 185
6.1 Selected Case Studies 186
6.2.1 Overview 188
6.2.2 Identification and Classification of the Attackers 189
6.2.3 Identification and Classification of the Attack Types 191
6.2.4 Summary 193
6.2 Assessment and Classification of Threats around the Electronic Health Card 187
6.2.1 Overview 188
6.2.4 Summary 193
6.3 Analysis of the Applications of the Electronic Health Card 194
6.4 Analysis of a Proposed Solution for Managing Health Professional Cards in Hospitals Using a Single Sign-On Central Architecture 205
6.4.1 Overview 206
6.4.2 Induced Process Changes 207
6.4.2.1 General Changes 207
6.4.2.2 Discharge Letter Process 208
6.4.3 Existing Approaches for Managing Smart Cards in Hospitals 209
6.4.3.1 The Decentralized Approach 209
6.4.3.2 The VerSA Approach 209
6.4.3.3 Disadvantages 210
6.4.4 The Clinic Card Approach 210
6.4.4.1 Technical Architecture 211
6.4.4.2 Smart Card Management Unit 212
6.4.4.3 The Clinic Card and Card Middleware 212
6.4.4.4 Connector 213
6.4.4.5 Remote Access 213
6.4.4.6 Unique Characteristics of the Central Approach 214
6.4.4.7 Discharge Letter Process 215
6.4.5 Comparison of the Presented Approaches 216
6.4.5.1 Evaluation Framework 216
6.4.5.2 Hardware Requirements and Integration 216
6.4.5.3 Session Management 217
6.4.5.4 Usability 217
6.4.5.5 Further Value-Adding Aspects 218
6.4.6 Summary 218
6.5 Security Analysis of the German Electronic Health Card’s Components on a Theoretical Level 219
6.5.1 Overview 219
6.5.2 Components and Documents Considered in this Security Analysis 220
6.5.2.1 Security Analysis of the Electronic Health Card’s Components 221
6.5.2.2 Analysis of the Connector 223
6.5.2.3 Analysis of the Primary System 226
6.5.2.4 Additional Deficiencies Found During this Security Analysis 227
6.5.3 Attack-Tree Analysis 230
6.5.4 Summary 230
6.6 Security Analysis of the German Electronic Health Card’s Peripheral Parts in Practice 231
6.6.1 Overview 233
6.6.2 Laboratory’s / Physician’s Practice Configuration 233
6.6.3 Network Traffic Analyzes and its Consequences 235
6.6.4 Attacking the German Electronic Health Card 236
6.6.4.1 Permanent-Card-Ejection 238
6.6.4.2 Fill or Delete Prescriptions 238
6.6.4.3 Block a Card’s PIN 239
6.6.4.4 Destroy a Card 240
6.6.4.5 Spy Personal Information 240
6.6.5 Summary 242
6.7 Case Studies: Lessons Learned 243
7 Appraisal of Results 245
7.1 Overview 245
7.2 Progress of Cognition 247
7.3 Design Proposals for Healthcare Telematics 248
Bibliography 251
Appendix 287