CYBERSECURITY LAWS AND REGULATION IN E-HEALTH

Definitions

Currently, there is an increase in the use of electronic health technology in Australia, leading to concerns about the privacy of healthcare data. Issues such as privacy breaches threaten the efficiency of information technology (IT) systems (Liveri, Skouloudi, Sarri and ENISA, 2015, 16). According to a report by Price Water Coppers, the global state of most IT systems is vulnerable to malice and ought to enhance its integration with cybersecurity (Revitalizing privacy and trust in a data-driven world, 2018, 2). Cybersecurity concerns the protection of ICT infrastructure, such as eHealth; it is implemented over a three-model framework and enforced by the government.

Cybersecurity

By definition, “cybersecurity is the organization and collection of resources, processes, and structures used to protect cyberspace and cyberspace-enabled systems from occurrences that misalign de jure from de facto property rights” (Craigen, Diakun-Thibault and Purse, 2014, 13). The fundamental value of cybersecurity is the protection of ICT systems from unauthorized access or use, accidental modifications, dame of data or other malicious activities. It is a combination of technologies that has capability to enhance privacy by protecting networks, devises, and programs. Notably, eHealth systems are among the most vulnerable cyberspace infrastructures that are rely on cybersecurity for protection against malice.

eHealth

eHealth describes the digital space, where both healthcare professionals and information technologists have come together to harness their capabilities to improve healthcare services. Eysenbach (2001, e20) defines eHealth as “an emerging field in the intersection of medical informatics, public health and business, referring to health services and information delivered or enhanced through the Internet and related technologies.” Therefore, healthcare professionals use ICT to provide services, records, and access to health data. eHealth is implemented on various frames such as providing healthcare support and mortaring to remote patients, organization of healthcare management systems such as appointment scheduling, discrimination of patient information to relevant health sectors during treatment, and following up on patient’s progress. The main functions of the eHealth system are availing accurate information, accountability, boundary identification, control of access, and comprehensibility of records control (National Research Council, 1997, 82).

Cyber Security in e-Health

As mentioned above, eHealth systems are prone to malicious activities since they are not ultimately secure. Through cybersecurity, healthcare organizations can confront the vulnerabilities through the implementation of various cybersecurity regulations and tools. Besides, the healthcare sector continuously improves to cater for both patient care and combat epidemiological challenges. Such developments vary the nature of healthcare workers’ interactions with patients, which co-occurs with new challenges to privacy. Also, hackers advance skills as cybersecurity increase efficiency. Therefore, eHealth systems are constantly battling attacks such as privacy breaches and mitigating vulnerabilities. Among the battling strategies is the use of laws and regulations that concerns cybersecurity and eHealth systems.

Influence of Cybersecurity, Laws and Regulations On eHealth

Cybersecurity tools

The laws and regulations set to enhance cybersecurity on eHealth systems impact the delivery of healthcare service        s. Notably, such regulations concern the practice of healthcare workers and the IT tools used to ensure accountability, access control, and perimeter control on healthcare information and data.

Uniform methods for authorization

Concerning access control, laws and regulations guide on method and tools of authorization withing the eHealth. In that, the uniform method of authorization mitigates the vulnerability of the eHealth system and increases its efficiency. For instance, through access control tools, one can only access information that they are authenticated to access. The authentication allows collaboration of a particular group of individuals across hospitals, medical centres, and the community, who has the same information level. The information level is defined by the eHealth authorization control policy (He, Yang, Compton and Taylor, 2011, 43). That way, records are set straight for all stakeholders, and breach or malicious damage of data is easily detected.

Access control

In the same way, cybersecurity manages uniform authorization; there are policies and tools put in place to govern access to information. Access control ensures that data within the eHealth system is secure, as it is only accessed by the relevant authorities. It may be physical or logical. Physical access control bars unauthorized people from accessing the eHealth system infrastructures such as computers, or server rooms, while logical access control limits access to eHealth network, files, and other types of data (Thayer, 2019, par 12). Only trustworthy stakeholders and well-trained personnel are allowed to access data and information. Besides, the authenticated stakeholders are required to use the data strictly and efficiently according to its purpose. That way, access control enhances data integrity and improves privacy within an eHealth system.

Network firewall tools

A network firewall is a critical cybersecurity tool used on an eHealth system when it is network-based. Among the access control policies is the requirement for an eHealth system to have robust firewalls as a protective measure for data integrity and privacy (eHealth Saskatchewan, 2020, 57).  A firewall guards a healthcare eHealth system against malicious activity using a sophisticated technical component. That is, the inhibit network traffic from or into the eHealth system.

Legislation Framework

While security and privacy within an eHealth system are imperative, the cybersecurity laws an regulations must ensure the creative and innovative use of information technologies. According to WHO, the regulations are implemented over a framework with three aspects that concern general, technical, and medical levels.

On the general level

General level registration concerns the protection and respect for human rights. Protection concerns the legislatures made the governments protect people’s privacy. General level legislation is a flounce of Section 2, the United Nations Declaration on Human Rights demands in Article 12 that “no one shall be subjected to arbitrary interference with his privacy, family, home or correspondence” (Legal framework, n.d., 41). Therefore, eHealth systems are compelled to ensure privacy and data confidentiality.

On the technical level

Technical level concerns legislation approaches that do not accord specific guidelines to the healthcare workers or patients (Legal framework, n.d., 33). It entails the technical laws that maintain a healthy reliance of the IT by the eHealth system. For instance, avoidance of monopoly in the provision of ICT services, independent self-regulation of eHealth systems, and adherence to the international and standard guidelines regarding provision of ICT services.

On the medical level

Medical level entails the ethical and legal aspects of privacy in healthcare regarding eHealth systems. One concern of the medical level is the codes of ethics and other conceptual issues in eHealth. For instance, medical level legislation defines equity on the Australian PCEHR, and guides healthcare professionals in identifying beneficiaries and their level of control (Spriggs, Arnold, Pearce and Fry, 2011, 1). 

The Current Legislation and Cybersecurity

The laws and legislation regarding cybersecurity are enforced by the government through the Australian Cyber Security Centre (ACSC). The government is committed to ensuring resilient cybersecurity to protect and support the community’s economic and health affairs. Besides, ACSC adopts the Commonwealth legislation within parts 10.7 and 10.8 of the Criminal Code Act 1995 to combat offenses within the cyberspace. Such include intrusion of computers, damage of electronic infrastructure without permission, and unauthorised modification of data (“Cyber Crime”, n.d. 10).

Conclusion

To sum up, cybersecurity provides technical tools to protect the eHealth system, through laws and regulations that are implemented in three models suggested by WHO, and enforced by the ACSC. The current legislations provide protection to healthcare data through policies concerning general consumption of eHealth, technical incorporation of ICT, and ethical conduct in eHealth. The beneficence of eHealth legislation is that patients receive better services, health professionals conduct accurate diagnosis, and patient’s data is protected.

References

“Cyber Crime”, n.d. Cyber Crime. [online] Australian Federal Police. Available at: <https://www.afp.gov.au/what-we-do/crime-types/cyber-crime#Cybercrime-law> [Accessed 1 May 2020].

Craigen, D., Diakun-Thibault, N. and Purse, R., 2014. Defining Cybersecurity. Technology Innovation Management Review, 4(10), pp.13-21.

eHealth Saskatchewan, 2020. Ehealth Saskatchewan Security Policy Framework. [online] Ehealthsask.ca. Available at: <https://www.ehealthsask.ca/services/PACS/Documents/eHS-Security-Policy-2011-03-01.pdf> [Accessed 1 May 2020].

Eysenbach, G., 2001. What is e-health?. Journal of Medical Internet Research, 3(2), p.e20.

He, D., Yang, J., Compton, M. and Taylor, K., 2011. Authorization in cross-border eHealth systems. Information Systems Frontiers, 14(1), pp.43-55.

Who.int. n.d. Legal Framework. [online] Available at: <https://www.who.int/goe/publications/legal_framework_web.pdf> [Accessed 1 May 2020].

Liveri, D., Skouloudi, C., Sarri, A. and ENISA, 2015. Security and Resilience in eHealth Security Challenges and Risks. ENISA,.

National Research Council, 1997. For The Record. Washington, D.C.: National Academy Press.

PwC. 2018. Revitalizing Privacy And Trust In A Data-Driven World. [online] Available at: <https://www.pwc.com/us/en/services/consulting/cybersecurity/library/information-security-survey/revitalizing-privacy-trust-in-data-driven-world.html> [Accessed 1 May 2020].

Spriggs, M., Arnold, M., Pearce, C. and Fry, C., 2011. Ethical questions must be considered for electronic health records. Journal of medical ethics, 38(9), pp.535-9.

Thayer, R., 2019. Unified Physical And Logical Access Using Industry Standards And Protocols. [online] Security Info Watch. Available at: <https://www.securityinfowatch.com/access-identity/article/21069112/unified-physical-and-logical-access-using-industry-standards-and-protocols> [Accessed 1 May 2020].