Security on medical data sharing (a literature review)

Medical records (e.g., test results and health reports) are about patients. Hospitals and healthcare institutions generate them after a patient’s visit. Today they are digitized, stored electronically, and accessed remotely by professionals. European directives suggest that patients should access these records too. Besides, they say, patients should have control over these data and be informed if and when their records are shared and how secure they are [1]. These requirements are hard to be met. From a patient’s perspective, the viewpoint of this paper, it may be easier to address at least one of such requirements: to inform patients about how secure their data are. This is a property usually referred as transparency, but a clear meaning of the word is still missing. According to [2] transparency ought to be regarded as an additional feature that qualifies security. So, security can be said to be transparent when is intelligible to human user. It opposes an opaque security, which holds technically but without the user’s being aware of it. Thus, transparency is a socio-technical security property.