Patient-centered health information technology (PCHIT) provides personalized electronic health IT to patients. Since provision of PCHIT entails handling of sensitive medical information, a special focus on security and privacy aspects is required. We present security and privacy requirements for patient-centered health IT applications and examine how security features of large-scale, inter-organizational health information technology networks, like the German health information technology infrastructure (HTI), can be utilized for ensuring privacy and security of PCHIT. Moreover, we illustrate additional security measures that complement the HTI security measures and introduce a guideline for provision of patient-centered health IT applications while ensuring security and privacy. Our elaborations lead to the conclusion that security features of health information technology networks can be used to create a solid foundation for protecting security and privacy in patient-centered health IT applications offered in public networks like the Internet.
Ali Sunyaev is an assistant professor at the Department of Information Systems, University of Cologne, Germany. Dr. Sunyaev has (co)-authored several international journal articles (including articles in journals such as Communications of the ACM, the ACM Journal of Data and Information Quality, IEEE Computer, and the International Journal of Medical Informatics and Communications of the AIS). His research interests include design, management, and quality of information systems, development of innovative healthcare applications, and management of information systems security. In 2012 he is conducting research as a visiting faculty member at the Intelligent Health Laboratory, Harvard-MIT Division of Health Sciences and Technology, Harvard University, USA.