UNIT III

TELEMEDICAL STANDARDS

► Data Security and Standards: Encryption, Cryptography,

Mechanisms of encryption, phases of Encryption. Protocols:
TCP/IP, ISO-OSI, Standards to followed DICOM, HL7, H. 320
series Video Conferencing, Security and confidentiality of
medical records, Cyber laws related to telemedicine
Data Security and Standards
Data Security
► Data security refers to the process of protecting data from unauthorized access and
data corruption throughout its lifecycle.
► Data security includes data encryption, hashing, tokenization, and key management
practices that protect data across all applications and platforms.
► Data Security Technologies
► Data encryption: Data encryption applies a code to every individual piece of data
and will not grant access to encrypted data without an authorized key being given
► Data masking: Masking specific areas of data can protect it from disclosure to
external malicious sources, and also internal personnel who could potentially use
the data. For example, the first 12 digits of a credit card number may be masked
within a database.
► Data erasure: There are times when data that is no longer active or used needs to
be erased from all systems. For example, if a customer has requested for their name
to be removed from a mailing list, the details should be deleted permanently.
► Data resilience: By creating backup copies of data, organizations can recover data
should it be erased or corrupted accidentally or stolen during a data breach.
Data Security Compliance and Standards
► When an organization collects any kind of personal data, it instantly
becomes processed and it is known as a data processor
► There are a number of compliance regulations that govern
organizations dealing in personal data regardless of the type or
volume.
► Regulatory compliance and standards examples include:
►NERC - Critical Infrastructure Protection
►China's Personal Information Security Specification
►PCI Security Standards
► Regulatory compliance requirements often vary by data type. A few
common examples include:
►Personally Identifiable Information (PII)
►Protected Healthcare Information (PHI, HIPAA)
►Credit card information
Data Security Stages
► Stages in Data Security
►Data Capture stage
►Communication stage
►Data Review and Storage stage
► Security Risks
►Hacking – stealing and alerting data
►Malware – includes viruses, worms, Trojans
►Phisher – attempt to play fraud on email to gain unauthorized access
►Spam – unsolicited advertising material
Components affecting Secure Healthcare systems

► Integrity
►Integrity is a fundamental requirement of a trustworthy identity
infrastructure
►Identity systems exchange credentials as well as messages and
transactions regarding attributes, provisioning information, and other
data
► Confidentiality
►Confidentiality refers to an organization’s efforts to keep their data
private or secret
►It involves ensuring that only those who are authorized have access to
specific assets
► Availability
►means that networks, systems, and applications are up and running.
►It ensures that authorized users have timely, reliable access to resources
when they are needed.
► Non-repudiation
►means a user cannot deny (repudiate) having performed a transaction.
►authenticates the identity of a user who performs a transaction, and
ensures the integrity of that transaction
► Authentication
►Authentication is the process of verifying the identity of a person or
device.
►A common example is entering a username and password when you log in
to a website.
Firewall
► Access control - is a security term used to refer to a set
of policies for restricting access to information, tools, and
physical locations.
► Effective means of protection of a local system or
network of systems from network-based security threats
while affording access to the outside world via WAN`s or
the Internet
► Types of Firewalls
►Three common types of Firewalls:
►Packet-filtering routers
►Application-level gateways
►Circuit-level gateways
►(Bastion host)
Packet-filtering routers

► Applies a set of rules to each incoming IP packet and then

forwards or discards the packet
► Filter packets going in both directions
► The packet filter is typically set up as a list of rules based
on matches to fields in the IP or TCP header
► Two default policies (discard or forward)
Application-level Gateway

► Also called proxy server

► Acts as a relay of application-level traffic
Circuit-level Gateway

► Stand-alone system
► Specialized function performed by an Application-level Gateway
► Sets up two TCP connections
► The gateway typically relays TCP segments from one connection
to the other without examining the contents
Bastion Host
► A system identified by the firewall administrator as a
critical strong point in the network´s security
► The bastion host serves as a platform for an application-
level or circuit-level gateway
Cryptography
Cryptography
► Cryptography is the art of protecting information by
encryption/decryption
► Encryption provides security for information while in transit or
in storage
►By converting plain text into unreadable format called cipher
text
►Scrambles content of message using mathematical schemes
and algorithms
► Decryption is the process of converting cipher text back into
plain text
►This is done in conjunction with the use of secret keys
►Only those who possess keys can decrypt the message
Encryption
► Encryption is a process that encodes a message or file so
that it can be only be read by certain people.
► Encryption uses an algorithm to scramble, or encrypt,
data and then uses a key for the receiving party to
unscramble, or decrypt, the information
► Encryption of electronic medical information is to protect
a patient’s privacy
► Hospitals do not archive medical records in public
library
► Access is provided to only medical staff who are
authorized
► In digital world, encryption thwarts unauthorized viewing
Encryption
Types of Encryption
► There are two types of encryption algorithm.
►i)Private Key Encryption
►ii)Public Key Encryption
► With secret key encryption the sender and the receiver
both use the same key to lock and unlock the message.
► The key is known only to these parties
Private Key Encryption
Public key encryption
► In contrast, with public key encryption each user has two unique
keys, a public key and a private one.
► You distribute your public key to correspondents and they use
this key to encrypt messages they send to you.
► Messages encrypted with your public key can only be decrypted
with your private key so that as long as this key remains secret no
one else can read your incoming messages.
► You can similarly encrypt outgoing messages with your
correspondent’s public key so that they can decode them with their
own private key.
► Your private key can also be used to encrypt any message you
send as a digital signature.
► The recipient can decrypt the signature with your public key to
verify your identity and the authenticity of the message.
Public Key Encryption
Phases of Encryption
► Begins with converting the text to a pre-hash code. This code is
generated using a mathematical formula.
► This pre-hash code is encrypted by the software using the sender's
private key.
► The private key would be generated using the algorithm used by the
software.
► The encrypted pre-hash code and the message are encrypted again using
the sender's private key.
► The next step is for the sender of the message to retrieve the public key
of the person this information is intended for.
► The sender encrypts the secret key with the recipient's public key, so
only the recipient can decrypt it with his/her private key, thus concluding
the encryption process.
Phases of Decryption
► The recipient uses his/her private key to decrypt the
secret key.
► The recipient uses their private key along with the
secret key to decipher the encrypted pre-hash code and
the encrypted message.
► The recipient then retrieves the sender's public key. This
public key is used to decrypt the pre-hash code and to
verify the sender's identity.
► The recipient generates a post-hash code from the
message. If the post-hash code equals the pre-hash code,
then this verifies that the message has not been changed
enroute.
Protocols
► The data is configured by each protocol into packets with
each packet carrying a ‘header’ which identifies its
contents
► The protocol used is generally determined to ensure
reliable communications for good quality
► TCP/IP
►Transmission Control Protocol/Internet Protocol, is a
suite of communication protocols used to interconnect
network devices on the internet.
► ISO – OSI
► International organization of Standardization – Open System
Interconnection
TCP/IP
► Specifies how data is exchanged over the internet by
providing end-to-end communications
► Identify how it should be broken into packets,
addressed, transmitted, routed and received at the
destination.
► It is designed to make networks reliable, with the ability
to recover automatically from the failure of any device on
the network.
► Data is sent across the internet as packets. Packet is a
unit of binary bits sent from the source to the destination.
► Only portion of packet contains the actual information
► Remaining bits considered as overheads that facilitate the
transmission process.
► Overheads consist of
►source and destination addresses.
►In addition check sum is used for checking data
integrity at the receiving station.
►Also certain communication protocols to guarantee
delivery
►Quality of Service (QoS) scheme used to prioritize
data traffic
TCP Packet Format
The TCP packet format fields
► Source Port and Destination Port fields (16 bits each) identify the end
points of the connection.
► Sequence Number field (32 bits) specifies the number assigned to the
first byte of data in the current message.
► Acknowledgement Number field (32 bits) contains the value of the
next sequence number that the sender of the segment is expecting to
receive, if the ACK control bit is set.
► Data Offset (Header Length) field (variable length) tells how many 32-
bit words are contained in the TCP header.
► Reserved field (6 bits) must be zero. This is for future use.
► Flags field (6 bits) contains the various flags:
URG—Indicates that some urgent data has been placed.
ACK—Indicates that acknowledgement number is valid.
PSH—Indicates that data should be passed to the application as soon as
possible.
RST—Resets the connection.
SYN—Synchronizes sequence numbers to initiate a connection.
FIN—Means that the sender of the flag has finished sending data.
► Window field (16 bits) specifies the size of the sender's receive window
(that is, buffer space available for incoming data).
► Checksum field (16 bits) indicates whether the header was damaged in
transit.
► Urgent pointer field (16 bits) points to the first urgent data byte in the
packet.
► Options field (variable length) specifies various TCP options.
► Data field (variable length) contains upper-layer information.
Telemedicine system indicating role of TCP/IP
► TCP/IP has become a de facto standard
► Electrodes/sensors placed in human body captures physiological signals.
► Signal is then fed to instrumentation amplifier with high and low pass
filter.
► Filtering is to obtain a noise free signal
► Amplified signal is fed to ADC circuit for analog to digital conversion
► Data is then transferred to remote terminal via network using TCP/IP
protocol
► Networking is based on basic client – server model. A connection is
established between local and remote terminal
► To communicate over TCP – a client program and server program are
developed.
Flow Chart
Ports
► A number assigned to user session and server application in an IP network
► It resides in the header area of the packet being transmitted
► It defines a service (web, email, voice call, video call, etc) and not used for
computer hardware control.
►Port 20 used for FTP-data
►Port 156 used for SQL servers
►Port 80 for HTTP users- web browsing
► These numbers are assigned by Internet Assigned Numbers Authority
(IANA)
► Ports are assigned for specific tasks, some are kept reserves while many
may be unassigned (for application programs)
► Ranges up to 65535
IP addresses
► Addresses are used to locate the computers.
► It is an identifier for a computer or device on TCP/IP network.
► Acts similarly like house address, used to determine where the
network data packets should go.
► Format: 32-Bit numeric address. Written as four sets of numbers
separated by periods. Each number can be from 0 to 255. Eg:
1.180.30.220
► Assigned randomly as long as each one is unique in an isolated
network.
► Private network requires registered IP addresses called Internet
Addresses, to avoid duplicacy
► Can be dynamic or static
ISO - Open System Interconnection
► International Standard Organization(ISO) is responsible
for setting up standards for protocol
► OSI – Open System Interconnection acts as an
international standard for network
► Without standard model like OSI, there won't be any
common point of reference.
OSI Model
► Basis for computer communication is 7-layer ISO reference model
► Each layer performs independently from other layers, but in coordination with
overall goal of communication.
► In this model,
► Communication between network nodes begin in the transmitting node at a
particular protocol level
► Control is successively passed down through set of functional layers that meet
at defined interfaces.
► Process continues until the information reaches the transmission medium from
where it travels to each node along the network.
► Information then reaches the desired destination node from where it begins to
move its way up through the layers until it arrives at the layer similar to that from
which it originated.
► Information appears to simply pass from a layer to corresponding layer – forming a
virtual link between the layers
Layer 7 – Application Layer
► It is the highest layer in the OSI model
► Relates directly to the application process
► Specifically involved with information transfer
► Primarily supports the end user processes
► Message originates at this layer from transmitting machine
and finally received again by the same layer at the
destination
► Data Packets at this layer is called messages
► This layer is also responsible to identify communication
partners, service and constraints and ensure privacy and
security of the data
Layer – 6 Presentation (Syntax) Layer
► Responsible for functions necessary for the negotiations of the
representation of information.
► Concerned only with the syntax and not the memory of the information
(Semantics)
► Different computers may use different coding schemes for data
transmission – eg:
►Some may send most significant bit first and least significant bit last
and some other way around
►Sequence may be different at byte level also.
► This layer carry a code translation i.e back and forth translation between
application and network formats – This way regardless of encryption and
formatting network recognizes the data and presents it in the destination
format.
Layer 5 – Session Layer
► Establishes, Maintains and Releases session connections
► Provides functions necessary for the synchronization of
the dialogue between two systems
► Opens the session between two computers and performs
below functions:
►Connection establishment
►Data Transfer
►Connection release
► Entire activity of data exchange management between
applications is carried out at this layer
Layer 4: Transport Layer
► Messages received from upper layer is broken into units of
information known as packets
► Packets travel in the transmission medium and reach
destination
► Each packets contain its identification information like
source address, destination address, sequence number of
packet and protocol information in addition to actual data
► This layer is responsible for reliable delivery of packets to
the destination by making use of error checking
techniques
Layer 3: Network Layer

► Provides addressing and appropriate routing path to be

followed by the message from source computer to destination
computer
► Responsible for creating virtual circuits to transmit
information from node to node by using switching and routing
technologies
► Functions include:
► Routing
► Forwarding
► Addressing
► Internet working
► Error
► Congestion control
► Packet Sequencing
Layer 2: Data Link Layer

► Defines how the data bits are combined into unit of

information called frames and vice versa
► Responsible for establishments, maintenance and
release of data connections over one or several physical
connection
► This forms the basic framing structure for transferring
information between systems
► Carries out error corrections and frame synchronization
employing transmission protocol
► This layer is also linked with the physical address of
computer in the network which is burnt into network card
► Data Link layer consists of two sublayers
►Media access control (MAC)
►Shares the physical connection to the network
among several computers
►Responsible for moving packets from one network
node to another
►Controls the way networked computers get access
to data and transmit it
►Logical link control (LLC)
►Controls multipoint network operation, frame
synchronization, flow control error checking and
acknowledgement tracking
►Mostly used for multiplexing feature
Layer 1 : Physical Layer
► Relates with activation, maintenance and deactivation of
physical connection
► Defines the agreed communication media to be used
between two users
► Conveys the bit stream through the network at the
electrical and mechanical level
► Choice of network interface cards, transmission media
(cable or wireless), connectors and other related hardware
components and signaling method are all done in this layer.
► Fast ethernet, RS 232 and ATM are all protocols with
physical layer components
HL7 – Health Level Seven Protocol
► HL7 messages are designed to enable data interchange
between hospital and physician system
► HL7 Clinical Document Architecture(CDA) documents are
meant for communicating documents – like Physician notes
and other related documents
► HL7 is an American National Standards Institute (ANSI)
standard for exchange of healthcare
► Developed by the Health Level 7 Organization based on
USA in 1987
► HL7 is recognized as the most commonly used standard in the world as it
supports clinical practice and its management, delivery and evaluation of
health services
► Objective of the programme was to create a common “language” that
facilitated healthcare applications to share clinical data between physicians
► Term “Level 7” refers to the top layer – Layer7, the application Level of OSI
► Application level defines the data to be exchanged, the timing of its
interchange and the communication of certain errors.
► Other functions include:
► Participant Identification
► Data Exchange structuring
► Data Exchange Mechanism
► Availability and Security checks
► HL7 protocol comprises of grammar and vocabulary which has been
standardized to allow clinical data to be shared amongst all
healthcare systems and it is in easily understandable format by
stakeholders
► HL7 standards are grouped into the following categories
► Section 1: Primary Standards:
►Popular for system integrations, interoperability and compliance
► Section 2: Foundational standards:
►Define the fundamental tools and building blocks used to build
standard and technology infrastructure that implements HL7
► Section 3: Clinical and administrative domains:
►Messaging and document standards for clinical specialties and
groups are included in this section
► Section 4: EHR profiles :
►Provide functional models and profiles that enable
management of electronic health records
► Section 5: Implementation guides:
►This section is for implementation guides and/or to
support documents created in conjunction with an
existing standard
► Section 6: Rules and references:
►Technical specifications, programming structures and
guidelines for software and standards development
► Section 7: Education and awareness:
►Standards for trial use providing helpful resources and
tools to further supplement understanding and adoption
of HL7 standards
► HL7 scope is the format and content of the data exchanged
between the applications and how it is moved between
computers and networks
► HL7 specifications also define the presentation of the
information such as the strings of text that represent it – this
is referred as “encoding rules”
► Encoding rules:
►Contain variable length data fields
►Describes how the various data types are encoded within
the field
►Combination of data fields into logical groups called a
segment, separated by segment separator characters
►Three character value placed in the beginning of each
segment identifies it within the message
►Rules also define as to when an individual field may be
repeated.
►Individual data fields are identified in the message by
their position within their associated segments.
►communicated from one party to another
► HL7 is designed in the assumption that in practice, an event in
the healthcare would create the need for data flow among
various system – This is called trigger event
Eg: trigger event could be when a patient is admitted to
medical facility.
► HL7 standard carries a list of such events and the associated
messages to be sent.
► It is up to the implementing authority to decide as to what
specific events are to be included in the list.
► TCP/IP or FTP can be used to exchange the data from one
system to another
► It is recommended that all HL7 communications between
Telemedicine systems be done using TCP/IP
HL7 Versions
► Evolution of HL7 standard is a continuous process.
► Over a period of time various versions have been
developed and used
► HL7 Version 2.4 messaging standard – Application Protocol
for Electronic Data Exchange in Healthcare Environments
has emerged as the workhorse of data exchange in health
care.
► It is most widely implemented standard.
HL7 Version 2.4
► ANSI accredited standard from Oct 2000.
► It incorporated:
►Conformance query profiles
►Included messages for laboratory automation
►Application management
►Personnel management
 HL7 3.0
► Version 2.0 has more focus on the general triggers, structure and layout for
communication
► Version 3.0 focus on specific contexts, terminology, models, definitions and
relationships
► Version 3.0 departs from version 2.x series as it is employs a different
methodology
► Version 3.0 adopted a specific methodology that combines application
interaction models
► Integrates the syntax and semantics specifications
► It has been built around a single object model, commonly referred as
Reference Information Model (RIM)
►Provides representation for the semantic and lexical connections that
exists between the information
►The clinical data or domains are pictorially represented
DICOM
► DICOM – Digital Imaging and COMmunication
► It is a comprehensive set of standards for handling,
storing and transmitting information in medical imaging
► Popularly adopted standard for representing and
communicating radiology images and reporting
► Developed by American College of Radiology and
National Electrical Manufacturers Association
The DICOM Devices
► A medical device supporting and implementing the DICOM
standard is defined as a DICOM-compliant device.
► A “DICOM-compliant” device may be an acquisition device
(e.g., CR equipment, CT equipment, MR equipment, etc.), or
a workstation, or a server, or any other kind of device able to
connect to the DICOM network exchange data with other
nodes using the DICOM protocol.
► For this reason, almost all DICOM devices need to have a
network interface
► DICOM devices attached to a DICOM network are often
referred to also as DICOM nodes or DICOM peers.
► PACS stands for Picture Archiving and Communication
System.
► It can generally be defined as the whole system managing
medical images and related data in a DICOM-compliant
way.
DICOM standards facilitates interoperability
► DICOM facilitates devices connected into a common imaging
information systems.
► These include Picture Archiving and Communications System
(PACS), Hospital Information System (HIS) and Radiological
Information System (RIS).
► DICOM addresses the semantics of commands and associated
data for devices to know to respond to commands and
associated data.
► Explicitly defines the conformance requirements.
► This specifies the functions for which interoperability can be
expected from another device.
► Does not require network interface units to operate in a
networked environments
► Provides support for future application as it is structured to
accommodate the new services
► DICOM 3.0 facilitates transfer and interchange of waveforms such
as ECG,EEG,EMG etc.
► DICOM files consists of a header with standardized as well free-
form fields and a body of image data.
►The header contains the patient details such as name, scan
type, dimensions of the images etc.
►Single file can contain one or more images or animations
allowing storage of large volume of information
► DICOM supports various kinds of media ranging from CD-
ROM’s to Magneto Optical Drives (MOD).
► Network interface is generally TCP/IP
► Grayscale images are 16 bits per pixel and true color
images are 24 bits per pixel plus 8 bits per pixel of
intensity information.
► DICOM is based on the Open System Interconnect (OSI)
reference model.
 Video Conferencing – H.320 series
► H.3xx is ITU (International Telecommunications Union)
recommendations for videoconferencing
► These recommendations include the protocols for
video/audio, multiplexing, signaling and control
► With internet and broadband popularity, IP based
videoconferencing has emerged as the most popular.
► H.323 IP VTC is used for medicine
Summary of Videoconferencing standards
 H.320 - ISDN
► It is a suite of standards by ITU for running multimedia over ISDN
network.
► These standards define rules for establishing communications,
framing and synchronizing media, and inverse multiplexing ISDN
channels
► The main protocols in H.320 includes:
►Video: H.216, H.263, H.264
►Audio: G.711, G.722, G.722.1, G 728
►Data: T.120
►Control: H.221, H.231, H.242, H.243
► This standard forms an umbrella for whole host of standards
adopted by leading manufacturers of Videoconferencing equipment
Block Diagram of Application of H.320
H.323 – Internet and LAN
► Defines the standards for multimedia communications over
LAN.
► These networks dominate the today’s corporate desktops and
include packet-switched TCP/IP and IPX over ethernet, fast
ethernet and token ring network technologies
► By Complying to H.323, multimedia products and applications
from multiple vendors can interoperate, allowing users to
communicate without concern for compatibility
► H.323 provides communication over the packet based
networks
H.323 terminals on a packet network and standards
Network Components of H.323
► Primary goals of H.323 standard is interoperability with other multimedia
services networks.
► This interoperability is achieved through the use of Gateway.
► It performs any network or signaling translation required for
interoperability.
► H.323 has four optional network components when used with
videoconferencing systems:
►Terminals
►Gatekeepers
►Gateway
►Multipoint Control Units
► Terminals
►Client endpoints on the LAN that provide real-time, two
way communications.
►While initiating videoconferencing, it is necessary to
identify the user or H.323 endpoint.
►This requires public IP address for the terminal
►Minimum set up for a single H.323 endpoint involves to use
an ADSL router that has been allocated a public IP address
►All terminals must support voice communications
(G.711), data sharing (T.120) and video sharing (H.261)
Gatekeepers
► Provides services such as address translation and network access control for
terminals, gateways and MCU’s
► Gatekeeper oversees authentication, authorization, Telephone directory
and PBX services as well as call control and routing.
► Provides other services such as bandwidth management, accounting, and
dial plans that can be centralized to provide scalability (Cisco)
► Primary function is to prevent network congestion by controlling terminal
access – Accomplished through
►registration of terminals
►maintaining a directory
►providing call control and
►managing bandwidth usage
► Gatekeepers are typically software that reside on a server and are offered as
proprietary products from a number of vendors
Gateway
► Provides connectivity between H.323 terminal and other
H.3xx terminals in the network
► Provide transcoding services, system control and
signaling with other H.3xx terminals.
► May not be used if connections to other networks are not
required
► Typically have built in gatekeepers with minimal features
Multipoint Control Unit
► Controls interactive conferencing among three or more
terminals within a session.
► May be a separate component or may be incorporated into
a terminal
Various components of H.323 protocol
H.261
►Is the most widely applied international video
compression standard
►Describes the video coding and decoding methods of
an audiovisual service at the rates of 64 kbps or
multiples thereof
►Is block based hybrid compression algorithm to use a
combination of discrete cosine transform and motion
compensation techniques.
►Supports rate up to 2 Mbps connection
H.263
►Designed for a low bit rate (<64 kbps)
►Adopted for mobile networks
►Handles only visual part of video, requires sperate
audio encoders
H.265
►Addresses issues like shortage of bandwidth,
spectrum, storage and emerging requirement of
growing High Definition (HD).
►Termed as High Efficiency Video Coding (HEVC) aims
at huge bandwidth savings of 40-50%.
Audio Standards G series
► G series are the most popular coding techniques for
Telephony and voice packets by ITU.
► Different recommendations for digitizing and
compressing speech signals are tradeoffs between speech
quality, bit rate, computer power and signal delay.
Data Standards T series
► T.120 is a family of open standards for data conferencing
► Functionality of T.120
►Organize conferences independent of the platform
►Manage multiple participants and programs
►Accurate and secure data transfer over a reality of
networking connections.
Other Standards
► In addition to the basic standards for video transmission,
video compression, audio and data protocols and services
► Other standards are:
►Control standards
►Supplementary standards
►Mobility standards
Videoconferencing standards for various
Telecommunication modalities
Selecting a video conferencing system
► The intended use purpose for which VTC is used
► Number of sites No. of locations which need to be
communicated with and what resources are planned
► Number of participants per site
► Size of room Sufficient size, adequate lighting and auxiliary
resources
► Connectivity Resources available at the various locations
► Systems or formats for calling Different standards for
different communication modes. Eg: IP based network system
uses H.323 and ISDN operates using H.320
► Data capability requirement
Other AUDIO/VIDEO Conferencing Devices
► Software applications that facilitate VTC using webcams, PC and mobile
devices are today freely available and easy to use
► Such devices are:
►Skype for Health Purposes
► Allows user to exchange digital documents such as images, text, video, etc
and to transmit both text and video messages
► Skype is available for Microsoft Windows, Macintosh, Linux as well as Android,
Blackberry and both Apple and windows smart phones/tablets
► Skype is free and easily available
► Many people are familiar
► Research concluded that majority of clients showed high degree of
satisfaction with use of Skype for delivering psychotherapy services in the
Ukraine.
Kiosk based Videoconferencing system
► Proves very useful for delivery of healthcare in the rural
areas
► Patient comes to kiosk and the VTC connection is
established
► Remote diagnostic equipment with kiosk is then
activated by doctor from his PC
► Doctor instructs the kiosk operator to take measurements
► Doctor provides his prescription that can be see on the
kiosk PC
Videophone
► Utilizes an analog phone line to transmit audio and video
using low bandwidth technology
► Video phone can be easily plugged into standard
electrical outlet and Telephone jack
► It is generally capable of providing full color motion
video on 3.3 inch color LCD screen through a fixed focus
camera
► Two modes: One-way and Two-way
► Audio is as that of standard Telephone call, video uses a
consistent level of frame rate of 15 fps.
Security and confidentiality of medical records
► Telehealth, Telemedicine and eHealth have vastly improved the
ability to electronically record, store, transfer and share medical
data.
► These new advances have great potential in improving healthcare
delivery, but they also pose serious security and confidentiality of
the data.
► Concerns mostly relate to the breach of privacy, both in the
physical setup of video communication and through data
transmission and storage.
► The challenge for the wide spread use of Telemedicine's lies in
identifying emerging concerns and develop policies, so that
privacy, security and confidentiality of the information is ensured.
► Ethical properties of EHR
►Privacy and confidentiality
►Security
►Data Integrity and availability
► List of patient record that must remain confidential
►Identity
►Physical condition
►Emotional condition
►Financial condition
Confidentiality
► Internet attacks by computer hackers makes this issue more
serious
► In Telemedicine doctors and patients interaction involves
computers, Telephones, fiber optics cable and other means of
data transmission.
► Confidentiality becomes a major concern and needs to be
addressed.
► It is been felt that medical institutes are not well equipped to
handle electronic confidentiality.
► There are not enough safety measures in place for
safeguarding privacy of medical data
► Medical data is subject to threat by following ways:
►Unintentional Disclosure – due to information
displayed on the computer screen without the presence
of any person working there.
►Routine Circulation of medical data – even though
customer had provided the consent the medical data is
frequently circulated without the knowledge of patient
►Providing information to third party – such as
insurance company or employer without the consent of
patient
►Other Factors – Lack of confidentiality legislation in
some countries, Its understanding and implementation.
Problems to secure huge amounts of data. Inadequate
awareness of patients.
Guiding principles
► Discard confidential information appropriately
► Forward requests for medical records to health
information management department
► Do not discuss confidential matters where others might
overhear
► Do not leave patient charts or files unattended
► Medical ethics rules provide for protecting and maintaining
confidentiality of patient records – Both Hippocratic Oath and the
Medical Association’s code
► Telemedicine guidelines must ensure – Person’s physical condition,
psychological condition, healthcare and treatment shall not be
revealed without patient’s consent
► HIPAA
► Health Insurance Portability and Accountability Act
► 1966 federal Health Insurance Policy and Accountability Act
in USA
► Objective is to make easier for people to maintain health
insurance, protect the confidentiality and security
► Healthcare provider must obtain consent to use or disclose
protected health information.
► Marketing purposes will require clear-cut patient
authorization
Purpose of HIPAA

► Improve the efficiency and effectiveness of health care system

►Encourage the development of an electronic health record
►Establish national standards for electronic transmission
►Establish national standard to protect health information
► Ensure patient confidentiality
►Protect patient privacy
►Build loyalty and trust
►Provide exceptional customer services
PHI
► Stands for protected health information
► Includes demographic information that identifies an individual
► Is created and received by health care provider, health plan employer or health care delivering
house
► HIPAA define 18 elements for PHI
►Name

►Full face photo

►Finger/voice print
►Telephone number
►Address/Zip code
►Email addr
►Medical record no.
►Social security no.
►Insurance no.
►Account no.
►Vehicle id
► PHI is found in medical records, patient information
system, billing information, test results
► Permitted uses and disclosure of PHI
►Treatment of patient
►Payment of health care bills
►Operations related to health care
►Research
Telemedicine systems can be protected by
► ACCESS CONTROLS
► FIREWALLS
► ENCRYPTION
► AUTHENTICATION
► DIGITAL CERTIFICATE
► DIGITAL TIMESTAMP
Cyber laws related to Telemedicine
Cyber Laws are needed for:
►practitioners to have trust in the security of information and
communication infrastructure, networks and systems
►confidentiality, integrity and availability of data on them
►Ability to prove the origin and receipt of data
They typically encompass:
►All the cases, statutes and constitutional provisions that
impact the persons and institutions
►They control the entry to cyberspace, provide access to
cyberspace, create the hardware and software which enable
people to access cyberspace
Need for cyber law
Definition
► Traditionally the authenticity is established through
signatures
► In absence of paper signatures, legal framework is
required to define the electronic instructions
►Electronic devices like identification numbers
►Call back procedures
►Encryption
► From a legal angle, whatever security procedures are
adopted, they must be recognized by the law.
► Cyber laws provide legal sanctity to activities carried out
in cyberspace
Cyber laws
New cyber law